|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Tarkistaisko joku tämän? Mikä mättää..
|
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 12:56 |
Linkki tähän viestiin
|
Aluksi Netti on todella hidas tällä hetkellä, olen skannannut monilla eri viruksenpoisto-ohjelmilla, välillä löytyy, mutta tulee takaisin.
Nyt päätin käyttää HiJackThis ohjelmaa, näyttää sen verran monimutkaselta listalta, että nyt pyytäisin apua, jos joku voisi tarkistaa tämän ja kertoa mitä tehdä, jos listasta löytyy jotain normaalista poikkeavaa (mm. viruksia tms. mitkä voi vaikuttaa hitauteen).
Kiitos etukäteen!
Tuloste
Logfile of HijackThis v1.99.1
Scan saved at 12:36:41, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWSS\System32\smss.exe
C:\WINDOWSS\system32\winlogon.exe
C:\WINDOWSS\system32\services.exe
C:\WINDOWSS\system32\lsass.exe
C:\WINDOWSS\system32\svchost.exe
C:\WINDOWSS\System32\svchost.exe
C:\WINDOWSS\system32\spoolsv.exe
C:\WINDOWSS\Explorer.EXE
C:\WINDOWSS\system32\DeltTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWSS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWSS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWSS\system32\PSIService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWSS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWSS\system32\wuauclt.exe
C:\WINDOWSS\system32\msiexec.exe
C:\Documents and Settings\ttt\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWSS\system32\userinit.exe,C:\WINDOWSS\system32\mgmrwmrv.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWSS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWSS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWSS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dddcadfffd - C:\WINDOWSS\system32\dddcadfffd.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSS\system32\WPDShServiceObj.dll
O21 - SSODL: KernelBoot - {684bbf4a-b630-42ff-b420-414ed472c659} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWSS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWSS\system32\PSIService.exe
|
|
Hujo
Suspended permanently
|
9. huhtikuuta 2008 @ 13:11 |
Linkki tähän viestiin
|
Lataa TÄSTÄ VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
==============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
==================
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 13:11 |
Linkki tähän viestiin
|
Unohdin mainita, että olen myös scannanunt AVG 7.5:lla sivuilta löytyvän ohjeen mukaan. Viruksia löyty ja raporttia en saanut.
|
|
Hujo
Suspended permanently
|
9. huhtikuuta 2008 @ 13:25 |
Linkki tähän viestiin
|
|
tee nuo mitä laitoin
Voiko tietsikka koskaan toimia?
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 13:47 |
Linkki tähän viestiin
|
OK elikkä
VundoFix V7.0.3
Scan started at 13:13:53 9.4.2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V7.0.3
Scan started at 13:18:23 9.4.2008
Listing files found while scanning....
-----------------------------------------------------------
ComboFix 08-04-08.9 - ttt 2008-04-09 13:20:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.292 [GMT 3:00]
Running from: C:\Documents and Settings\ttt\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\WINDOWSS\bjam.dll
C:\WINDOWSS\help\hqaply.chm
C:\WINDOWSS\saiemod.dll
C:\WINDOWSS\salm.exe
C:\WINDOWSS\system32\adult.txt
C:\WINDOWSS\system32\finance.txt
C:\WINDOWSS\system32\lt.res
C:\WINDOWSS\system32\other.txt
C:\WINDOWSS\system32\pharma.txt
C:\WINDOWSS\system32\sft.res
C:\WINDOWSS\system32\wer8274.dll
C:\WINDOWSS\system32\winfrun32.bin
C:\WINDOWSS\TEMP\salm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Legacy_POOF
-------\Service_hqaply
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-03-09 to 2008-04-09 )))))))))))))))))
.
