|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Oma tietokone sulkeutuu itsestään
|
|
|
Villani
Suspended due to non-functional email address
|
22. syyskuuta 2008 @ 01:55 |
Linkki tähän viestiin
|
|
Elikkäs olisi semmonen ongelma, että välillä, kun avaa oma tietokoneen tai muun vastaavan kansion, niin kone sulkee ne hetken päästä itsestään. Eli luultavasti jokin virus kyseessä. Osaisiko kukaan neuvoa, miten asian saisi kuntoon?
|
Senior Member
3 tuotearviota
|
23. syyskuuta 2008 @ 02:41 |
Linkki tähän viestiin
|
Lataa Hijackthis (alla ohjeet) ja lähetä sen loki tähän linkkiin.
Lataa tästä HJTInstall.exe
*Tallenna HJTInstall.exe työpöydällesi.
*Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
*Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
*Klikkaa Install.
*Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
*Kun asennus on valmis, se käynnistää HijackThisin.
*Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
*Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
*Mene tänne, luo uusi aihe ja liitä juuri kopioitu HijackThis loki sinne. Jää odottamaan fiksaajien vastausta.
*ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
*ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.
Ko. ohjelma skannaa mm. käynnissä olevat prosessit sekä joitakin muutoksia rekisterissä, ja näistä tiedoista fiksaajat pystyvät erottamaan virukset sekä niiden aiheuttamat vahingot yms. oleellista tietoa.
Fiksaajat ajattavat tuon ensimmäisen login lukemisen jälkeen joitakin fiksaukseen tarkoitettuja ohjelmia koneellasi ja siinä välissä myös uusia HjT-skannauksia, joten älä poista mitään omatoimisesti ennen kuin saat siitä erikseen kehoituksen.
Ja vaikka ongelmat vaikuttaisivatkin poistuneen, ei se tarkoita sitä että koneesi olisi vielä puhdas! Joten suorita kaikki fiksaajan antamat toimenpiteet loppuun asti ja odota, että saat ilmoituksen koneesi puhtaudesta!
Mahdollisissa epäselvissä tilanteissa älä epäröi kysyä neuvoa, sinua varmasti autetaan.
Toinen vaihtoehto on tuon lokin lähettäminen Virustorjunta.nettiin (tarvitsee rekisteröinnin, maksuton tietenkin)
GA B85M D3H | E3-1230V3 | True Spirit 120 M BW Rev.A | Asus R9 270X DCII TOP | SF-600P14XE-PRO | 8GB RAM | PNY 120GB SSD | WDC WD10EZEX | Fractal Define Mini | Win7 64bit Pro |
|
|
Villani
Suspended due to non-functional email address
|
24. syyskuuta 2008 @ 01:03 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:59:27, on 24.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {15AAD327-175C-4C7E-8062-3B4C55175073} - C:\WINDOWS\system32\cbXomMGy.dll
O2 - BHO: {bf0fa43d-0baf-4d49-6434-5bb38a70c333} - {333c07a8-3bb5-4346-94d4-fab0d34af0fb} - C:\WINDOWS\system32\ecxahm.dll
O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\qoMeDVMf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {905A01D4-0D75-49CD-AAD4-8911857FCAA2} - C:\WINDOWS\system32\whasttrh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [07f66045] rundll32.exe "C:\WINDOWS\system32\bhwsfvpx.dll",b
O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\qnmtisdf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: ecxahm.dll
O20 - Winlogon Notify: qoMeDVMf - C:\WINDOWS\SYSTEM32\qoMeDVMf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10057 bytes
|
|
Hujo
Suspended permanently
|
24. syyskuuta 2008 @ 03:42 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Villani:
Elikkäs olisi semmonen ongelma, että välillä, kun avaa oma tietokoneen tai muun vastaavan kansion, niin kone sulkee ne hetken päästä itsestään. Eli luultavasti jokin virus kyseessä. Osaisiko kukaan neuvoa, miten asian saisi kuntoon?
No onhan tuossa viruksestakin kyse, mutta miten mahtuu kaksi virusohjelmaa ja kaksi palomuuria samaan laatikkoon?
Vastaus: Ei mitenkään.
Saako kysyä? Kysyn kuitenkin!
Mitä virusohjelmaa käytät?
