|
Miten saan nämä kiusalliset spywaret pois ?
|
|
|
nipsu_
Newbie
|
14. heinäkuuta 2005 @ 17:20 |
Linkki tähän viestiin
|
|
Kun Killboxista ruksii sen reboot-kohdan, ilmestyy seuraava teksti ennen kuin kone edes buuttaa:
"Pending file rename operations registry data has been removed by external process!" ja se siitä sitten eli mitään ei sen enempiä tapahdu, buuttaus jää sikseen.
Vellipaa, on tyhjätty moneen otteeseen IE:n välimuisti. Ja tein nyt tuon toisenkin jutskan, jonka sanoit. Mutta joku tässä nyt varmaan vielä vaan mättää...
Edit: sattumoisin muuten vähän aikaa sitten tilasin vuosittaisen liveupdate-"päivitykseni" Nortoniin ja äsken aktivoituani sen, Norton ilmoitti, että koneellani on 'task scheduling servicen' kanssa ongelma, mikä voi aiheuttaa sen, että Nortonin LiveUpdate ei toimi kunnolla. Tämä varmaankin liittyy jotenkin tähän tässä threadissa pähkäiltyyn ongelmaan.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. heinäkuuta 2005 @ 17:39
|
|
Toymaatti
Senior Member
|
14. heinäkuuta 2005 @ 17:38 |
Linkki tähän viestiin
|
Tarkistetaan vielä mitä Jotti sanoo tästä
C:\WINDOWS\system32\mjtask.dll
Scannaa se tällä
http://virusscan.jotti.org/
Hae DllCompare
http://www.downloads.subratam.org/DllCompare.exe
Aukaise se ja klikkaa -Run Locate.com- kohtaa
Sitten klikkaa -Compare- ja odota että scannaus valmistuu.
Sitten klikkaa -Make Log of what was found-.
Sitten kopioi alla oleva teksti muistioon(notepadiin)
Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt
Tallenna se työpöydälle nimellä Appinit.bat
Tallennusmuodoksi valitse kaikki tiedostot.
Sitten klikkaa sitä Appinit.bat:ia työpöydällä
ja ulos tulee windows.txt logi.
Laita tänne ne molemmat lokit, sekä mitä Jotti kertoi mjtask.dll:stä
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
|
nipsu_
Newbie
|
14. heinäkuuta 2005 @ 18:15 |
Linkki tähän viestiin
|
|
Jotti:
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
DLLCompare:
"* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!"
Toi Appinit.bat-homma sitten. Siitä tuli kyllä sellaista lokia, ettei ottanut mitään selvää, koska muutamia sanoja, mutta pääosin laatikoita ja ’’’’ jne. Eli jotain tein väärin?
|
|
Toymaatti
Senior Member
|
14. heinäkuuta 2005 @ 19:48 |
Linkki tähän viestiin
|
Oikein se varmaan meni, sellaista siansaksaa se yleensä pukkaa mutta sieltä ei nähtävästi apuja kuitenkaan löydy. Etsintä jatkuu...
Hae Startdreck
http://www.niksoft.at/_data/startdreck.zip
Pura Startdreck OMAAN KANSIOON ja avaa se
Paina 'Config'
Paina 'Unmark All'
Laita merkki noihin ruutuihin
Registry = Run Keys
System/Drivers = Running processes
Paina Ok
Paina Save
Kansioon ilmestyi Startdreck.log, kopioi sisältö ja laita tänne.
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
Senior Member
|
15. heinäkuuta 2005 @ 16:40 |
Linkki tähän viestiin
|
|
Heh heh. Nyt meni yli meikäläiseltä :)
Odotan mielenkiinnolla tilaanteen edistymistä.
