|
hjt log, kiusana pop upit
|
|
|
sam_peri
Newbie
|
8. helmikuuta 2009 @ 13:49 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:22, on 29.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.83.142.12:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: StorageItService - Storage IT Oy - C:\Program Files\Welho Holvi\StorageItService.exe
--
End of file - 6122 bytes
s
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 15:06 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
Voiko tietsikka koskaan toimia?
|
|
sam_peri
Newbie
|
8. helmikuuta 2009 @ 17:22 |
Linkki tähän viestiin
|
|
Malwarebytes' Anti-Malware 1.33
Database version: 1738
Windows 6.0.6001 Service Pack 1
8.2.2009 17:20:00
mbam-log-2009-02-08 (17-20-00).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 155636
Time elapsed: 1 hour(s), 2 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
s
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 17:45 |
Linkki tähän viestiin
|
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
sam_peri
Newbie
|
8. helmikuuta 2009 @ 18:15 |
Linkki tähän viestiin
|
ComboFix 09-02-07.01 - Santtu 2009-02-08 18:04:11.1 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2046.1233 [GMT 2:00]
Sijainti: c:\users\Santtu\Downloads\ComboFix.exe
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-08 to 2009-02-08 )))))))))))))))))
.
2009-02-08 17:27 . 2009-02-08 18:03 <DIR> d-------- c:\users\Santtu\AppData\Roaming\BitTorrent
2009-02-08 17:26 . 2009-02-08 18:06 <DIR> d-------- c:\users\Santtu\AppData\Roaming\DNA
2009-02-08 17:26 . 2009-02-08 17:26 <DIR> d-------- c:\program files\DNA
2009-02-08 17:26 . 2009-02-08 17:26 <DIR> d-------- c:\program files\BitTorrent
2009-02-08 17:26 . 2009-02-08 17:26 <DIR> d-------- c:\program files\AskBarDis
2009-01-30 20:45 . 2009-02-08 13:11 <DIR> d-------- c:\users\All Users\Google Updater
2009-01-30 20:45 . 2009-02-08 13:11 <DIR> d-------- c:\programdata\Google Updater
2009-01-30 20:45 . 2009-01-30 20:45 <DIR> d-------- c:\program files\Google
2009-01-29 17:23 . 2009-01-29 17:23 <DIR> d-------- c:\users\Santtu\AppData\Roaming\springsettings
2009-01-28 17:46 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:01 --------- d---a-w c:\programdata\TEMP
2009-02-08 14:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-08 11:08 --------- d-----w c:\program files\PC Tools AntiVirus
2009-02-07 16:27 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-05 18:04 --------- d-----w c:\programdata\Funk Soft Heck
2009-02-02 17:21 --------- d-----w c:\programdata\Okay meta anti lite
2009-02-02 17:15 --------- d-----w c:\program files\Spring
2009-01-29 01:02 --------- d-----w c:\programdata\Microsoft Help
2009-01-29 01:02 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 01:44 --------- d-----w c:\users\Santtu\AppData\Roaming\LimeWire
2009-01-02 18:22 --------- d-----w c:\program files\MSXML 4.0
2009-01-01 23:35 --------- d-----w c:\users\Santtu\AppData\Roaming\HP
2009-01-01 23:34 --------- d-----w c:\programdata\WEBREG
2009-01-01 23:34 --------- d-----w c:\programdata\HP
2009-01-01 23:31 --------- d-----w c:\users\Santtu\AppData\Roaming\HPAppData
2009-01-01 23:31 --------- d-----w c:\programdata\HPSSUPPLY
2009-01-01 23:31 --------- d-----w c:\program files\HP
2009-01-01 23:30 --------- d-----w c:\programdata\HP Product Assistant
2009-01-01 23:17 262,144 ----a-w c:\programdata\ntuser.dat
2009-01-01 22:31 --------- d-----w c:\program files\Common Files\HP
2009-01-01 21:48 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-12-29 20:16 --------- d-----w c:\users\Santtu\AppData\Roaming\Malwarebytes
2008-12-29 20:16 --------- d-----w c:\programdata\Malwarebytes
2008-12-29 20:09 --------- d-----w c:\program files\Trend Micro
2008-12-23 22:47 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-21 12:36 --------- d-----w c:\programdata\NVIDIA
2008-12-21 12:29 --------- d-----w c:\program files\ATI Technologies
2008-12-20 17:28 --------- d-----w c:\programdata\Apple Computer
2008-12-20 17:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 17:13 --------- d-----w c:\program files\My Company Name
2008-12-20 17:11 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 02:49 --------- d-----w c:\program files\LimeWire
2008-12-20 02:31 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 02:31 --------- d-----w c:\program files\iTunes
2008-12-20 02:30 --------- d-----w c:\program files\iPod
2008-12-20 02:30 --------- d-----w c:\program files\Common Files\Apple
