|
Mesevirus käynnissä ja tässä loki
|
|
|
rantan05
Newbie
|
9. elokuuta 2007 @ 18:06 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 21:58:55, on 9.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Anne-Mari\belmmm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anne-Mari\Työpöytä\scanner.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab55762.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: printers - {CB78AEED-83F9-463F-B625-C32D88203E8E} - libmsns.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - D:\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Auttakaa
Kiitos jo etukäteen! <3
|
|
Auttaja
Suspended permanently
|
9. elokuuta 2007 @ 20:52 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 07:24 |
Linkki tähän viestiin
|
En saa konetta vikasietotilaan sitten millään. Mulla on acer 3000-sarjan kones ja yritin f8, f10 ja esciä mutta ei tuu kesää... Mikä avuksi?
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 07:59 |
Linkki tähän viestiin
|
|
hyppää sitten tohon combofixiin.. :) ja laita sen logi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. elokuuta 2007 @ 08:38
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 11:50 |
Linkki tähän viestiin
|
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-28 21:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 18:35]
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-09-10 03:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 05:18]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
C:\Documents and Settings\Anne-Mari\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
OpenOffice.org 1.1.5.lnk - C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe [2005-09-05 01:10:00]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-08 02:22:29]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5T19I3B27A"=C:\WINDOWS\svchost.exe
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2005-09-16 21:16:56 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 15:44:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-10 15:46:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 15:46
--- E O F ---
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 11:53 |
Linkki tähän viestiin
|
|
Tommoinen ihmetys sieltä tuli :O
Mites tästä eteenpäin?
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 11:58 |
Linkki tähän viestiin
|
|
C:\ComboFix.txt
Etsi tuo tiedosto avaa..
Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
Eli lähetä sen tiedoston koko sisältö nii jatketaan :)
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 12:07 |
Linkki tähän viestiin
|
ComboFix 07-08-09.3 - "Anne-Mari" 2007-08-10 15:40:31.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.133 [GMT 3:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\images075.zip
C:\WINDOWS\images081.zip
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\MabryObj.dll
((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 15:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 22:47 97,280 --a------ C:\DOCUME~1\ANNE-M~1\xtgtkj.exe
2007-08-08 22:44 97,280 --a------ C:\DOCUME~1\ANNE-M~1\belmmm.exe
2007-08-07 22:00 25,900 --a------ C:\WINDOWS\system32\libmsns.dll
2007-08-07 22:00 116,224 --a------ C:\WINDOWS\system32\msninet.exe
2007-07-18 14:34 d-------- C:\Program Files\Tikkurila
2007-07-14 15:24 d-------- C:\Program Files\CDBurnerXP Pro 3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\TransRender
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\Temporary
2007-07-04 17:16 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\ConvertTemp
2007-07-04 17:12 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2004-03-12 11:15 5531136 --a------ C:\Program Files\Symantec Client Security.msi
2004-03-12 11:15 4632 --a------ C:\Program Files\0x0409.ini
2004-03-12 11:15 450646 --a------ C:\Program Files\ALErules.exe
2004-03-12 11:15 3236 --a------ C:\Program Files\INSTOPTS.DAT
2004-03-12 11:15 225280 --a------ C:\Program Files\setup.exe
2004-03-12 11:15 19620991 --a------ C:\Program Files\Data1.cab
2004-03-12 11:15 1822520 --a------ C:\Program Files\instmsiw.exe
2004-03-12 11:15 1708856 --a------ C:\Program Files\instmsia.exe
2004-03-12 11:15 1259 --a------ C:\Program Files\Setup.ini
2004-03-12 11:15 1229056 --a------ C:\Program Files\DCOM98.EXE
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 15:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-28 21:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 18:35]
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-09-10 03:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 05:18]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
C:\Documents and Settings\Anne-Mari\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
OpenOffice.org 1.1.5.lnk - C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe [2005-09-05 01:10:00]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-08 02:22:29]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5T19I3B27A"=C:\WINDOWS\svchost.exe
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2005-09-16 21:16:56 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 15:44:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-10 15:46:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 15:46
--- E O F ---
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 12:13 |
Linkki tähän viestiin
|
|
Toivottavasti oli tällä kertaa oikea tiedosto ;) Jännittävää tällainen puuhastelu :)
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 12:32 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
File::
C:\DOCUME~1\ANNE-M~1\xtgtkj.exe
C:\DOCUME~1\ANNE-M~1\belmmm.exe
C:\WINDOWS\system32\libmsns.dll
C:\WINDOWS\system32\msninet.exe
C:\WINDOWS\svchost.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BSplayer_WhenUSave_Installer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5T19I3B27A"=-
Folder::
C:\Program Files\BSplayer_WhenUSave_Installer
Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. Myös uusi Hijackthislogi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. elokuuta 2007 @ 12:33
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 13:27 |
Linkki tähän viestiin
|
Tässä se Combofix.txt, toivottavasti on oikea, hijack tulee kohta...