@ Nipsu
Älä luovuta (= Format C:)
Jos nuo örkit on sitkeitä, niin on Toymaattikin :)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 15. heinäkuuta 2005 @ 18:52
|
|
nipsu_
Newbie
|
18. heinäkuuta 2005 @ 13:42 |
Linkki tähän viestiin
|
|
Hahhah, joo, täytyy yrittää vielä vaan, oli tossa viikonloppu vaan välissä, niin ei oikein jaksanut keskittyä. ;) Mutta palailen kohta asiaan...
|
|
Dietka
Member
|
18. heinäkuuta 2005 @ 13:58 |
Linkki tähän viestiin
|
|
Miksköhän en pääse katsomaan tämän ketjun 2 sivua, tulee muutama virusilmoitus ja väittää että pääsy evätty tähän tiedostoon ? ja virus on bloodhound Exploit6 ???
|
|
nipsu_
Newbie
|
18. heinäkuuta 2005 @ 14:05 |
Linkki tähän viestiin
|
|
StartDreck (build 2.1.7 public stable) - 2005-07-18 @ 18:02:47 (GMT +03:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as x x at x
»Registry
»Run Keys
»Current User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\ctfmon.exe
*LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*DVDSentry=C:\WINDOWS\System32\DSentry.exe
*AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*URLLSTCK.exe=C:\Program Files\Norton Internet Security\UrlLstCk.exe
*zBrowser Launcher=C:\Program Files\Logitech\iTouch\iTouch.exe
*EM_EXEC=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
*CnxDslTaskBar="C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
*Mirabilis ICQ=C:\PROGRA~1\ICQ\ICQNet.exe
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
+OptionalComponents
+MSFS
+MAPI
+MAPI
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+392=\SystemRoot\System32\smss.exe
+484=<unkown>
+512=\??\C:\WINDOWS\system32\winlogon.exe
+676=C:\WINDOWS\system32\services.exe
+688=C:\WINDOWS\system32\lsass.exe
+852=C:\WINDOWS\system32\svchost.exe
+876=C:\WINDOWS\System32\svchost.exe
+988=<unkown>
+1048=<unkown>
+1128=C:\WINDOWS\system32\rundll32.exe
+1256=C:\WINDOWS\system32\spoolsv.exe
+1356=<unkown>
+1376=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1396=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1436=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+1500=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
+1544=C:\WINDOWS\System32\nvsvc32.exe
+1608=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+1644=C:\WINDOWS\System32\svchost.exe
+1656=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1704=<unkown>
+1796=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+416=C:\WINDOWS\Explorer.EXE
+588=C:\WINDOWS\System32\DSentry.exe
+596=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
+612=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+792=C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
+904=C:\Program Files\iTunes\iTunesHelper.exe
+936=C:\Program Files\QuickTime\qttask.exe
+952=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+968=C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
+920=C:\WINDOWS\System32\ctfmon.exe
+996=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
+1028=C:\Program Files\MSN Messenger\MsnMsgr.Exe
+1196=C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
+2268=C:\Program Files\iPod\bin\iPodService.exe
+2376=C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
+2624=C:\Program Files\Messenger\msmsgs.exe
+3556=C:\PROGRA~1\ICQ\ICQ.exe
+3756=C:\WINDOWS\System32\wuauclt.exe
+3564=C:\Program Files\startdreck217\StartDreck.exe
+3896=C:\Program Files\Internet Explorer\iexplore.exe
»Application specific
|
|
Toymaatti
Senior Member
|
18. heinäkuuta 2005 @ 14:31 |
Linkki tähän viestiin
|
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
|
nipsu_
Newbie
|
18. heinäkuuta 2005 @ 18:09 |
Linkki tähän viestiin
|
|
Hetkoinen pienoinen, kohta logia...
No, nyt löytyi jotain ryönää escanilla, tässä virus log filea (joka ei näytä kovin kauniilta... ihan kuin ikinä ei olisi käytetty Ad-Awarea tms.):
File C:\WINDOWS\NDNuninstall6_38.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\WINDOWS\woinstall.exe tagged as not-a-virus:AdWare.EZula.ak. No Action Taken.