2008-12-20 02:29 --------- d-----w c:\program files\Bonjour
2008-12-20 02:28 --------- d-----w c:\program files\QuickTime
2008-12-20 02:26 --------- d-----w c:\program files\Apple Software Update
2008-05-03 00:28 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Four One"="c:\programdata\Okaybaitbait.hnr2qra" [X]
"ANTI LITE TITLE DEBUG"="c:\programdata\Soft Safe Jugs.wb4j1" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-08 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4162413997-161947740-2952082084-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D0F15C6-1F60-41D4-84D1-DE0BC4850A0A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B663EFE4-026B-4B9E-B741-E25E8DDE6C68}c:\\users\\santtu\\downloads\\cadownloader.exe"= UDP:c:\users\santtu\downloads\cadownloader.exe:cadownloader.exe
"UDP Query User{106D4C20-E4C2-49A4-82F4-C63EBB740CFD}c:\\users\\santtu\\downloads\\cadownloader.exe"= TCP:c:\users\santtu\downloads\cadownloader.exe:cadownloader.exe
"{7E8153B4-5CCA-4685-81F7-0FEAA4888070}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{499EE8C6-E5BC-4498-8FBE-BB9824F6D86E}c:\\users\\santtu\\downloads\\cadownloader(2).exe"= UDP:c:\users\santtu\downloads\cadownloader(2).exe:cadownloader(2).exe
"UDP Query User{7C51F69F-E6C0-426F-BF96-4A00643837B7}c:\\users\\santtu\\downloads\\cadownloader(2).exe"= TCP:c:\users\santtu\downloads\cadownloader(2).exe:cadownloader(2).exe
"TCP Query User{FBA18E7B-5918-4989-A381-2865863EB12C}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{22F9ADF3-BDA2-4F2F-AFBE-7A7FE89AB910}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{DCC09689-6A5B-46DA-B0BD-065147E6E33D}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{D65D6751-9706-43D7-935A-1FBC11C2E201}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{364951C0-D137-4C99-A676-A3C06F557F57}c:\\program files\\spring\\tasclient.exe"= UDP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"UDP Query User{8104B414-2935-45A0-BA59-B49FA5E17E16}c:\\program files\\spring\\tasclient.exe"= TCP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"TCP Query User{FEE41174-F0DE-4105-A636-EAA53538DB71}c:\\users\\santtu\\downloads\\cadownloader(3).exe"= UDP:c:\users\santtu\downloads\cadownloader(3).exe:cadownloader(3).exe
"UDP Query User{0F3E4C8F-DD3D-4C4C-A037-88C8C59DDBE6}c:\\users\\santtu\\downloads\\cadownloader(3).exe"= TCP:c:\users\santtu\downloads\cadownloader(3).exe:cadownloader(3).exe
"TCP Query User{E7B73F36-A53A-4E50-A739-0CD3077D75B6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{76B6F7FE-F4BF-431B-BC4B-F739D055E9D9}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"TCP Query User{A2DFFF5D-A41A-4EB7-AC62-19FD195E2EF6}c:\\program files\\spring\\cadownloader\\cadownloader(3).exe"= UDP:c:\program files\spring\cadownloader\cadownloader(3).exe:CaDownloader
"UDP Query User{9AC2CC26-4D22-491E-9819-55FE5E392E77}c:\\program files\\spring\\cadownloader\\cadownloader(3).exe"= TCP:c:\program files\spring\cadownloader\cadownloader(3).exe:CaDownloader
"TCP Query User{14523291-A50C-4D15-9860-700D6F5C51FF}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B65CB1CD-6CF5-490D-844D-2F42315244C8}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{5B5552A5-D2E1-41E6-8418-ACCA12353F8C}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{938178BD-5614-4554-A2D3-AFF859F2DD19}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"{A74256DC-7045-4A85-8A42-86C5C026FBB9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71B798FA-6B32-480E-97A1-C64A2463E2B3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ECC00EC3-6664-4CF4-ACFE-09B03125F249}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0EECD368-D062-4B65-BE44-5BBD834B1781}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FF539B5B-3028-47BF-BAE2-46777B5DE510}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{453C886D-7B35-4834-9754-A66C9ADC5EA5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{AA1A37D5-F2D6-41AB-A142-2D4988661FA0}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{5B0FE5AC-0979-416A-ACE5-F05645418AE1}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-30 540184]
R2 StorageItService;StorageItService;c:\program files\Welho Holvi\StorageItService.exe [2008-07-18 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
--- Muut muistissa olevat ajurit/palvelut ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a043cc-16e0-11dd-80ef-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2009-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 20:45]
.