2008-04-09 13:13 . 2008-04-09 13:13 <KANSIO> d-------- C:\VundoFix Backups
2008-04-09 12:15 . 2008-04-09 12:15 117,777 --------- C:\WINDOWSS\system32\9d78eb1d7d85e2eceb9202d57752def8.TMP
2008-04-08 21:35 . 2008-04-08 21:35 <KANSIO> d-------- C:\Documents and Settings\ttt\Application Data\Grisoft
2008-04-08 21:35 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWSS\system32\drivers\AvgAsCln.sys
2008-04-08 21:34 . 2008-04-08 21:34 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWSS\Application Data\Grisoft
2008-04-08 16:37 . 2008-04-08 16:37 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWSS\Application Data\Disk Cleaner
2008-04-08 16:35 . 2008-04-08 16:35 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWSS\Application Data\Registry Helper
2008-04-03 14:43 . 2008-04-03 14:43 <KANSIO> d-------- C:\Program Files\CDex_170b2
2008-04-03 11:44 . 2008-04-03 11:44 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWSS\Application Data\Apple Computer
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWSS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWSS\system32\QuickTime.qts
2008-03-12 21:15 . 2008-03-17 11:12 <KANSIO> d-------- C:\Program Files\AdVantage
2008-03-12 17:15 . 2008-03-12 17:15 <KANSIO> d-------- C:\Program Files\WinSCP3
2008-03-12 13:17 . 2008-03-12 13:18 <KANSIO> d-------- C:\WINDOWSS\Internet Logs
2008-03-12 13:17 . 2008-03-12 13:18 4,212 ---h----- C:\WINDOWSS\system32\zllictbl.dat
2008-03-12 13:16 . 2008-03-12 13:16 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-03-12 01:16 . 2008-04-08 20:57 <KANSIO> d-------- C:\WINDOWSS\SxsCaPendDel
2008-03-11 22:46 . 2008-03-12 12:40 <KANSIO> d-------- C:\Program Files\F-Secure
2008-03-11 22:45 . 1998-07-30 19:36 303,616 --a------ C:\WINDOWSS\IsUn040b.exe
2008-03-11 22:45 . 2008-03-11 22:48 2,521 --a------ C:\WINDOWSS\FSAV.MIF
2008-03-11 22:42 . 2008-03-18 20:46 <KANSIO> d-------- C:\Program Files\Opera 9.5 beta
2008-03-11 22:36 . 2008-04-09 00:15 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-11 22:32 . 2008-03-12 00:40 <KANSIO> d-------- C:\TEMP
2008-03-11 21:54 . 2008-03-11 21:54 17,664 --a------ C:\WINDOWSS\avifile32.dll
2008-03-11 21:53 . 2008-03-11 21:57 <KANSIO> d-------- C:\Documents and Settings\ttt\.housecall6.6
2008-03-11 21:29 . 2008-03-12 00:25 <KANSIO> d-------- C:\WINDOWSS\system32\NtmsData
2008-03-11 20:40 . 2008-03-11 22:55 524 --a------ C:\WINDOWSS\wininit.ini
2008-03-11 17:54 . 2008-03-11 17:49 691,545 --a------ C:\WINDOWSS\unins000.exe
2008-03-11 17:54 . 2008-03-11 17:54 2,564 --a------ C:\WINDOWSS\unins000.dat
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 09:34 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-09 09:34 --------- d-----w C:\Documents and Settings\ttt\Application Data\SUPERAntiSpyware.com
2008-04-09 08:59 --------- d-----w C:\Program Files\DC++
2008-04-09 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWSS\Application Data\Microsoft Help
2008-04-03 09:59 --------- d-----w C:\Documents and Settings\ttt\Application Data\Apple Computer
2008-04-03 08:45 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:26 --------- d-----w C:\Program Files\HTMLValidatorLite80
2008-03-25 10:02 --------- d-----w C:\Program Files\Java
2008-03-17 08:12 --------- d-----w C:\Program Files\Webteh
2008-03-11 22:14 --------- d-----w C:\Program Files\Pinnacle
2008-03-11 20:32 --------- d-----w C:\Program Files\SopCast
2008-03-11 14:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:40 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 19:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 19:39 --------- d-----w C:\Program Files\Windows Live
2008-02-26 19:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWSS\Application Data\WLInstaller
2008-02-13 00:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWSS\Application Data\YoYoGames
2008-02-13 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 00:17 --------- d-----w C:\Program Files\sisagp
2008-02-13 00:17 --------- d-----w C:\Program Files\SiS VGA Utilities V3.80
2008-02-11 15:35 --------- d-----w C:\Documents and Settings\ttt\Application Data\Corel
2008-02-11 15:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 14:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWSS\Application Data\FLEXnet
2008-02-11 14:52 --------- d-----w C:\Program Files\Bonjour
2008-02-11 14:43 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-11 07:45 --------- d-----w C:\Program Files\Winamp
2007-12-20 10:34 88 --sh--r C:\WINDOWSS\system32\2514CD002F.sys
2007-08-23 12:03 88 --sh--r C:\WINDOWSS\system32\A173E70994.sys
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWSS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [ ]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 23:43 56320 C:\WINDOWSS\system32\delttray.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 01:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-04 15:25 185896]
"SiSPower"="SiSPower.dll" [2007-04-11 04:06 53248 C:\WINDOWSS\system32\SiSPower.dll]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWSS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lpv48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWSS\system32\DRIVERS\loop.sys [2001-08-17 22:53]
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-04-03 08:09:00 C:\WINDOWSS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 13:24:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWSS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWSS\system32\PSIService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-04-09 13:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 10:26:03
Pre-Run: 82,886,160,384 tavua vapaana
Post-Run: 83,715,887,104 tavua vapaana
.