File C:\WINDOWS\System32\dhusic.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\iaircl.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\opbc32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\oybccp32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Documents and Settings\x x\Local Settings\Temp\GL_6FE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\x x\Local Settings\Temp\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\x x\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXKZWZ8J\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\x x\Local Settings\Temp\__unin__.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File C:\Documents and Settings\x x\Omat tiedostot\easterchickswal.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Documents and Settings\x x\Omat tiedostot\scanms.exe tagged as not-a-virus:NetTool.Win32.MS-DCOM. No Action Taken.
File C:\Documents and Settings\x x\Suosikit\Mp3 - prķmé sta?enķ.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\DVD2SVCD\D2SRoBa360.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Program Files\FileSubmit\Easter Chicks\NNEZTX638.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Program Files\mirc61.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A00475 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06AE035B tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C747EE5 infected by "Trojan.WinREG.StartPage" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D2F68E8 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D3212E4 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EA6347B infected by "Backdoor.Win32.Agent.bg" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FC15517 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10EF0FF7 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10F239F4 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10F563F0 tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10FC37E9 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10FF61E5 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\112C1502 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12304074 tagged as not-a-virus:Porn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12D677EC tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\162F3B0B infected by "Trojan-Spy.Win32.Briss.g" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\171973F9 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DC17C73 infected by "Trojan-Downloader.Win32.Small.apf" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1EFF6C7C tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1F6C63E5 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2228715D infected by "Trojan-Downloader.Win32.Swizzor.cw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25BC1D65 infected by "Trojan-Downloader.Win32.Swizzor.i" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\277148DE.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A9044E7 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B27610D tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BAB7AF3 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CC900FD.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D817A2D.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2DBB141F.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\305471E2 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\310668B4.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34C018C8 infected by "Trojan-Downloader.Win32.Swizzor.i" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380C646E tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EB5924 tagged as not-a-virus:AdWare.ToolBar.Comet.b. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39EB5C3F tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3EF74DC0.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F2C366A tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40D82676 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40E32A21.class infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\414B0255.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\421A6167 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\464C0866 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47864B3F.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51697013.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\516D1A0F.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\559A3C05 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56990BFD tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57F91E73 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\623425A9 tagged as not-a-virus:AdWare.Suggestor.g. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63895A72 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64E4744E tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65E31CF3 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67182C31 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\671C562E infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\677745C1 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E3F26B1 infected by "Trojan-Downloader.Win32.Swizzor.cw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E5D1A3A tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E9717BD tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71822CC9 tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\744B2489 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77EB5B35.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\782A16BF.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78995CA4 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C6724D tagged as not-a-virus:AdWare.FunWeb.a. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A8C0A43 tagged as not-a-virus:AdWare.WinAD. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ED0553C tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000153.exe infected by "Backdoor.Win32.Agent.bg" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000154.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000155.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000156.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000157.dll tagged as not-a-virus:AdWare.Suggestor.g. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000158.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000159.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000160.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000161.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000162.exe tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000163.exe tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000164.exe tagged as not-a-virus:Porn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000165.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000166.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000167.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000168.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000169.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000170.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000171.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000172.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000173.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000174.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000175.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000176.exe tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000177.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000190.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP5\A0000492.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP5\A0000508.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Vanhat\D-asema\mirc61.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Vanhat\D-asema\startmagr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\PopularScreenSaversInitialSetup1.0.0.8.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\WINDOWS\SYSTEM32\dhusic.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\iaircl.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\opbc32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\oybccp32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\woinstall.exe tagged as not-a-virus:AdWare.EZula.ak. No Action Taken.
Ja erroreita n kappaletta, tässä nyt murto-osa (humanisti ei osannut poimia vain error-rivejä logista):
Mon Jul 18 18:59:18 2005 => ERROR!!! Invalid Entry System32\DRIVERS\intelppm.sys in SYSTEM\CurrentControlSet\Services\intelppm...