- - - - POISTETUT JÄMÄRIVIT - - - -
HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_FI&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyServer = 134.83.142.12:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\0ceif5if.default\
FF - prefs.js: browser.startup.homepage - mtv3.fi
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:07:22
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'lsass.exe'(612)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'csrss.exe'(484)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'csrss.exe'(540)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
.
Valmistumisajankohta: 2009-02-08 18:09:53
ComboFix-quarantined-files.txt 2009-02-08 16:09:50
Ennen ajoa: 44 890 976 256 bytes free
Ajon jälkeen: 48,609,521,664 bytes free
201 --- E O F --- 2009-02-05 17:37:31
s
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 18:33 |
Linkki tähän viestiin
|
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio
Lainaus:
Folder::
c:\program files\AskBarDis
Tallenna se nimellä CFScript.txt työpöydälle
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Laita tuleva loki tänne.
Sammutat ja käynnistät koneen
===============
scannaa myös uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
|
sam_peri
Newbie
|
8. helmikuuta 2009 @ 19:27 |
Linkki tähän viestiin
|
ComboFix 09-02-07.01 - Santtu 2009-02-08 19:12:53.2 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2046.1304 [GMT 2:00]
Sijainti: c:\users\Santtu\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Santtu\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-08 to 2009-02-08 )))))))))))))))))
.
2009-02-08 17:27 . 2009-02-08 18:03 <DIR> d-------- c:\users\Santtu\AppData\Roaming\BitTorrent
2009-02-08 17:26 . 2009-02-08 19:06 <DIR> d-------- c:\users\Santtu\AppData\Roaming\DNA
2009-02-08 17:26 . 2009-02-08 17:26 <DIR> d-------- c:\program files\DNA
2009-02-08 17:26 . 2009-02-08 17:26 <DIR> d-------- c:\program files\BitTorrent
2009-01-30 20:45 . 2009-02-08 13:11 <DIR> d-------- c:\users\All Users\Google Updater
2009-01-30 20:45 . 2009-02-08 13:11 <DIR> d-------- c:\programdata\Google Updater
2009-01-30 20:45 . 2009-01-30 20:45 <DIR> d-------- c:\program files\Google
2009-01-29 17:23 . 2009-01-29 17:23 <DIR> d-------- c:\users\Santtu\AppData\Roaming\springsettings
2009-01-28 17:46 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:01 --------- d---a-w c:\programdata\TEMP
2009-02-08 14:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-08 11:08 --------- d-----w c:\program files\PC Tools AntiVirus
2009-02-07 16:27 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-05 18:04 --------- d-----w c:\programdata\Funk Soft Heck
2009-02-02 17:21 --------- d-----w c:\programdata\Okay meta anti lite
2009-02-02 17:15 --------- d-----w c:\program files\Spring
2009-01-29 01:02 --------- d-----w c:\programdata\Microsoft Help
2009-01-29 01:02 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 01:44 --------- d-----w c:\users\Santtu\AppData\Roaming\LimeWire
2009-01-02 18:22 --------- d-----w c:\program files\MSXML 4.0
2009-01-01 23:35 --------- d-----w c:\users\Santtu\AppData\Roaming\HP
2009-01-01 23:34 --------- d-----w c:\programdata\WEBREG
2009-01-01 23:34 --------- d-----w c:\programdata\HP
2009-01-01 23:31 --------- d-----w c:\users\Santtu\AppData\Roaming\HPAppData
2009-01-01 23:31 --------- d-----w c:\programdata\HPSSUPPLY
2009-01-01 23:31 --------- d-----w c:\program files\HP
2009-01-01 23:30 --------- d-----w c:\programdata\HP Product Assistant
2009-01-01 23:17 262,144 ----a-w c:\programdata\ntuser.dat
2009-01-01 22:31 --------- d-----w c:\program files\Common Files\HP
2009-01-01 21:48 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-12-29 20:16 --------- d-----w c:\users\Santtu\AppData\Roaming\Malwarebytes
2008-12-29 20:16 --------- d-----w c:\programdata\Malwarebytes
2008-12-29 20:09 --------- d-----w c:\program files\Trend Micro
2008-12-23 22:47 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-21 12:36 --------- d-----w c:\programdata\NVIDIA
2008-12-21 12:29 --------- d-----w c:\program files\ATI Technologies
2008-12-20 17:28 --------- d-----w c:\programdata\Apple Computer
2008-12-20 17:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 17:13 --------- d-----w c:\program files\My Company Name
2008-12-20 17:11 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 02:49 --------- d-----w c:\program files\LimeWire
