|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Miten pääsen eroon CiD mainoksista? (kiire)
|
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 07:14 |
Linkki tähän viestiin
|
|
Niin miten pääsen eroon niistä?
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 07:41 |
Linkki tähän viestiin
|
-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
2. Valitse Uudelleennineä/ Rename.
3. Kirjoita scanner.exe
-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tähän ketjuun
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 07:50 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 10:49:27, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Ref Book Noun Logo] C:\Documents and Settings\All Users\Application Data\2jugsrefbook\BoltIntra.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 08:00 |
Linkki tähän viestiin
|
Moi taas, en voi luvata mitään nopeaa korjausohjetta, kone on melko pahasti saastunut, koneella on keylogger joka tallentaa näppäimistön painallukset
=====
Onko tietokoneella palomuuria? vai vaan f-securen antivirus?
======
Avaa ohjauspaneelin lisää/poista sovellus ja poista
Wildtanget
=====
Hijackthissillä muut ohjelmat suljettuna!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [Ref Book Noun Logo] C:\Documents and Settings\All Users\Application Data\2jugsrefbook\BoltIntra.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab
Merkkaa nuo rivit ja paina FIX CHECKED
=========
Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
==========
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
Poista nämä kansiot/tiedostot
C:\Program Files\WildTangent\
C:\PROGRA~1\AQUATI~1\
C:\WINDOWS\system32\bpk.exe
C:\Documents and Settings\All Users\Application Data\2jugsrefbook\
C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\
=========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Myös uusi HIJACKTHISlogi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2007 @ 08:01
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 08:35 |
Linkki tähän viestiin
|
|
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 08:39 |
Linkki tähän viestiin
|
|
En saa eneen ensimmäistä scannaustani takaisin HijackThissiin.
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 08:47 |
Linkki tähän viestiin
|
Tässä ohje miten merkataan, poista kaikki wtangetit, noi virheilmotukset poistuu kun tehdään nämä korjaukset:
en ymmärrä mitä ajoit takaa (laita sitten logit noista kun olet tehnyt ne)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2007 @ 08:48
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 08:57 |
Linkki tähän viestiin
|
|
Siis jouduin sulkemaan tuon HijackThis:in koska kirjauduin ulos että pystyin ottamaan kuvan noista virheilmoituksista niin nyt jotta saan takaisin tuon skannauksen tulokset minun pitää tehdä uusi skannaus että voin raksittaa niitä tuloksia.
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 09:12 |
Linkki tähän viestiin
|
|
juu, tee skannauksia vaan uudestaan ja uudestaan ei sill nii väliä, lopussa laitat kuitenkin "uuden" fresh login.
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 09:46 |
Linkki tähän viestiin
|
Joitakin tiedostoja saattoi jäädä poistamatta ja joitakin ei löytynyt, kerro jos jokin on jäänyt poistamatta.
ComboFix log:
"Juhani" - 2007-06-24 12:31:45 - ComboFix 07-06-23.5 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bpkwb.dll
C:\WINDOWS\system32\msxml3a.dll
((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))
2007-06-24 12:32 <KANSIO> d-------- C:\DOCUME~1\Juhani\APPLIC~1\Drive Comp Deaf
2007-06-24 12:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 11:45 <KANSIO> d-------- C:\!KillBox
2007-06-24 10:48 <KANSIO> d-------- C:\hjt
2007-06-24 10:26 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 10:25 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 18:51 <KANSIO> d-------- C:\NoLopBackups
2007-06-23 12:49 <KANSIO> d-------- C:\Program Files\Drive Comp Deaf
2007-06-17 15:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 15:46 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-13 15:46 <KANSIO> d-------- C:\Program Files\On2 Technologies
2007-06-13 15:45 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield Installation Information
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\Pan Vision
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield
2007-06-09 11:40 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-06-09 11:40 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-06-08 10:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-08 10:32 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 21:26 <KANSIO> d-------- C:\Program Files\Tilester
2007-06-02 10:15 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-06-02 10:15 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-06-02 10:15 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-06-02 10:15 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-05-27 17:25 <KANSIO> d-------- C:\DOCUME~1\Juhani\APPLIC~1\Mp3tag
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-24 10:23:56 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-06-24 10:01:00 1,344 ----a-w C:\WINDOWS\system32\bpk.bin
2007-06-24 09:57:23 -------- d-----w C:\Program Files\EurowordPro
2007-06-23 15:44:41 76,484 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-23 15:44:41 377,146 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-23 10:37:38 -------- d-----w C:\Program Files\LimeWire