ComboFix 07-08-09.3 - "Anne-Mari" 2007-08-10 15:40:31.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.133 [GMT 3:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\images075.zip
C:\WINDOWS\images081.zip
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\MabryObj.dll
((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 15:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 22:47 97,280 --a------ C:\DOCUME~1\ANNE-M~1\xtgtkj.exe
2007-08-08 22:44 97,280 --a------ C:\DOCUME~1\ANNE-M~1\belmmm.exe
2007-08-07 22:00 25,900 --a------ C:\WINDOWS\system32\libmsns.dll
2007-08-07 22:00 116,224 --a------ C:\WINDOWS\system32\msninet.exe
2007-07-18 14:34 d-------- C:\Program Files\Tikkurila
2007-07-14 15:24 d-------- C:\Program Files\CDBurnerXP Pro 3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\TransRender
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\Temporary
2007-07-04 17:16 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\ConvertTemp
2007-07-04 17:12 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2004-03-12 11:15 5531136 --a------ C:\Program Files\Symantec Client Security.msi
2004-03-12 11:15 4632 --a------ C:\Program Files\0x0409.ini
2004-03-12 11:15 450646 --a------ C:\Program Files\ALErules.exe
2004-03-12 11:15 3236 --a------ C:\Program Files\INSTOPTS.DAT
2004-03-12 11:15 225280 --a------ C:\Program Files\setup.exe
2004-03-12 11:15 19620991 --a------ C:\Program Files\Data1.cab
2004-03-12 11:15 1822520 --a------ C:\Program Files\instmsiw.exe
2004-03-12 11:15 1708856 --a------ C:\Program Files\instmsia.exe
2004-03-12 11:15 1259 --a------ C:\Program Files\Setup.ini
2004-03-12 11:15 1229056 --a------ C:\Program Files\DCOM98.EXE
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 15:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-28 21:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 18:35]
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-09-10 03:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 05:18]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
C:\Documents and Settings\Anne-Mari\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
OpenOffice.org 1.1.5.lnk - C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe [2005-09-05 01:10:00]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-08 02:22:29]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5T19I3B27A"=C:\WINDOWS\svchost.exe
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2005-09-16 21:16:56 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 15:44:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-10 15:46:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 15:46
--- E O F ---
|
|
rantan05
Newbie
|
10. elokuuta 2007 @ 13:31 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 17:27:48, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Anne-Mari\Työpöytä\scanner.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab55762.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - D:\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 17:08 |
Linkki tähän viestiin
|
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Katotaan menikö se oikein :)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. elokuuta 2007 @ 17:09
|
|
rantan05
Newbie
|
12. elokuuta 2007 @ 18:49 |
Linkki tähän viestiin
|
Deckard's System Scanner v20070809.63
Run by Anne-Mari on 2007-08-12 at 22:42:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
84: 2007-08-12 19:42:47 UTC - RP483 - Deckard's System Scanner Restore Point
83: 2007-08-12 15:34:59 UTC - RP482 - Järjestelmän tarkistuspiste
82: 2007-08-10 14:11:25 UTC - RP481 - ComboFix created restore point
81: 2007-08-10 12:40:22 UTC - RP480 - ComboFix created restore point
80: 2007-08-09 19:28:10 UTC - RP479 - Järjestelmän tarkistuspiste
-- First Restore Point --
1: 2007-05-15 14:43:41 UTC - RP400 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 447 MiB (512 MiB recommended).