2008-12-20 02:31 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 02:31 --------- d-----w c:\program files\iTunes
2008-12-20 02:30 --------- d-----w c:\program files\iPod
2008-12-20 02:30 --------- d-----w c:\program files\Common Files\Apple
2008-12-20 02:29 --------- d-----w c:\program files\Bonjour
2008-12-20 02:28 --------- d-----w c:\program files\QuickTime
2008-12-20 02:26 --------- d-----w c:\program files\Apple Software Update
2008-05-03 00:28 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-08_18.08.05,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 11:09:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 16:07:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-07 16:25:40 276,142 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-02-08 16:53:03 276,282 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Four One"="c:\programdata\Okaybaitbait.hnr2qra" [X]
"ANTI LITE TITLE DEBUG"="c:\programdata\Soft Safe Jugs.wb4j1" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-08 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4162413997-161947740-2952082084-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D0F15C6-1F60-41D4-84D1-DE0BC4850A0A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B663EFE4-026B-4B9E-B741-E25E8DDE6C68}c:\\users\\santtu\\downloads\\cadownloader.exe"= UDP:c:\users\santtu\downloads\cadownloader.exe:cadownloader.exe
"UDP Query User{106D4C20-E4C2-49A4-82F4-C63EBB740CFD}c:\\users\\santtu\\downloads\\cadownloader.exe"= TCP:c:\users\santtu\downloads\cadownloader.exe:cadownloader.exe
"{7E8153B4-5CCA-4685-81F7-0FEAA4888070}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{499EE8C6-E5BC-4498-8FBE-BB9824F6D86E}c:\\users\\santtu\\downloads\\cadownloader(2).exe"= UDP:c:\users\santtu\downloads\cadownloader(2).exe:cadownloader(2).exe
"UDP Query User{7C51F69F-E6C0-426F-BF96-4A00643837B7}c:\\users\\santtu\\downloads\\cadownloader(2).exe"= TCP:c:\users\santtu\downloads\cadownloader(2).exe:cadownloader(2).exe
"TCP Query User{FBA18E7B-5918-4989-A381-2865863EB12C}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{22F9ADF3-BDA2-4F2F-AFBE-7A7FE89AB910}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{DCC09689-6A5B-46DA-B0BD-065147E6E33D}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{D65D6751-9706-43D7-935A-1FBC11C2E201}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{364951C0-D137-4C99-A676-A3C06F557F57}c:\\program files\\spring\\tasclient.exe"= UDP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"UDP Query User{8104B414-2935-45A0-BA59-B49FA5E17E16}c:\\program files\\spring\\tasclient.exe"= TCP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"TCP Query User{FEE41174-F0DE-4105-A636-EAA53538DB71}c:\\users\\santtu\\downloads\\cadownloader(3).exe"= UDP:c:\users\santtu\downloads\cadownloader(3).exe:cadownloader(3).exe
"UDP Query User{0F3E4C8F-DD3D-4C4C-A037-88C8C59DDBE6}c:\\users\\santtu\\downloads\\cadownloader(3).exe"= TCP:c:\users\santtu\downloads\cadownloader(3).exe:cadownloader(3).exe
"TCP Query User{E7B73F36-A53A-4E50-A739-0CD3077D75B6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{76B6F7FE-F4BF-431B-BC4B-F739D055E9D9}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"TCP Query User{A2DFFF5D-A41A-4EB7-AC62-19FD195E2EF6}c:\\program files\\spring\\cadownloader\\cadownloader(3).exe"= UDP:c:\program files\spring\cadownloader\cadownloader(3).exe:CaDownloader
"UDP Query User{9AC2CC26-4D22-491E-9819-55FE5E392E77}c:\\program files\\spring\\cadownloader\\cadownloader(3).exe"= TCP:c:\program files\spring\cadownloader\cadownloader(3).exe:CaDownloader
"TCP Query User{14523291-A50C-4D15-9860-700D6F5C51FF}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B65CB1CD-6CF5-490D-844D-2F42315244C8}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{5B5552A5-D2E1-41E6-8418-ACCA12353F8C}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{938178BD-5614-4554-A2D3-AFF859F2DD19}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"{A74256DC-7045-4A85-8A42-86C5C026FBB9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71B798FA-6B32-480E-97A1-C64A2463E2B3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ECC00EC3-6664-4CF4-ACFE-09B03125F249}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0EECD368-D062-4B65-BE44-5BBD834B1781}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FF539B5B-3028-47BF-BAE2-46777B5DE510}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{453C886D-7B35-4834-9754-A66C9ADC5EA5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{AA1A37D5-F2D6-41AB-A142-2D4988661FA0}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{5B0FE5AC-0979-416A-ACE5-F05645418AE1}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-30 540184]