2007-06-19 09:11:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 07:53:36 128,656 ----a-w C:\DOCUME~1\Juhani\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-15 09:55:50 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Canon
2007-05-23 11:02:52 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-05-18 17:46:26 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\dvdcss
2007-05-18 17:13:22 -------- d-----w C:\Program Files\Programming Editor
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 13:57:01 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\WinRAR
2007-05-10 16:00:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 14:03:31 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Nokia
2007-05-10 14:01:49 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\PC Suite
2007-05-09 16:23:05 -------- d-----w C:\Program Files\DIFX
2007-05-09 16:22:49 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-09 16:22:44 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-09 16:22:42 -------- d-----w C:\Program Files\Nokia
2007-05-09 16:22:24 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-09 16:19:13 21,486,896 ----a-w C:\Nokia_PC_Suite_683_rel_14_1_fin_web.exe
2007-05-03 17:15:32 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-04-29 14:50:31 -------- d-----w C:\Program Files\Replay Converter
2007-04-29 14:45:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-29 14:05:00 -------- d-----w C:\Program Files\NCH Swift Sound
2007-04-29 13:59:13 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-29 13:58:13 -------- d-----w C:\Program Files\Microsoft Works
2007-04-29 13:58:11 -------- d-----w C:\Program Files\Messenger
2007-04-29 13:58:10 -------- d-----w C:\Program Files\GameSpy Arcade
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-03-29 13:18:52 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 12:32]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-27 16:30]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 23:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"MW1HelperStartUp"="C:\PROGRA~1\MAGICW~1\MW1HEL~1.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-01 18:57]
"Start WingMan Profiler"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 16:30]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"first camp"="C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-06-20 18:14:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-24 10:16:03 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 12:42:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-06-24 12:43:09
C:\ComboFix-quarantined-files.txt ... 2007-06-24 12:43
--- E O F ---
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:31, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 09:55 |
Linkki tähän viestiin
|
eli windowsin palomuuri yks turhan kanssa, lataa esim. ZoneAlarm helppo ilmanen
======
Avaa HijackThis, merkkaa ja paina fix checked näille riveille
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
Poista nämä kansiot
C:\PROGRAM FILES\MAGICW~1\
C:\DOCUMENTS AND SETTING\Juhani\APPLICATION DATA\Drive Comp Deaf
"~1" merkki tarkottaa että se jatkuu sanoa esim. "MAGICW~1" on luultavammin magicwall.
=======
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
Myös uusi hijackthislogi!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2007 @ 09:56
|
|
Anon999
Member
|
24. kesäkuuta 2007 @ 18:14 |
Linkki tähän viestiin
|
F-securen tarkistus:
Scanning Report
Sunday, June 24, 2007 13:30:10 - 19:47:20
Computer name: TAKALO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 13 malware found
Adware.GAIN.Dashbar (spyware)
System (Disinfected)
CometSystems (spyware)
System (Disinfected)
GAIN (spyware)
System (Disinfected)
SpySpotter (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
Trojan.Win32.Inject.au (virus)
C:\!KillBox\2jugsrefbook\BoltIntra.exe (Renamed & Submitted)
Trojan.Win32.Obfuscated.en (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.exe (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 491345
System: 5708
Not scanned: 87
Actions:
Disinfected: 5
Renamed: 2
Deleted: 0
None: 6
Submitted: 2
Files not scanned:
H�������ALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCA�
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-06-23
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Libra: 2.4.2, 2007-06-21
F-Secure Orion: 1.2.37, 2007-06-22
F-Secure Pegasus: 1.19.0, 2007-05-20
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:13:29, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Juhani\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Juhani\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
p.s. lähden noin viikoksi lomalle jotan en sitten vastaa viestiketjuun.
|
|
Auttaja
Suspended permanently
|
24. kesäkuuta 2007 @ 19:51 |
Linkki tähän viestiin
|
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
http://www.spywareedge.net/nolop/NoLop.exe1
http://www.spywaretimes.com/Tools/Downlo...wareToolsLinkki
http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16
* Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
* Tuplaklikkaa NoLop.exe ajaaksesi sen
* Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
* Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
* Klikkaa "REBOOT"-painiketta.
* NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --
===========
Hijackthissillä muut ohjelmat suljettuna!
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
Merkkaa nuo rivit ja paina FIX CHECKED
=========
Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
==========
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
Poista TÄMÄ KANSIO!!
C:\DOCUMENTS AND SETTING\Juhani\APPLICATION DATA\Drive Comp Deaf
=========
Lataa RootkitRevealer.zip
[*] Luo uusi kansio nimeltä RKR C asemallesi, C:\
[*] Pura koko RootkitRevealer.zip tiedoston sisältö C:\RKR kansioon.
[*] Avaa C:\RKR kansion ja tuplaklikkaa RootkitRevealer.exe tiedostoa
[*] Klikkaa Scan painiketta ja odota skannauksen päättymistä
[*] HUOM! Älä käytä konettasi skannauksen aikana.
[*] Kun skannaus on päättynyt, klikkaa File (ikkunan yläreunasta)
[*] Sitten klikkaa Save painiketta
[*] Tallenna sitten RootkitRevealer loki työpöydällesi
Lähetä RootkitRevealer:n loki viestiketjuusi.
======
'
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
Myös uusi HIJACKTHISlogi kaikkien edellisten lisäks :)
|
|
Anon999
Member
|
2. heinäkuuta 2007 @ 14:18 |
Linkki tähän viestiin
|
En voinut tallentaa RootkitRevealerin logia koska kun yritin tallentaa sitä niin tuli ilmoitus että ohjelma on havainnut virheen ja se suljetaan tai jotain sellaista. Ja en ole pääsyt eroon tästä ilmoituksesta vielä:
Jätin vielä F-securen tarkistuksen tekemättä koska se oli ohjeessasi viimeisenä, RootkitRevealerin jälkeen.
Nolop logi:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat
[2.7.2007]
[16:09:23]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pixelstorm
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intervideo
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hallinta\Application Data\Apple Computer
C:\Documents and Settings\Hallinta\Application Data\Identities
C:\Documents and Settings\Hallinta\Application Data\Intervideo
C:\Documents and Settings\Hallinta\Application Data\Macromedia
C:\Documents and Settings\Hallinta\Application Data\Microsoft
C:\Documents and Settings\Hallinta\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hallinta\Application Data\Sun
C:\Documents and Settings\Hallinta\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Adobe
C:\Documents and Settings\Juhani\Application Data\Adobeum
C:\Documents and Settings\Juhani\Application Data\Apple Computer
C:\Documents and Settings\Juhani\Application Data\Canon
C:\Documents and Settings\Juhani\Application Data\Corel
C:\Documents and Settings\Juhani\Application Data\Creative
C:\Documents and Settings\Juhani\Application Data\Dvdcss
C:\Documents and Settings\Juhani\Application Data\Google
C:\Documents and Settings\Juhani\Application Data\Help
C:\Documents and Settings\Juhani\Application Data\Identities
C:\Documents and Settings\Juhani\Application Data\Intertrust
C:\Documents and Settings\Juhani\Application Data\Intervideo
C:\Documents and Settings\Juhani\Application Data\Leadertech
C:\Documents and Settings\Juhani\Application Data\Macromedia
C:\Documents and Settings\Juhani\Application Data\Microsoft
C:\Documents and Settings\Juhani\Application Data\Motive
C:\Documents and Settings\Juhani\Application Data\Mozilla
C:\Documents and Settings\Juhani\Application Data\Mp3tag
C:\Documents and Settings\Juhani\Application Data\Msn6
C:\Documents and Settings\Juhani\Application Data\Nokia
C:\Documents and Settings\Juhani\Application Data\Pc Suite
C:\Documents and Settings\Juhani\Application Data\Pdfcreator
C:\Documents and Settings\Juhani\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Juhani\Application Data\Scansoft
C:\Documents and Settings\Juhani\Application Data\Sonic
C:\Documents and Settings\Juhani\Application Data\Sun
C:\Documents and Settings\Juhani\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Ubi.com
C:\Documents and Settings\Juhani\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Adobe
C:\Documents and Settings\Lapset\Application Data\Apple Computer
C:\Documents and Settings\Lapset\Application Data\Corel
C:\Documents and Settings\Lapset\Application Data\Creative
C:\Documents and Settings\Lapset\Application Data\Google
C:\Documents and Settings\Lapset\Application Data\Hbtools
C:\Documents and Settings\Lapset\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Identities
C:\Documents and Settings\Lapset\Application Data\Installshield
C:\Documents and Settings\Lapset\Application Data\Installshield Installation Information
C:\Documents and Settings\Lapset\Application Data\Intervideo
C:\Documents and Settings\Lapset\Application Data\Macromedia
C:\Documents and Settings\Lapset\Application Data\Microsoft
C:\Documents and Settings\Lapset\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Pan Vision