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. syyskuuta 2008 @ 03:45
|
|
Villani
Suspended due to non-functional email address
|
24. syyskuuta 2008 @ 10:42 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
Lainaus, alkuperäisen viestin kirjoitti Villani:
Elikkäs olisi semmonen ongelma, että välillä, kun avaa oma tietokoneen tai muun vastaavan kansion, niin kone sulkee ne hetken päästä itsestään. Eli luultavasti jokin virus kyseessä. Osaisiko kukaan neuvoa, miten asian saisi kuntoon?
No onhan tuossa viruksestakin kyse, mutta miten mahtuu kaksi virusohjelmaa ja kaksi palomuuria samaan laatikkoon?
Vastaus: Ei mitenkään.
Saako kysyä? Kysyn kuitenkin!
Mitä virusohjelmaa käytät?
Antiviriä käytän, ja koneen mukana tuli norton, ja en ole sitä koskaan saanut poistettua, niin sen takia kaksi on käytössä, tosin norton on pois päältä kokoajan, mutta silti tuolla se kummittelee työkalupalkissa...
|
|
Hujo
Suspended permanently
|
24. syyskuuta 2008 @ 12:59 |
Linkki tähän viestiin
|
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
|
|
Villani
Suspended due to non-functional email address
|
25. syyskuuta 2008 @ 01:53 |
Linkki tähän viestiin
|
µTorrent
Ad-Aware
Adobe Reader 7.0.5 - Suomi
Adobe Shockwave Player
ATI Display Driver
ATI-ohjauspaneeli
AVIcodec (remove only)
Avira AntiVir PersonalEdition Classic
BitLord 1.1
BitrateView
BSPlayer
BUFFALO Client Manager 3
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Civilization III: Conquests
Command & Conquer The First Decade
Command & Conquer™ The First Decade Patch 1.02
DC++ 0.698
Enhanced Multimedia Keyboard Solution
FFdshow [2006-08-21 | rev 2546]
Google Earth Pro
Google Toolbar for Internet Explorer
GTA2
Hamachi 1.0.3.0
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix-päivitys Windows XP:lle (KB893357)
Hotfix-päivitys Windows XP:lle (KB906569)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Software Update
J2SE Runtime Environment 5.0 Update 5
LiveUpdate 2.7 (Symantec Corporation)
MakeTorrent v2.1
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Works
mIRC
Mozilla Firefox (3.0.1)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Need for Speed Underground 2
Nero 6 Ultra Edition
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton Security Scan
Norton WMI Update
Norton WMI Update
Opera 9.02
Pack Vista Inspirat 1.1
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB912945)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
Red Alert Windows 95
Samsung PC Studio II PIMS & File Manager
Samsung PC Studio II Sample
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Steam
Subtitle Workshop 2.51
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 10:lle (KB936782)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928090)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB929969)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931768)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933566)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB937143)
Suojauspäivitys Windows XP:lle (KB938127)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB941693)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944338)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB945553)
Suojauspäivitys Windows XP:lle (KB946026)
Suojauspäivitys Windows XP:lle (KB947864)
Suojauspäivitys Windows XP:lle (KB948590)
Suojauspäivitys Windows XP:lle (KB948881)
Suojauspäivitys Windows XP:lle (KB950749)
Suojauspäivitys Windows XP:lle (KB950759)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB951748)
SymNet
TVUPlayer 2.3.0.0
Update for Windows XP (KB953356)
URUSoft ViPlay
URUSoft ViPlay3
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
WinRAR-pakkausohjelma
|
|
Hujo
Suspended permanently
|
25. syyskuuta 2008 @ 02:24 |
Linkki tähän viestiin
|
Norttonin poistotyökalu
Toimi ohjeiten mukaan
=====================
Poista lisää poista sovelutuksesta
Messenger Plus! Live & Sponsor (CiD)
=====================
Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen.
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
===============
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
======================
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. syyskuuta 2008 @ 02:30
|
|
Villani
Suspended due to non-functional email address
|
25. syyskuuta 2008 @ 11:36 |
Linkki tähän viestiin
|
|
Kone ei suostu asentamaan tuota nortonin poistotyökalua. Vaan valittaa jostain uudelleensijoitetusta user32.dll tiedostosta.
|
|
Hujo
Suspended permanently
|
25. syyskuuta 2008 @ 11:44 |
Linkki tähän viestiin
|
|
No tee nuo muut ensin ja viimisenä uusi hjt:n loki scannaten
Jätetään vielä se poistotyökalu käyttämättä / asentamatta.