-- HijackThis (run as Anne-Mari.exe) -------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:43:45, on 12.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anne-Mari\Työpöytä\dss.exe
C:\DOCUME~1\ANNE-M~1\TYÖPÖYTÄ\Anne-Mari.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab55762.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - D:\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
S3 catchme - c:\docume~1\anne-m~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe Acer eManager for Notebook>
S3 NBService - d:\nero\nero 7\nero backitup\nbservice.exe (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2005-09-17 00:16:56 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2007-07-12 and 2007-08-12 -----------------------------
2007-08-10 17:55:44 0 dr-h----- C:\Documents and Settings\Anne-Mari\Recent
2007-08-10 17:22:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-10 16:01:30 0 d-------- C:\Program Files\Yahoo!
2007-08-10 16:01:22 0 d-------- C:\Program Files\CCleaner
2007-07-18 14:34:29 0 d-------- C:\Program Files\Tikkurila
2007-07-14 15:24:55 0 d-------- C:\Program Files\CDBurnerXP Pro 3
-- Find3M Report ---------------------------------------------------------------
2007-07-04 17:20:10 0 d-------- C:\Documents and Settings\Anne-Mari\Application Data\TransRender
2007-07-04 17:20:10 0 d-------- C:\Documents and Settings\Anne-Mari\Application Data\Temporary
2007-07-04 17:16:34 0 d-------- C:\Documents and Settings\Anne-Mari\Application Data\ConvertTemp
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07.10.2004 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07.10.2004 23:43]
"SoundMan"="SOUNDMAN.EXE" [23.02.2005 18:13 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [07.10.2004 19:50 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [25.02.2005 19:35 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [04.03.2005 13:13]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09.03.2005 18:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [15.09.2004 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [15.09.2004 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15.09.2004 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15.09.2004 20:00]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28.03.2005 12:30]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23.03.2005 10:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29.02.2004 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [12.03.2004 15:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [16.09.2005 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28.09.2005 21:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29.10.2005 18:35]
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [09.11.2006 15:07]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22.08.2004 17:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [10.09.2005 03:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 20:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05.09.2006 05:18]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
C:\Documents and Settings\Anne-Mari\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
OpenOffice.org 1.1.5.lnk - C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe [5.9.2005 1:10:00]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [8.3.2005 2:22:29]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 4:44:06]
-- End of Deckard's System Scanner: finished at 2007-08-12 at 22:45:20 ---------
|
|
rantan05
Newbie
|
12. elokuuta 2007 @ 18:54 |
Linkki tähän viestiin
|
Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: Mobile AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 446.48 MiB / 130.31 MiB
Pagefile Memory (total/avail): 1051.63 MiB / 700.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.42 MiB
C: is Fixed (FAT32) - 35.7 GiB total, 10.19 GiB free.
D: is Fixed (FAT32) - 35.87 GiB total, 4.32 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anne-Mari\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KAROLIINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anne-Mari
LOGONSERVER=\\KAROLIINA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\SSH Communications Security\SSH Secure Shell;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANNE-M~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANNE-M~1\LOCALS~1\Temp
USERDOMAIN=KAROLIINA
USERNAME=Anne-Mari
USERPROFILE=C:\Documents and Settings\Anne-Mari
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Anne-Mari (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0xb -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Agere Systems AC'97 Modem --> agrsmdel
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
ArcSoft Camera Suite 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DigiPosti --> C:\Program Files\DigiPosti\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX(tm) Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FINAL FANTASY VIII --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Eidos Interactive\Square Soft, Inc\FINAL FANTASY VIII\Uninst.isu"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\Anne-Mari\Työpöytä\HijackThis.exe /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1035
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.6) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.6 (en)"
MSN Työkalupalkki --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\mtbs.exe c
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5} /l1035
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7
OpenMG Limited Patch 4.6-06-09-04-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.6-06-09-04-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.6.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{D5654243-0EDC-4BE7-8353-16ECE4019CD1} UNINSTALL
OpenOffice.org 1.1.5 --> C:\Program Files\OpenOffice.org1.1.5\program\setup.exe -deinstall
PDF Manual NW-S600/S700F Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF71D37B-0CC7-4B8B-863C-FB23849A508E}\setup.exe" -l0xb UNINSTALL -removeonly
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.EXE" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1035
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^ --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0xb
Skype 1.3 --> "C:\Program Files\Skype\Phone\unins000.exe"
SonicStage 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SoulSeek 157 test 8 --> "C:\Program Files\Soulseek-Test\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Symantec Client Security --> MsiExec.exe /I{00CD72B3-E2DF-4DFC-BCC1-5CC4F564518D}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tikkurilan Värisuunnitteluohjelma 2.5 --> MsiExec.exe /X{F2015EA4-1653-4C65-9B27-D0CF3A1DAF36}
URUSoft ViPlay3 --> "C:\Program Files\URUSoft\ViPlay3\uninstall.exe"
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
-- Application Event Log -------------------------------------------------------
Event ID #7845: Warning
Event Submitted/Written: 08/11/2007 07:33:18 AM
Event Source: Userenv
Event Description:
Windows tallensi käyttäjän KAROLIINA\Anne-Mari rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.
Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.
Event ID #7812: Error
Event Submitted/Written: 08/10/2007 11:38:59 AM
Event Source: Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Linkoptimizer.B in File: C:\DOCUME~1\ANNE-M~1\LOCALS~1\Temp\pa_0105.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event ID #7811: Error
Event Submitted/Written: 08/10/2007 11:38:58 AM
Event Source: Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Linkoptimizer.B in File: C:\DOCUME~1\ANNE-M~1\LOCALS~1\Temp\pa_0105.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event ID #7810: Error
Event Submitted/Written: 08/10/2007 11:37:55 AM
Event Source: Symantec AntiVirus
Event Description:
Threat Found!Threat: Hacktool.Rootkit in File: C:\WINDOWS\svchost.dll by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event ID #7799: Error
Event Submitted/Written: 08/10/2007 11:21:06 AM
Event Source: Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Linkoptimizer.B in File: C:\DOCUME~1\ANNE-M~1\LOCALS~1\Temp\pa_0105.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event ID #27155: Warning
Event Submitted/Written: 08/12/2007 10:18:52 PM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.
Event ID #27154: Warning
Event Submitted/Written: 08/12/2007 09:51:32 PM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.
Event ID #27153: Warning
Event Submitted/Written: 08/12/2007 08:49:37 PM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.
Event ID #27149: Warning
Event Submitted/Written: 08/12/2007 08:31:30 PM
Event Source: Dhcp
Event Description:
Verkon DHCP-palvelin ei voinut uusia IP-osoitetta tietokoneen
verkkokortille, jonka verkko-osoite on 00C09FCDD6B1.
Virhe:
%%1223.
Tietokone jatkaa osoitteen pyytämistä verkon DHCP-palvelimelta.
Event ID #27089: Warning
Event Submitted/Written: 08/10/2007 08:56:00 PM
Event Source: Win32k
Event Description:
WINLOGON.EXE hylkäsi pyynnön virran katkaisemisesta.
-- End of Deckard's System Scanner: finished at 2007-08-12 at 22:45:20 ---------
|
|
Auttaja
Suspended permanently
|
12. elokuuta 2007 @ 18:55 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
File::
C:\DOCUME~1\ANNE-M~1\xtgtkj.exe
C:\DOCUME~1\ANNE-M~1\belmmm.exe
C:\WINDOWS\system32\libmsns.dll
C:\WINDOWS\system32\msninet.exe
Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=======
Kaspersky online-skanneri
Skannaa koneesi Kaspersky Online Skannerilla
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
=======
eli kasperskyn & combon loki
|
|
rantan05
Newbie
|
14. elokuuta 2007 @ 11:57 |
Linkki tähän viestiin
|
ComboFix 07-08-09.3 - "Anne-Mari" 2007-08-14 15:52:03.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.187 [GMT 3:00]
Command switches used :: C:\Documents and Settings\Anne-Mari\Ty?p?yt?\CFScript.txt
* Created a new restore point
FILE::
C:\DOCUME~1\ANNE-M~1\xtgtkj.exe
C:\DOCUME~1\ANNE-M~1\belmmm.exe
C:\WINDOWS\system32\libmsns.dll
C:\WINDOWS\system32\msninet.exe
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-12 22:42 d-------- C:\Deckard
2007-08-10 17:22 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-10 16:01 d-------- C:\Program Files\Yahoo!