C:\Documents and Settings\Lapset\Application Data\Pc Suite
C:\Documents and Settings\Lapset\Application Data\Pdfcreator
C:\Documents and Settings\Lapset\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Shopperreports
C:\Documents and Settings\Lapset\Application Data\Sonic
C:\Documents and Settings\Lapset\Application Data\Sun
C:\Documents and Settings\Lapset\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Adobe
C:\Documents and Settings\Localservice\Application Data\Adobeum
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Pdfcreator
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Pdfcreator
C:\Documents and Settings\Vieras\Application Data\Apple Computer
C:\Documents and Settings\Vieras\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Identities
C:\Documents and Settings\Vieras\Application Data\Intervideo
C:\Documents and Settings\Vieras\Application Data\Macromedia
C:\Documents and Settings\Vieras\Application Data\Microsoft
C:\Documents and Settings\Vieras\Application Data\Pc Suite
C:\Documents and Settings\Vieras\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Sun
C:\Documents and Settings\Vieras\Application Data\Symantec
HijackThis logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:18, on 2.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Anon999
Member
|
2. heinäkuuta 2007 @ 14:18 |
Linkki tähän viestiin
|
En voinut tallentaa RootkitRevealerin logia koska kun yritin tallentaa sitä niin tuli ilmoitus että ohjelma on havainnut virheen ja se suljetaan tai jotain sellaista. Ja en ole pääsyt eroon tästä ilmoituksesta vielä:
Jätin vielä F-securen tarkistuksen tekemättä koska se oli ohjeessasi viimeisenä, RootkitRevealerin jälkeen.
Nolop logi:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat
[2.7.2007]
[16:09:23]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pixelstorm
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intervideo
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hallinta\Application Data\Apple Computer
C:\Documents and Settings\Hallinta\Application Data\Identities
C:\Documents and Settings\Hallinta\Application Data\Intervideo
C:\Documents and Settings\Hallinta\Application Data\Macromedia
C:\Documents and Settings\Hallinta\Application Data\Microsoft
C:\Documents and Settings\Hallinta\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hallinta\Application Data\Sun
C:\Documents and Settings\Hallinta\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Adobe
C:\Documents and Settings\Juhani\Application Data\Adobeum
C:\Documents and Settings\Juhani\Application Data\Apple Computer
C:\Documents and Settings\Juhani\Application Data\Canon
C:\Documents and Settings\Juhani\Application Data\Corel
C:\Documents and Settings\Juhani\Application Data\Creative
C:\Documents and Settings\Juhani\Application Data\Dvdcss
C:\Documents and Settings\Juhani\Application Data\Google
C:\Documents and Settings\Juhani\Application Data\Help
C:\Documents and Settings\Juhani\Application Data\Identities
C:\Documents and Settings\Juhani\Application Data\Intertrust
C:\Documents and Settings\Juhani\Application Data\Intervideo
C:\Documents and Settings\Juhani\Application Data\Leadertech
C:\Documents and Settings\Juhani\Application Data\Macromedia
C:\Documents and Settings\Juhani\Application Data\Microsoft
C:\Documents and Settings\Juhani\Application Data\Motive
C:\Documents and Settings\Juhani\Application Data\Mozilla
C:\Documents and Settings\Juhani\Application Data\Mp3tag
C:\Documents and Settings\Juhani\Application Data\Msn6
C:\Documents and Settings\Juhani\Application Data\Nokia
C:\Documents and Settings\Juhani\Application Data\Pc Suite
C:\Documents and Settings\Juhani\Application Data\Pdfcreator
C:\Documents and Settings\Juhani\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Juhani\Application Data\Scansoft
C:\Documents and Settings\Juhani\Application Data\Sonic
C:\Documents and Settings\Juhani\Application Data\Sun
C:\Documents and Settings\Juhani\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Ubi.com
C:\Documents and Settings\Juhani\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Adobe
C:\Documents and Settings\Lapset\Application Data\Apple Computer
C:\Documents and Settings\Lapset\Application Data\Corel
C:\Documents and Settings\Lapset\Application Data\Creative
C:\Documents and Settings\Lapset\Application Data\Google
C:\Documents and Settings\Lapset\Application Data\Hbtools
C:\Documents and Settings\Lapset\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Identities
C:\Documents and Settings\Lapset\Application Data\Installshield
C:\Documents and Settings\Lapset\Application Data\Installshield Installation Information