Voiko tietsikka koskaan toimia?
|
|
Villani
Suspended due to non-functional email address
|
26. syyskuuta 2008 @ 13:43 |
Linkki tähän viestiin
|
Ensimmäinen loki lisää tulossa, kunhan kerkeän.
Malwarebytes' Anti-Malware 1.27
Tietokantaversio: 1127
Windows 5.1.2600 Service Pack 2
26.9.2008 13:41:25
mbam-log-2008-09-26 (13-41-25).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 160532
Kulunut aika: 1 hour(s), 50 minute(s), 22 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 4
Saastuneita rekisteriavaimia: 16
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 141
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\WINDOWS\system32\cbXomMGy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hqxljmdo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\smoxmu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMeDVMf.dll (Trojan.FakeAlert) -> Delete on reboot.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b3d7b10-2f07-430f-a7ba-8d235e864619} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b3d7b10-2f07-430f-a7ba-8d235e864619} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomedvmf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e70ca76-429f-4afb-8488-7adb4110a80a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9e70ca76-429f-4afb-8488-7adb4110a80a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\07f66045 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm04c553d9 (Trojan.Agent) -> Delete on reboot.
Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxommgy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxommgy -> Delete on reboot.
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\smoxmu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMeDVMf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXomMGy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yGMmoXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yGMmoXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cgorakcx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xckarogc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpuidmoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iomdiuph.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqxljmdo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\odmjlxqh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcannmtw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtmnnack.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjdpjguv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vugjpdjm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ptinrevm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvernitp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qbstioac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\caoitsbq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qedrhsmr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmshrdeq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmcvvgso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osgvvcmx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temp\jkcepoou.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5L0ZCSEO\64q33[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\JCX4BH1O\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OP6BSPY3\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0218014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0221014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0221015.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP336\A0222071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0223399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP340\A0228398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0235420.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0235421.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237614.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237615.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahilmful.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anuwlxkn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\auxdpmhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdghky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beirkftr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkgtne.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boywgquh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cevmbwbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckbmscga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\croxseqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctoszv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwlrge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqhmbmqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\draarakp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsasbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwxulf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebluue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehucovwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqbvcqtg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evjxfhxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fueanfvf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkecuuyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glwhiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcclymno.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hdtqla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrsnjmip.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieywhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifnfum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imvrxsvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioqinckq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdsijhqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjzvnu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwbbqnfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldjhwcwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJyxWqP.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lplqvpev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lqcfmvpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltismf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mojntfye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvonuosj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncxnburo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nltprqkt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnyblej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nyjbtrpl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oevcss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogeiwtaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojasdwwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojhrmkhi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otygykjl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfaxwtnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pifhejyv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwfontqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcglikpl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcuhmvyk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkirgkph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkiuyvkr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlgaylgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qqenbvyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qshisuur.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvwfphny.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rnwmgpsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rolwqlhb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwdakebg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwsrltr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgpjkwnn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sppaaqsh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srvmlc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssomrbkf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\takcklpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqnrlfgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttotwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuwwmuhj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvaaib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxckvmui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxdpas.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxefzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvghbrno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdivhlkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrlqgrsl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrshiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxlinkyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyltmikl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdjcsfnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtiaxorj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxcwvbba.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaemlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yajramgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeluojth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ystlfcjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yujtqybq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zjjmkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zqznch.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fikaqbnc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM04c553d9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM04c553d9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Combifixin logi:
ComboFix 08-09-25.05 - Compaq_Omistaja 2008-09-26 13:59:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.156 [GMT 3:00]
Sijainti: C:\Documents and Settings\Compaq_Omistaja\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM04c553d9.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afjbdtqw.dll
C:\WINDOWS\system32\batade.dll
C:\WINDOWS\system32\cbXomMGy.dll
C:\WINDOWS\system32\cgalui.dll
C:\WINDOWS\system32\debjtvkw.dll
C:\WINDOWS\system32\fjaobgcl.dll
C:\WINDOWS\system32\gyuxwwyd.dll
C:\WINDOWS\system32\icxbshog.dll
C:\WINDOWS\system32\kfadcgln.dll
C:\WINDOWS\system32\mpfjlc.dll
C:\WINDOWS\system32\naodhxih.dll
C:\WINDOWS\system32\nonbzn.dll
C:\WINDOWS\system32\orzypv.dll
C:\WINDOWS\system32\owingnnd.dll
C:\WINDOWS\system32\pbiymatf.dll
C:\WINDOWS\system32\puuycjil.dll
C:\WINDOWS\system32\qoMeDVMf.dll
C:\WINDOWS\system32\qxmudncy.dll
C:\WINDOWS\system32\rnmqbv.dll
C:\WINDOWS\system32\rovbsq.dll
C:\WINDOWS\system32\uuaycz.dll
C:\WINDOWS\system32\vtqahwgp.dll
C:\WINDOWS\system32\ykqazt.dll
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-26 to 2008-09-26 )))))))))))))))))
.