2007-08-10 16:01 d-------- C:\Program Files\CCleaner
2007-08-10 15:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 14:34 d-------- C:\Program Files\Tikkurila
2007-07-14 15:24 d-------- C:\Program Files\CDBurnerXP Pro 3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\TransRender
2007-07-04 17:20 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\Temporary
2007-07-04 17:16 --------- d-------- C:\DOCUME~1\ANNE-M~1\APPLIC~1\ConvertTemp
2007-07-04 17:12 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2004-03-12 11:15 5531136 --a------ C:\Program Files\Symantec Client Security.msi
2004-03-12 11:15 4632 --a------ C:\Program Files\0x0409.ini
2004-03-12 11:15 450646 --a------ C:\Program Files\ALErules.exe
2004-03-12 11:15 3236 --a------ C:\Program Files\INSTOPTS.DAT
2004-03-12 11:15 225280 --a------ C:\Program Files\setup.exe
2004-03-12 11:15 19620991 --a------ C:\Program Files\Data1.cab
2004-03-12 11:15 1822520 --a------ C:\Program Files\instmsiw.exe
2004-03-12 11:15 1708856 --a------ C:\Program Files\instmsia.exe
2004-03-12 11:15 1259 --a------ C:\Program Files\Setup.ini
2004-03-12 11:15 1229056 --a------ C:\Program Files\DCOM98.EXE
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 15:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-28 21:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 18:35]
"BSplayer_WhenUSave_Installer"="C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-09-10 03:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 05:18]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
C:\Documents and Settings\Anne-Mari\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
OpenOffice.org 1.1.5.lnk - C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe [2005-09-05 01:10:00]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-08 02:22:29]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Contents of the 'Scheduled Tasks' folder
2005-09-16 21:16:56 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 15:53:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-14 15:54:22
C:\ComboFix-quarantined-files.txt ... 2007-08-14 15:54
C:\ComboFix3.txt ... 2007-08-10 17:17
C:\ComboFix2.txt ... 2007-08-13 17:02
--- E O F ---
|
|
rantan05
Newbie
|
14. elokuuta 2007 @ 13:10 |
Linkki tähän viestiin
|
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 14, 2007 5:08:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/08/2007
Kaspersky Anti-Virus database records: 379940
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 56600
Number of viruses found 8
Number of infected objects 43
Number of suspicious objects 0
Duration of the scan process 00:44:24
Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{051BD5C3-1ADD-4932-9D8F-A413127EEF06}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680001.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680002.VBN Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680003.VBN Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00F00000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00F00001.VBN Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00F00002.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00F00003.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00F00004.VBN Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E40000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180001.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180002.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07C40002.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E80000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01BC0000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01BC0001.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01BC0002.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01980000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01980001.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01980002.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\009C0001.VBN Infected: Packed.Win32.PolyCrypt.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Anne-Mari\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Anne-Mari\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Anne-Mari\Omat tiedostot\ANNE-MARI\Omat musiikkitiedostot\bsplayer141.832.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Anne-Mari\Omat tiedostot\ANNE-MARI\Omat musiikkitiedostot\bsplayer141.832.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Anne-Mari\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anne-Mari\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anne-Mari\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Anne-Mari\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Anne-Mari\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Anne-Mari\Cookies\index.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\profile.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP478\A0028475.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP480\A0028587.EXE Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP481\A0028717.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP481\A0028718.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP485\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\images075.zip.vir/images075.scr Infected: Backdoor.Win32.IRCBot.acd skipped
C:\QooBox\Quarantine\C\WINDOWS\images075.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\images081.zip.vir/images081.scr Infected: Backdoor.Win32.IRCBot.acd skipped
C:\QooBox\Quarantine\C\WINDOWS\images081.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\QooBox\Quarantine\C\DOCUME~1\ANNE-M~1\xtgtkj.exe.vir Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\QooBox\Quarantine\C\DOCUME~1\ANNE-M~1\belmmm.exe.vir Infected: Trojan-Clicker.Win32.Small.kj skipped
D:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP460\A0027324.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP460\A0027324.exe RAR: infected - 1 skipped
D:\System Volume Information\_restore{E35F7DCA-5BD1-4ABA-8353-6FE38401F7D7}\RP485\change.log Object is locked skipped
Scan process completed.