C:\Documents and Settings\Lapset\Application Data\Intervideo
C:\Documents and Settings\Lapset\Application Data\Macromedia
C:\Documents and Settings\Lapset\Application Data\Microsoft
C:\Documents and Settings\Lapset\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Pan Vision
C:\Documents and Settings\Lapset\Application Data\Pc Suite
C:\Documents and Settings\Lapset\Application Data\Pdfcreator
C:\Documents and Settings\Lapset\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Shopperreports
C:\Documents and Settings\Lapset\Application Data\Sonic
C:\Documents and Settings\Lapset\Application Data\Sun
C:\Documents and Settings\Lapset\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Adobe
C:\Documents and Settings\Localservice\Application Data\Adobeum
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Pdfcreator
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Pdfcreator
C:\Documents and Settings\Vieras\Application Data\Apple Computer
C:\Documents and Settings\Vieras\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Identities
C:\Documents and Settings\Vieras\Application Data\Intervideo
C:\Documents and Settings\Vieras\Application Data\Macromedia
C:\Documents and Settings\Vieras\Application Data\Microsoft
C:\Documents and Settings\Vieras\Application Data\Pc Suite
C:\Documents and Settings\Vieras\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Sun
C:\Documents and Settings\Vieras\Application Data\Symantec
HijackThis logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:18, on 2.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Anon999
Member
|
2. heinäkuuta 2007 @ 14:22 |
Linkki tähän viestiin
|
|
|
|
Auttaja
Suspended permanently
|
2. heinäkuuta 2007 @ 15:29 |
Linkki tähän viestiin
|
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory
Ok noi kansiot voi poistaa
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
=========
Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
Unknown
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
Tässä ohje miten merkataan:
========
Nyt voit ajaa sen F-securen, laita sitten myös uusi hijackthislogi
|
|
Anon999
Member
|
3. heinäkuuta 2007 @ 13:03 |
Linkki tähän viestiin
|
Tämä ilmoitus tulee vieläkin kirjautuessa:
http://img182.imageshack.us/img182/9032/virheilmoitus2kx7.png
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:00:41, on 3.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F-secure log:
Scanning Report
Tuesday, July 03, 2007 09:09:47 - 15:44:53
Computer name: TAKALO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 9 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
Trojan.Win32.Inject.au (virus)
C:\!KillBox\2jugsrefbook\BoltIntra.0xe (Submitted)
Trojan.Win32.Obfuscated.en (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.0xe (Submitted)
W32/KeyLogger.MJ (virus)
C:\WINDOWS\system32\bpkr.exe (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 490302
System: 5559
Not scanned: 91
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 8
Submitted: 3
Files not scanned:
xp? ???�IBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LS?�?�?���
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWARED?���I�U�x�?�???�TCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCU?�?�?���
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LAPTS AND ?�?�I�G�x�?�???�APPLICATION DATA\SONIC\RECORDNOW!\RN!57A.TMP (1_0).GI
C:\DOCUMENTS AND SETTINGS\JUHANI\APPLICATION DATA\SONIC\RECORDNOW!\RN!59D.TMP (1_0).GI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\USER.DMP
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDFPF.SYS
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDFRD.SYS
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDF_UPDATE.INF
C:\15E7F8E42B6EDB7A806EB52E09CA\UPDATE\EULA.TXT
C:\15E7F8E42B6EDB7A806EB52E09CA\UPDATE\UPDATE.INF
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-06-30
F-Secure AVP: 7.0.171, 2007-07-03
F-Secure Orion: 1.2.37, 2007-07-03
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Pegasus: 1.19.0, 2007-05-29
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
|
|
Auttaja
Suspended permanently
|
3. heinäkuuta 2007 @ 14:06 |
Linkki tähän viestiin
|
http://keskustelu.afterdawn.com/thread_view.cfm/417362
http://h10025.www1.hp.com/ewfrf/wc/docum...cname=c00575481
tuossa tohon virhe ilmotukseen
=========
Vakavampi asia, koneellasi on keylogger joka tallentaa kirjoittamasi
Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:
Lainaus:
File::
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.0xe
C:\WINDOWS\system32\bpkr.exe
Tallenna se nimellä ComboFix-Do.txt
Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
|
|
Anon999
Member
|
3. heinäkuuta 2007 @ 14:41 |
Linkki tähän viestiin
|