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WIADEBUG.LOG
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WIASERVC.LOG
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
Mon Jul 18 18:59:47 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\CnxDslWz.log
Mon Jul 18 19:00:24 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\mjtask.dll
Mon Jul 18 19:01:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr0.dat
Mon Jul 18 19:01:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr1.dat
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Confid.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Content.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Privacy.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Restrict.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\settings.dat
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\WebHist.log
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\Cookies\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\SIVUHI~1\History.IE5\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\Content.IE5\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER~1.LOG
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. heinäkuuta 2005 @ 18:15
|
|
Toymaatti
Senior Member
|
18. heinäkuuta 2005 @ 19:25 |
Linkki tähän viestiin
|
No joo, olihan siellä "jotain". Poista Lisää/Poista sovelluksesta jos löytyy
NewDotNet
EZula
Look2Me
Hae tuosta Työkalu ja aja se
http://www.new.net/support/uninstall6_76.exe
Sitten poista VIKASIETOTILASSA nuo tiedostot
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\woinstall.exe
C:\WINDOWS\System32\dhusic.dll
C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\iaircl.dll
C:\WINDOWS\System32\opbc32.dll
C:\WINDOWS\System32\oybccp32.dll
C:\Documents and Settings\x x\Omat tiedostot\easterchickswal.exe
C:\Documents and Settings\x x\Omat tiedostot\scanms.exe
C:\Program Files\FileSubmit\Easter Chicks\NNEZTX638.exe<==Tuosta kannattaisi varmaan poistaa koko kansio
C:\WINDOWS\Downloaded Program Files\PopularScreenSaversInitialSetup1.0.0.8.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\SYSTEM32\dhusic.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\iaircl.dll
C:\WINDOWS\SYSTEM32\opbc32.dll
C:\WINDOWS\SYSTEM32\oybccp32.dll
C:\WINDOWS\woinstall.exe
Tyhjennä tempit
Nuo alemmat kaikissa käyttäjätileissä
C:\Temp
C:\Windows\Prefetch
C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temp
Käynnistä normaalisti.
Scannaa noilla online scannereilla ja anna poistaa löydöt
http://www.pandasoftware.com/products/activescan/com/activescan_p...
http://www.bitdefender.com/scan8/ie.html
Tyhjennä järjestelmänpalautus
http://support.f-secure.fi/fin/home/virusproblem/howtoclean/clean...
Scannaa uudestaan eScanilla ja laita sen loki sekä uusi HjT loki.
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
|
nipsu_
Newbie
|
18. heinäkuuta 2005 @ 20:57 |
Linkki tähän viestiin
|
|
Microsoft Visual C++ Runtime Library antaa välillä tällaisen virheilmon, kone on tänään keksinyt alkaa välillä
herjata myöskin tämmöistä kivaa, esim. nyt mennessäni Pandan sivuille heitti tämän ilmon ja lykkäsi minut jollekin väärälle sivulle.
"Buffer overrun detected!
Program: C:\WINDOWS\system32\rundll32.exe
A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated."
Samaten jostain syystä IE vissiin eilisestä asti keksi avata jatkuvasti msn searchia, jos esim. koitin käyttää googlea. Hmm, oudot sattumat siis alkavat lisääntyä. Alkaa vaikutta jo vähän epätoivoiselta, mutta täytyy vielä jatkaa noita harjotuksia vähän.
|
|
nipsu_
Newbie
|
18. heinäkuuta 2005 @ 22:05 |
Linkki tähän viestiin
|
|
Noita NewDotteja sun muita ei löydy. Tuon guard.tmp:n mielestäni jo poistin, mutta tuolla se näkyy taas...