2008-09-26 14:15 . 2008-09-26 14:15 22 --a------ C:\WINDOWS\pskt.ini
2008-09-26 14:00 . 2008-09-26 14:00 0 --a------ C:\WINDOWS\BM04c553d9.xml
2008-09-25 11:35 . 2008-09-25 11:35 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Malwarebytes
2008-09-25 11:33 . 2008-09-25 11:34 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 11:33 . 2008-09-25 11:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 11:33 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 11:33 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 11:16 . 2008-09-25 11:16 112,128 --------- C:\WINDOWS\system32\smoxmu.dll
2008-09-25 11:15 . 2008-09-25 11:15 98,816 --------- C:\WINDOWS\system32\fikaqbnc.dll
2008-09-22 01:52 . 2008-09-25 01:41 893,860 ---hs---- C:\WINDOWS\system32\xpvfswhb.ini
2008-09-21 20:31 . 2008-09-21 20:31 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-21 14:41 . 2008-09-21 14:41 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-21 14:11 . 2008-09-21 14:11 113,152 --a------ C:\WINDOWS\system32\uhkylcyr.dll
2008-09-21 14:11 . 2008-09-21 14:11 113,152 --a------ C:\WINDOWS\system32\ecxahm.dll
2008-09-21 14:11 . 2008-09-21 14:11 97,792 --a------ C:\WINDOWS\system32\qnmtisdf.dll
2008-09-19 19:01 . 2008-09-19 19:01 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-09-19 19:01 . 2008-09-19 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-19 18:56 . 2008-09-19 18:56 112,640 --a------ C:\WINDOWS\system32\gmkwhr.dll
2008-09-19 18:56 . 2008-09-19 18:56 112,640 --a------ C:\WINDOWS\system32\eiqgmeog.dll
2008-09-19 18:54 . 2008-09-21 14:13 414 ---hs---- C:\WINDOWS\system32\lerjgujd.ini
2008-09-19 18:52 . 2008-09-19 18:52 97,280 --a------ C:\WINDOWS\system32\ituprxle.dll
2008-09-19 18:51 . 2008-09-19 18:51 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-04 12:08 . 2008-09-04 12:08 <KANSIO> d-------- C:\MicroGaming
2008-08-29 15:39 . 2008-09-06 14:27 3,940,434 ---hs---- C:\WINDOWS\system32\jshxsyrf.ini
2008-08-28 01:40 . 2008-08-29 02:53 1,447,729 ---hs---- C:\WINDOWS\system32\xasmaepk.ini
2008-08-27 01:46 . 2008-08-27 01:47 1,463,848 ---hs---- C:\WINDOWS\system32\qevoyvia.ini
2008-08-26 22:20 . 2008-09-24 18:00 <KANSIO> d-------- C:\Program Files\Norton Security Scan
2008-08-26 22:19 . 2008-08-27 13:22 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-08-26 01:49 . 2008-08-26 01:49 1,463,183 ---hs---- C:\WINDOWS\system32\boaoasde.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 11:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-25 08:32 --------- d-----w C:\Program Files\MSN Messenger
2008-09-24 20:01 --------- d-----w C:\Documents and Settings\Compaq_Omistaja\Application Data\uTorrent
2008-08-24 18:49 --------- d-----w C:\Documents and Settings\Compaq_Omistaja\Application Data\Hamachi
2008-08-21 15:27 --------- d-----w C:\Program Files\Hamachi
2008-08-21 15:22 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-05 23:14 --------- d-----w C:\Program Files\DC++
2008-07-10 00:15 111,615 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_09_01_31_53_small.dmp.zip
2008-07-10 00:15 110,669 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_09_19_25_08_small.dmp.zip
2008-05-12 20:57 296 ----a-w C:\Documents and Settings\Compaq_Omistaja\Application Data\wklnhst.dat
2004-03-19 10:53 1,107,022 ----a-w C:\Program Files\SubtitleWorkshop251.exe
.