"Juhani" - 2007-07-03 18:30:30 - ComboFix 07-06-23.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Juhani\Ty?p?yt?\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.0xe
C:\WINDOWS\system32\bpkr.exe
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 18:12 <KANSIO> d-------- C:\WINDOWS\pss
2007-07-03 17:57 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-07-02 13:38 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot
2007-07-01 15:08 <KANSIO> d-------- C:\RKR
2007-07-01 14:59 424 --a------ C:\delete.bat
2007-06-24 12:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 11:45 <KANSIO> d-------- C:\!KillBox
2007-06-24 10:48 <KANSIO> d-------- C:\hjt
2007-06-24 10:26 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 10:25 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 18:51 <KANSIO> d-------- C:\NoLopBackups
2007-06-23 12:49 <KANSIO> d-------- C:\Program Files\Drive Comp Deaf
2007-06-17 15:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 15:46 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-13 15:46 <KANSIO> d-------- C:\Program Files\On2 Technologies
2007-06-13 15:45 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield Installation Information
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\Pan Vision
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield
2007-06-09 11:40 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-06-09 11:40 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-06-08 10:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-08 10:32 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-03 16:20:43 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-03 16:20:11 -------- d-----w C:\Program Files\EurowordPro
2007-06-30 11:36:25 76,484 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-30 11:36:25 377,146 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-24 10:01:00 1,344 ----a-w C:\WINDOWS\system32\bpk.bin
2007-06-23 10:37:38 -------- d-----w C:\Program Files\LimeWire
2007-06-19 09:11:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 07:53:36 128,656 ----a-w C:\DOCUME~1\Juhani\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-15 09:55:50 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Canon
2007-06-02 19:26:21 -------- d-----w C:\Program Files\Tilester
2007-05-27 15:34:46 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Mp3tag
2007-05-23 11:02:52 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-05-18 17:46:26 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\dvdcss
2007-05-18 17:13:22 -------- d-----w C:\Program Files\Programming Editor
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 13:57:01 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\WinRAR
2007-05-10 16:00:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 14:03:31 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Nokia
2007-05-10 14:01:49 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\PC Suite
2007-05-09 16:23:05 -------- d-----w C:\Program Files\DIFX
2007-05-09 16:22:49 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-09 16:22:44 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-09 16:22:42 -------- d-----w C:\Program Files\Nokia
2007-05-09 16:22:24 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-09 16:19:13 21,486,896 ----a-w C:\Nokia_PC_Suite_683_rel_14_1_fin_web.exe
2007-05-03 17:15:32 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-04-29 14:45:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-03-29 13:18:52 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 12:32]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-27 16:30]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 23:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 16:30]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-06-20 18:14:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-03 16:16:27 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 18:38:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-07-03 18:38:46
C:\ComboFix-quarantined-files.txt ... 2007-07-03 18:38
C:\ComboFix2.txt ... 2007-06-24 12:43
--- E O F ---
|
|
Auttaja
Suspended permanently
|
3. heinäkuuta 2007 @ 14:42 |
Linkki tähän viestiin
|
Luo poistolista:
* Avaa HijackThis
* Klikkaa "Configure" valintaa oikealla alhaalla
* Klikkaa "Misc Tools"
* Klikkaa boxia joka sanoo "Uninstall Manager"
* Klikkaa valintaa "Save list"
* Kopioi ja liitä kyseinen lista muistiosta postiisi
|
|
Anon999
Member
|
3. heinäkuuta 2007 @ 14:45 |
Linkki tähän viestiin
|
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.9 - Suomi
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Any Video Converter 1.3.3
Apple Software Update
ArcSoft PhotoStudio 5.5
ArtMoney SE v7.26
ATI Control Panel