R2 StorageItService;StorageItService;c:\program files\Welho Holvi\StorageItService.exe [2008-07-18 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
--- Muut muistissa olevat ajurit/palvelut ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a043cc-16e0-11dd-80ef-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2009-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 20:45]
.
- - - - POISTETUT JÄMÄRIVIT - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_FI&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyServer = 134.83.142.12:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Santtu\AppData\Roaming\Mozilla\Firefox\Profiles\0ceif5if.default\
FF - prefs.js: browser.startup.homepage - mtv3.fi
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 19:15:40
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'lsass.exe'(612)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'csrss.exe'(484)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
- - - - - - - > 'csrss.exe'(540)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
.
Valmistumisajankohta: 2009-02-08 19:18:02
ComboFix-quarantined-files.txt 2009-02-08 17:17:59
ComboFix2.txt 2009-02-08 16:09:57
Ennen ajoa: 47 994 175 488 bytes free
Ajon jälkeen: 47,648,153,600 bytes free
210 --- E O F --- 2009-02-05 17:37:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:22, on 29.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.83.142.12:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: StorageItService - Storage IT Oy - C:\Program Files\Welho Holvi\StorageItService.exe
--
End of file - 6122 bytes
s
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 19:37 |
Linkki tähän viestiin
|
Tiedäkkö mitä nuo ovat
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
===============
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
|
|
sam_peri
Newbie
|
8. helmikuuta 2009 @ 20:00 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
Tiedäkkö mitä nuo ovat
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
ei mitään hajua. ei näytä tutuilta.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Catalyst Control Center - Branding
Creative WebCam NX Pro Driver (1.03.03.0326)
Dual-Core Optimizer
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
Google Earth
Google Updater
HijackThis 2.0.2
HP Backup & Recovery Manager
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
InterVideo WinDVD
iTunes
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 4.1.4 (Full)
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.6)
Mp3tag v2.41
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
Paint.NET v3.36
PC Tools AntiVirus 5.0
PDF Complete
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spring 0.78.2.1
TeamSpeak 2 RC2
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Welho Holvi
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
s
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 20:20 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
==========
Poista lisää poista sovelutuksesta
Ask Toolbar
==========
Lataa JavaRa ja pura se työpöydällesi.
***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***
* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..
Lataa täältä uusi java
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 12
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2009 @ 20:23
|
|
sam_peri
Newbie
|
11. helmikuuta 2009 @ 19:21 |
Linkki tähän viestiin
|
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Feb 11 19:17:18 2009
------------------------------------
Finished reporting.
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Feb 11 19:17:28 2009
------------------------------------
Finished reporting.
s
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
12. helmikuuta 2009 @ 02:10 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
O4 - HKCU\..\Run: [Four One] "C:\ProgramData\Okaybaitbait.u596iy"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Roam Loud Site.jz22v"
Voiko tietsikka koskaan toimia?
|