------- Sigcheck -------
2007-06-13 16:22 1882112 65055edcaf16a1bbf98a2a1c80756844 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-15 00:00 1881088 cd888f6ea13ccd8499cdcdcd6faf81c0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 16:22 1882112 65055edcaf16a1bbf98a2a1c80756844 C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 249896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"BM04c553d9"="C:\WINDOWS\system32\fikaqbnc.dll" [2008-09-25 98816]
C:\Documents and Settings\Compaq_Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
PowerReg Scheduler V3.exe [2006-11-04 225280]
PowerReg Scheduler.exe [2006-11-04 256000]
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=smoxmu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe"=
"C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat"=
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"=
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2007-01-11 11008]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-09-26 2560]
R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-09-15 12672]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608]
*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
.
- - - - POISTETUT JÄMÄRIVIT - - - -
BHO-{6E6B0BB9-540A-4C65-9454-8F213AB60C84} - C:\WINDOWS\system32\cbXomMGy.dll
BHO-{905A01D4-0D75-49CD-AAD4-8911857FCAA2} - C:\WINDOWS\system32\whasttrh.dll
HKCU-Run-Steam - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-WgaLogon - (no file)
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Omistaja\Application Data\Mozilla\Firefox\Profiles\ieyjmh8b.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 14:13:55
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
PROSESSI: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
-> C:\WINDOWS\system32\fikaqbnc.dll
.
------------------------ Muut prosessit ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-09-26 14:23:42 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-09-26 11:23:27
Ennen ajoa: 11’522’490’368 tavua vapaana
Ajon jälkeen: 12,064,256,000 tavua vapaana
207 --- E O F --- 2008-07-10 10:51:07
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. syyskuuta 2008 @ 17:28
|
|
Villani
Suspended due to non-functional email address
|
26. syyskuuta 2008 @ 20:36 |
Linkki tähän viestiin
|
SDFix: Version 1.229
Run by Compaq_Omistaja on pe 26.09.2008 at 17:40
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\pskt.ini - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 17:51:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:203a31e5
"s2"=dword:68df6a78
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,56,8e,64,b3,7f,8e,90,4f,c1,e0,0b,ca,ae,0d,7c,3d,58,51,10,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b6,27,d7,3b,df,8e,3a,39,e2,c6,8d,a9,66,0b,0f,33,b8,..
"khjeh"=hex:48,44,03,ca,ad,c6,ba,44,08,e5,2a,da,83,19,1c,88,15,7a,95,1c,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:16,0c,c0,68,0f,d5,3e,d0,d6,1b,52,40,1a,ef,d7,79,9e,7e,ec,49,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,56,8e,64,b3,7f,8e,90,4f,c1,e0,0b,ca,ae,0d,7c,3d,58,51,10,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b6,27,d7,3b,df,8e,3a,39,e2,c6,8d,a9,66,0b,0f,33,b8,..
"khjeh"=hex:48,44,03,ca,ad,c6,ba,44,08,e5,2a,da,83,19,1c,88,15,7a,95,1c,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:16,0c,c0,68,0f,d5,3e,d0,d6,1b,52,40,1a,ef,d7,79,9e,7e,ec,49,68,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"="C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe:*:Enabled:ClientMgr3"
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"="C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe:*:Enabled:Aoss"
"C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe"="C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe:*:Enabled:FIRC"
"C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat:*:Enabled:ra95"
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"="C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE:*:Enabled:Operation Flashpoint"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\COMPAQ~1\TYPYT~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 10 Aug 2006 213 A.SHR --- "C:\BOOT.BAK"
Fri 26 Sep 2008 825 A.SH. --- "C:\WINDOWS\system32\mmf.sys"
Sat 19 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\91671d33fbb0a8b5168be907aaf53cb2\BIT1.tmp"
Finished!
hjt logi tulee aamulla töitten jälkeen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:57, on 27.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\fikaqbnc.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: smoxmu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9011 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. syyskuuta 2008 @ 07:39
|
|
Mainos
|
|
|
|
Villani
Suspended due to non-functional email address
|
30. syyskuuta 2008 @ 16:55 |
Linkki tähän viestiin
|
Sain norttonin poistotyökälun toimimaan ja poistin norttonin joten uusi hjt logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:48, on 30.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\fikaqbnc.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: smoxmu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
--
End of file - 6915 bytes
|
|