2008-03-11 23:52:26 --- E O F ---
------------------------------------------------------------------------------------
SDFix: Version 1.168
Run by ttt on ke 09.04.2008 at 13:34
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\ttt\TYPYT~1\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:44:05, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWSS\System32\smss.exe
C:\WINDOWSS\system32\winlogon.exe
C:\WINDOWSS\system32\services.exe
C:\WINDOWSS\system32\lsass.exe
C:\WINDOWSS\system32\svchost.exe
C:\WINDOWSS\System32\svchost.exe
C:\WINDOWSS\system32\spoolsv.exe
C:\WINDOWSS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWSS\system32\PSIService.exe
C:\WINDOWSS\system32\wscntfy.exe
C:\WINDOWSS\system32\wuauclt.exe
C:\WINDOWSS\system32\DeltTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWSS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWSS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWSS\system32\NOTEPAD.EXE
C:\Documents and Settings\ttt\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWSS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWSS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSS\system32\WPDShServiceObj.dll
O21 - SSODL: KernelBoot - {684bbf4a-b630-42ff-b420-414ed472c659} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWSS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWSS\system32\PSIService.exe
|
|
Hujo
Suspended permanently
|
9. huhtikuuta 2008 @ 14:12 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O21 - SSODL: KernelBoot - {684bbf4a-b630-42ff-b420-414ed472c659} - (no file)
============
missä on koneelta palomuuri ja virustorjunta
============
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3
1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
============
Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg
scannaa
jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.
Laita virus log tänne.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. huhtikuuta 2008 @ 14:14
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 22:29 |
Linkki tähän viestiin
|
NoLop! Log by Skate_Punk_21
Please Note: any existing old logs will have now been renamed to NoLop!OLD.log
Fix running from: C:\Documents and Settings\ttt\Työpöytä
[9.4.2008]
[14:53:15]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Corel
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Shctxex.vb
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip
C:\Documents and Settings\All Users.windowss\Application Data\Adobe
C:\Documents and Settings\All Users.windowss\Application Data\Apple
C:\Documents and Settings\All Users.windowss\Application Data\Apple Computer
C:\Documents and Settings\All Users.windowss\Application Data\Corel
C:\Documents and Settings\All Users.windowss\Application Data\Disk Cleaner
C:\Documents and Settings\All Users.windowss\Application Data\Flexnet
C:\Documents and Settings\All Users.windowss\Application Data\Google
C:\Documents and Settings\All Users.windowss\Application Data\Grisoft
C:\Documents and Settings\All Users.windowss\Application Data\Microsoft
C:\Documents and Settings\All Users.windowss\Application Data\Microsoft Help
C:\Documents and Settings\All Users.windowss\Application Data\Pinnacle
C:\Documents and Settings\All Users.windowss\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users.windowss\Application Data\Registry Helper
C:\Documents and Settings\All Users.windowss\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users.windowss\Application Data\Superantispyware.com
C:\Documents and Settings\All Users.windowss\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windowss\Application Data\Wlinstaller
C:\Documents and Settings\All Users.windowss\Application Data\Yoyogames
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User.windowss\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt-hallinta\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt-hallinta\Application Data\Microsoft
C:\Documents and Settings\Trepla\Application Data\.abc
C:\Documents and Settings\Trepla\Application Data\Adobe
C:\Documents and Settings\Trepla\Application Data\Ai Internet Solutions
C:\Documents and Settings\Trepla\Application Data\Apple Computer
C:\Documents and Settings\Trepla\Application Data\Avg7
C:\Documents and Settings\Trepla\Application Data\Bsplayer
C:\Documents and Settings\Trepla\Application Data\Bsplayer Pro
C:\Documents and Settings\Trepla\Application Data\Corel
C:\Documents and Settings\Trepla\Application Data\Divx
C:\Documents and Settings\Trepla\Application Data\Identities
C:\Documents and Settings\Trepla\Application Data\Lavasoft
C:\Documents and Settings\Trepla\Application Data\Macromedia
C:\Documents and Settings\Trepla\Application Data\Microsoft
C:\Documents and Settings\Trepla\Application Data\Mozilla
C:\Documents and Settings\Trepla\Application Data\Securom
C:\Documents and Settings\Trepla\Application Data\Sun
C:\Documents and Settings\Trepla\Application Data\Superantispyware.com