Jotain parannustakin on kyllä tapahtunut, koska mulla ei edes toimineet aiemmin kunnolla tuo Panda ja Bitdefender, nyt toimii :)
ActiveScanin tulos siis:
Incident Status Location Adware:adware/look2me No disinfected
C:\WINDOWS\SYSTEM32\guard.tmp
Spyware:spyware/linkreplacer No disinfected C:\WINDOWS\SYSTEM32\lmdv.bin
Adware:adware/comet No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
Adware:adware/savenow No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/gator No disinfected C:\WINDOWS\GatorHDPlugin.log
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/keenvalue No disinfected C:\PROGRAM FILES\PerfectNav
Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR
Adware:adware/funweb No disinfected HKEY_CLASSES_ROOT\FUNWEBPRODUCTSINSTALLER.START
Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/navhelper No disinfected HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}
Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:Spyware/New.net No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc42.exe
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc45.exe Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc46.dll
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc47.tmp
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc48.dll
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-53177138-2544145745-2170829215-500\Dc49.dll
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\PopularScreenSaversInitialSetup1.0.0.8.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\guard.tmp
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\madimap.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\opbc32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\syesrv.dll
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\SYSTEM32\uninst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\vhhelper.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wlcsvc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\WQWFAX.DLL
Muita logeja myöhemmin.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. heinäkuuta 2005 @ 22:11
|
|
Toymaatti
Senior Member
|
19. heinäkuuta 2005 @ 08:50 |
Linkki tähän viestiin
|
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
|
nipsu_
Newbie
|
19. heinäkuuta 2005 @ 14:32 |
Linkki tähän viestiin
|
Ajoin juu. BitDefender sanoi, että 'You're still infected', mutta en tiedä, oisko tässä silti vähän parannusta tapahtunut - kuten sanottu, aiemmin mulla ei kumpikaan noista edes toiminut (tai jäivät ikuisuuksiksi pyörimään jne.), ActiveScan ja BitDefender, nyt toimi molemmat.
Vaan pistänpä vielä escanin login ja HjT:n kohta.
HjT:
Logfile of HijackThis v1.99.1
Scan saved at 0:29:58, on 20.7.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uta.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jyu.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicr...
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Escan valittaa vieläkin aika reippaasti, tuo Look2Me näyttäisi olevan ainakin ongelma (ja käytin jo tuota uninstalleria).
EDIT taas: Ewido taisi auttaa aika paljon asioihin. Nyt väittää, ettei ole enää infected eikä ole yhteyskään pätkinyt, mutta täytyy vähän seurailla vielä.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. heinäkuuta 2005 @ 17:35
|
|
nipsu_
Newbie
|
22. heinäkuuta 2005 @ 20:35 |
Linkki tähän viestiin
|
|
Jees, kyllä vaan, kone pelaa nyt eikä mitään yhteysongelmia. :)
Kiitos paljon avusta ja vaivannäöstä kaikille! Lähipiirissä olevat nörtit olisivat olleet lähinnä asenteella 'en mä jaksa alkaa miettiä tollasia nyt'. ;) Tai ainakin olisivat luovuttaneet jo ajat sitten.
|
|
Toymaatti
Senior Member
|
23. heinäkuuta 2005 @ 07:53 |
Linkki tähän viestiin
|
HYVÄ!! Mutta sinne jäi vielä ne 015 rivit. Hae DelDomains HUOM! Poikkeava lataustapa.
http://www.mvps.org/winhelp2002/DelDomains.inf
Klikkaa linkkiä hiiren oikealla, valitse "tallenna kohde levylle..", ja ohjaa se työpöydälle.
Sulje selain.
Klikkaa hiiren oikealla DelDomains.inf kuvaketta ja valitse ASENNA.
Sitten fixaa HjT:llä nuo jos vielä näkyy
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
Nyt pitäisi olla kunnossa :D
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
|
Mainos
|
|
|
|
nipsu_
Newbie
|
24. heinäkuuta 2005 @ 12:58 |
Linkki tähän viestiin
|
|
Jees, tänks. Nyt ei näy enää noitakaan :) (tai 09:t näky, mutta fixasin niistä sitten ne pari)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. heinäkuuta 2005 @ 12:59
|