ATI Display Driver
ATI-ohjelmiston poisto-ohjelma
Audacity 1.2.6
AudibleManager
Automaattiset valikot (Windows Live Toolbar)
Barbie(TM) ja Pegasoksen taika
Barbie(TM) Joutsenlampi
Blackhawk Striker
Blasterball 2
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Cartes du Ciel
CD-ROM Lauri Luuranko
Cheat Engine 5.3
Colin McRae Rally 2005
CoolBasic 10.4
Corel Applications
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Demonstar Special Edition
Drone
Easy Burning (remove only)
Easy-WebPrint
eGames Space Arcade Collection
Euroword Pro
Euroword Pro (C:\Program Files\EurowordPro\)
FL Studio 6
F-Secure Anti-Virus
F-Secure BackWeb
F-Secure Management Agent
GameSpy Arcade
GdiplusUpgrade
GoldWave v5.20
Google Earth
Google Toolbar for Internet Explorer
Harjoituskirja englanti 3 - Verkkoasennus
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hot Potatoes v 5.5 (5.5.0.13)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix-päivitys Windows XP:lle (KB914440)
HP Deskjet Preloaded Printer Drivers
HP Digital Photo Advisor
HP Image Zone 4.5
HP Image Zone Plus 4.2
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart -kamerat 4.5
HP Software Update
HPIZ402
HyperCam 2
IL-2 Sturmovik: Forgotten Battles
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
KnightsAndMerchants
Lightning & Thunder
LimeWire PRO 4.12.3
Lock On: Modern Air Combat
Logitech Gaming Software
Magic DVD Ripper V5.0.1
Max Payne
MAX-FX Tools
Men In Black II CROSSFIRE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB917283)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 levy 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Windows Journal Viewer
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 7.0
Moon Buggy
Moonshot
Mp3tag v2.38
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nebula Fighter Special Edition
Nero - Burning Rom
neroxml
Node Jumper Special Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nuclear Coffee - VideoGet 2.0.2.26
OmniPage SE 2.0
OneCare Advisor (Windows Live Toolbar)
Oppikirja englanti - Verkkoasennus
Outlook-työkalurivi (Windows Live Toolbar)
Oxide Special Edition
PC Connectivity Solution
PDFCreator 0.7.1}
Pivot Stickfigure Animator
Ponnahdusikkunoiden esto (Windows Live Toolbar)
Programming Editor
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB896727)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB904942)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
QuickTime
Raptor Special Edition
Ricochet 1.3 (Distributed by Logitech)
RoboRumble
SabreWing 2
Sanakirjan puhesyntetisaattori
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Silkroad
SiS VGA Utilities
Sonic RecordNow!
Space Rocks
Spider-Man 2
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB883939)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB896688)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899588)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB903235)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB908531)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB916281)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
SuperStaraoke Demo 1.00
Syötteen tunnistus (Windows Live Toolbar)
Tag&Rename 3.3.5
The Sims 2
Tile Blazer Special Edition
Turbo Sliders (remove only)
ubi.com
vanBasco's Screen Saver
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10:n Hotfix-korjauspäivitys KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9:n Hotfix-korjauspäivitys [lisätietoja on artikkelissa KB885492]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1)
Worms2
ZENcast Organizer
|
|
Auttaja
Suspended permanently
|
3. heinäkuuta 2007 @ 14:58 |
Linkki tähän viestiin
|
nää kannattaa ainakin poistaa ohjauspaneelin lisää/poista sovelluksen kautta
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6
Tääkää ei mitää parasta
LimeWire PRO 4.12.3
=========
Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:
Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille
==========
Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"
Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.
Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
==========
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HjT-koulu. Koulussa syvennytään HjT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa HijackThis-logia tarkistettavaksi!
|
|
Anon999
Member
|
3. heinäkuuta 2007 @ 15:06 |
Linkki tähän viestiin
|
|
Ei enää mitään.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. tammikuuta 2013 @ 13:07
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
3. heinäkuuta 2007 @ 15:13 |
Linkki tähän viestiin
|
|
Ok, jätä vaan, netissä voit joskus jos jaksat lueskella miksi sitä joskus suositellaa poistettavaksi.
|
|