|
|
Hujo
Suspended permanently
|
14. elokuuta 2007 @ 14:13 |
Linkki tähän viestiin
|
1. Lataa tästä poistotyökalu ja tallenna se työpöydällesi http://sosvirus.changelog.fr/MSNFix.zip
2. Pura se MSNFix kansioon
3. Avaa kansio ja käynnistä MSNFix.bat
4. Valitse haluamasi kieli ikkunassa näkyvästä listasta kirjoittamalla joku niistä kirjaimista ja paina ENTER. E = englanti
5. Kirjoita seuraavaksi R kirjain ja paina ENTER käynnistääksesi virushaun.
6. Sen jälkeen paina uusiksi ENTER poistaaksesi työkalun löytämät tiedostot.
============================
Sitten tuonne vikasietotilaan kokeiles tällä pääsyä
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F5 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjä tilisi ja taas pikkunen ikkuna paina ok
===========================
Tässä toinen tyyli vikasietoon pääsemisesä
Käynnistä > suorita kirjoita msconfig > ok
Aukeaa ikkuna
klikkaa Boot.ini välilehteä
täppi kohtaan ¤ / SAFEBOOT
Käytä ja Sulje
Käynnistä uudelleen nappi
Annetut tehtävät suoritettu
Käynnistä > suorita kirjoita msconfig > ok
Aukeaa ikkuna
Laita täppi kohtaan > Normaali käynnistys ? Lataa kaikki laiteohjelmat palvelut
Käytä ja Sulje
Käynnistä uudelleen nappi
============================
Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"
o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter
HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
===============
Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!
laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.
aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
Voiko tietsikka koskaan toimia?
|
|
rantan05
Newbie
|
15. elokuuta 2007 @ 14:36 |
Linkki tähän viestiin
|
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:42:40 15.8.2007
+ Scan result:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\images075.zip.vir/images075.scr -> Backdoor.IRCBot.acd : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\images081.zip.vir/images081.scr -> Backdoor.IRCBot.acd : Cleaned.
C:\Documents and Settings\Anne-Mari\Cookies\anne-mari@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Anne-Mari\Application Data\Mozilla\Firefox\Profiles\ev6ws54y.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.8:C:\Documents and Settings\Anne-Mari\Application Data\Mozilla\Firefox\Profiles\ev6ws54y.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.16:C:\Documents and Settings\Anne-Mari\Application Data\Mozilla\Firefox\Profiles\ev6ws54y.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Anne-Mari\Cookies\anne-mari@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.6:C:\Documents and Settings\Anne-Mari\Application Data\Mozilla\Firefox\Profiles\ev6ws54y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.58:C:\Documents and Settings\Anne-Mari\Application Data\Mozilla\Firefox\Profiles\ev6ws54y.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
::Report end
|
|
Hujo
Suspended permanently
|
15. elokuuta 2007 @ 14:44 |
Linkki tähän viestiin
|
|
ajoikos tuon msnfixsin
onkos siintä raporttia
Voiko tietsikka koskaan toimia?
|
|
rantan05
Newbie
|
15. elokuuta 2007 @ 16:23 |
Linkki tähän viestiin
|
MSN_Fix 1.462
C:\Documents and Settings\Anne-Mari\Ty?p?yt?\MSNFix\MSNFix
Scan done at ke 15.08.2007 - 20:18:54,09 By Anne-Mari
normal mode
************************ Checking Files
No files found
************************ Checking Folders
No Folders Found
************************ Suspect Files
No files found
------------------------------------------------------------------------
Author : !aur3n7 Contact: http://www.changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
ajoin uudestaan tämän. Ekalla kerralla se ilmoitti et malware found ja se kuulemma poisti sen. Nyt ei tuntunu löytyvän. Ajoin myös kahteen kertaan sillä AVG anti-spywarella kun ekalla kerralla taisin poistaa vahingos kaikki vaurioituneet tiedostot. Niitä löyty silloin 8kpl, mutta toisella kerralla vain kolme.
|
|
Hujo
Suspended permanently
|
15. elokuuta 2007 @ 18:12 |
Linkki tähän viestiin
|
|
No onkos kone parempi nyt
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
rantan05
Newbie
|
16. elokuuta 2007 @ 07:56 |
Linkki tähän viestiin
|
|
Hmmm vaikea sanoa. En ole vielä uskaltanut kokeilla meseä, täytyy ladata se uudestaan. Noi ohjelmat kannattaa varmaan ajaa silloin tällöin läpi varmuuden vuoksi??? Kiitos tosi paljon vinkeistä!!
|