C:\Documents and Settings\Trepla\Application Data\Syntrillium
C:\Documents and Settings\Trepla\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Ttt\Application Data\.abc
C:\Documents and Settings\Ttt\Application Data\Adobe
C:\Documents and Settings\Ttt\Application Data\Ai Internet Solutions
C:\Documents and Settings\Ttt\Application Data\Apple Computer
C:\Documents and Settings\Ttt\Application Data\Corel
C:\Documents and Settings\Ttt\Application Data\Grisoft
C:\Documents and Settings\Ttt\Application Data\Identities
C:\Documents and Settings\Ttt\Application Data\Lavasoft
C:\Documents and Settings\Ttt\Application Data\Macromedia
C:\Documents and Settings\Ttt\Application Data\Microsoft
C:\Documents and Settings\Ttt\Application Data\Mozilla
C:\Documents and Settings\Ttt\Application Data\Opera
C:\Documents and Settings\Ttt\Application Data\Real
C:\Documents and Settings\Ttt\Application Data\Sun
C:\Documents and Settings\Ttt\Application Data\Superantispyware.com -- EMPTY Directory
C:\Documents and Settings\Ttt\Application Data\Syntrillium
C:\Documents and Settings\Ttt\Application Data\Vlc
C:\Documents and Settings\Ttt\Application Data\Winamp
C:\Documents and Settings\Ttt\Application Data\Winrar -- EMPTY Directory
------------------------------------------------------------------------
File C:\WINDOWSS\system32\9d78eb1d7d85e2eceb9202d57752def8.TMP infected by "Trojan-Downloader.Win32.Agent.kib" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users.WINDOWSS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users.WINDOWSS\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant11.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users.WINDOWSS\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant8.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users.WINDOWSS\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\trepla\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\trepla\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{56B1638A-BA35-4DED-8F2B-9156F8CC5AB6}\RP87\A0030111.dll tagged as not-a-virus:AdWare.Win32.BHO.amf. No Action Taken.
File C:\System Volume Information\_restore{56B1638A-BA35-4DED-8F2B-9156F8CC5AB6}\RP90\A0031543.dll infected by "Trojan-Downloader.Win32.Agent.kib" Virus. Action Taken: File Deleted.
-----------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:28:23, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWSS\System32\smss.exe
C:\WINDOWSS\system32\winlogon.exe
C:\WINDOWSS\system32\services.exe
C:\WINDOWSS\system32\lsass.exe
C:\WINDOWSS\system32\svchost.exe
C:\WINDOWSS\System32\svchost.exe
C:\WINDOWSS\system32\spoolsv.exe
C:\WINDOWSS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWSS\system32\PSIService.exe
C:\WINDOWSS\system32\DeltTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWSS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWSS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWSS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ttt\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWSS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWSS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWSS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWSS\system32\PSIService.exe
|
|
Hujo
Suspended permanently
|
9. huhtikuuta 2008 @ 22:46 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
AdVantage
poista kansio vikasiedossa
C:\Program Files\AdVantage
==========
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
==============
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
=================
missähän mahtaa tuo virustorjunta ja palomuuri olla.
Voiko tietsikka koskaan toimia?
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 23:13 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 23:12:01, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWSS\System32\smss.exe
C:\WINDOWSS\system32\winlogon.exe
C:\WINDOWSS\system32\services.exe
C:\WINDOWSS\system32\lsass.exe
C:\WINDOWSS\system32\svchost.exe
C:\WINDOWSS\System32\svchost.exe
C:\WINDOWSS\system32\spoolsv.exe
C:\WINDOWSS\Explorer.EXE
C:\WINDOWSS\system32\DeltTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWSS\system32\ctfmon.exe
C:\WINDOWSS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWSS\system32\PSIService.exe
C:\WINDOWSS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ttt\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWSS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWSS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWSS\system32\guard32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWSS\system32\drivers\pclepci.sys
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWSS\system32\PSIService.exe
Nyt olis ton näköstä.
|
|
Hujo
Suspended permanently
|
9. huhtikuuta 2008 @ 23:24 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
markkane
Newbie
|
9. huhtikuuta 2008 @ 23:39 |
Linkki tähän viestiin
|
|
Jees tehty, netti on nyt illalla toiminut huomattavasti nopeammin, Kiitos!
|
|
