APUA! NETTI hidastelee HJT logi Tarkasteluun

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by kid68, Aug 8, 2007.

  1. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Kaikki muu on tehty tässä loki tarkasteluun.Netti tökkii satunnaisesti
    on vaihdettu verkkokortti,modeemi,soitettu Saunalahti,jne

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:42:45, on 8.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\hijackthis_v2.0.2\Skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F9968D7D-3C7A-4DA9-AC71-0468905795AE} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122659187232
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 7344 bytes
     
    Last edited: Aug 8, 2007
    kid68, Aug 8, 2007
    #1
  2. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Auttaja vastasi:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F9968D7D-3C7A-4DA9-AC71-0468905795AE} - (no file)
    O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)

    voi fixata hijackthissilla

    ======

    Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

    Comodo
    Kerio
    Zonealarm

    ========

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    eipä tossa yhteysongelmien syytä näy
     
    Last edited: Aug 8, 2007
    kid68, Aug 8, 2007
    #2
  3. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Tässä Combofix logi

    ComboFix 07-08-04.3 - "R2 D2" 2007-08-08 22:07:14.1 [GMT 3:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\xpdx.sys


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NPF
    -------\LEGACY_NTIO256
    -------\ntio256
    -------\xpdx


    ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


    2007-08-08 22:06 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-08 18:38 <DIR> d-------- C:\VundoFix Backups
    2007-08-08 16:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-08-08 15:48 <DIR> d-------- C:\HJT
    2007-08-07 22:19 <DIR> d-------- C:\WINDOWS\CSC
    2007-08-07 21:05 70,144 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
    2007-08-07 21:05 <DIR> d-------- C:\WINDOWS\OPTIONS
    2007-08-07 20:52 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
    2007-08-07 20:52 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
    2007-08-05 23:37 <DIR> d-------- C:\WINDOWS\BBSTORE
    2007-08-05 19:45 <DIR> d-------- C:\Downloads
    2007-08-02 20:26 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
    2007-08-02 20:26 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
    2007-08-02 20:26 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
    2007-08-02 20:26 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
    2007-08-02 20:26 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
    2007-08-02 20:26 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
    2007-08-02 20:26 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
    2007-08-02 20:26 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
    2007-08-02 20:26 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
    2007-08-02 19:25 259,584 -ra------ C:\WINDOWS\system32\drivers\ZD1211U.sys
    2007-07-10 15:00 6,291,456 --a------ C:\DOCUME~1\R2D2~1\ntuser.dat
    2007-07-10 15:00 1,310,720 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 21:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-07 20:57 --------- d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-07 20:57 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-07 20:57 --------- d-------- C:\DOCUME~1\R2D2~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-06 01:04 --------- d-------- C:\Program Files\BitComet
    2007-08-05 19:45 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2007-07-28 01:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-07-28 01:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-07-28 01:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-07-28 01:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-07-28 00:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-07-28 00:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-07-28 00:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-07-27 18:13 --------- d-------- C:\Program Files\Full Tilt Poker
    2007-07-26 21:27 --------- d-------- C:\Program Files\SpywareBlaster
    2007-07-25 20:15 --------- d-------- C:\Program Files\DC++
    2007-07-11 18:24 --------- d-------- C:\Program Files\WinTrade
    2007-06-25 18:41 --------- d-------- C:\Program Files\CCleaner
    2007-06-07 19:22 915860 ---hs---- C:\WINDOWS\system32\bdeeg.ini2
    2007-06-07 19:05 923108 ---hs---- C:\WINDOWS\system32\bdeeg.bak2
    2007-06-06 21:07 196608 --a------ C:\WINDOWS\system32\ssleay32.dll
    2007-06-06 21:07 1040384 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-06-03 11:54 34308 --a------ C:\WINDOWS\system32\Chip.dll
    2007-05-31 21:04 721481 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
    2007-05-16 18:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 18:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 18:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 18:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 18:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 18:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-08 12:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
    2005-11-22 15:30 284 --a------ C:\DOCUME~1\R2D2~1\APPLIC~1\ViewerApp.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-16 15:39 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 01:03]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 01:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
    R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
    S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\DUBE100B.sys
    S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS
    S3 QCDonner;Logitech QuickCam Express;C:\WINDOWS\system32\DRIVERS\OVCD.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 WINFLASH;WINFLASH;\??\C:\WINDOWS\system32\DRIVERS\WINFLASH.sys
    S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDBRGSYS.SYS
    S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
    S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\ZDPSp50.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2662217a-5f37-11da-8cce-0001805d587d}]
    AutoRun\command- I:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388a9e30-91ce-11da-8d21-0001805d587d}]
    AutoRun\command- I:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fa8a776-4147-11da-8c8d-806d6172696f}]
    AutoRun\command- H:\Setup\rsrc\autorun.exe
    dinstall\command- H:\Directx\dxsetup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-08-08 00:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert\AdwareAlert.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-08 22:10:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{013AB564-8933-CE7F-DDB3-45655A933DBB}]
    "eaofhbifig"=hex:66,61,69,66,61,69,65,62,68,6b,64,63,00,fc
    "danaiano"=hex:64,62,61,65,61,6e,61,6a,65,70,69,6f,63,6e,66,70,66,67,62,6b,6d,..
    "iaggkmcjpojpmjhbbj"=hex:6a,61,63,63,6d,67,68,6d,6c,67,70,6b,6c,65,61,6e,67,64,68,64,00,..
    "haaealgfkkmmhhpe"=hex:6a,61,63,63,6d,67,68,6d,6c,67,70,6b,6c,65,61,6e,67,64,68,64,00,..

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-08 22:11:13 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-08 22:10

    --- E O F ---

    Karanteeni filet

    Code:
    2007-08-02 12:47      54984    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-08-08 22:08      1074    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTIO256.reg.cf
2007-08-08 22:08      2592    --a------    C:\Qoobox\Quarantine\Registry_backups\services_ntio256.reg.cf
2007-08-08 22:08      276    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
2007-08-08 22:08      296    --a------    C:\Qoobox\Quarantine\catchme.log
2007-08-08 22:08      53903    --a------    C:\Qoobox\Quarantine\catchme2007-08-08_221000.18.zip
2007-08-08 22:08      74    --a------    C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf


Folder PATH listing
Volume serial number is E09C-D464
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   catchme2007-08-08_221000.18.zip
    |   
    +---C
    |   \---WINDOWS
    |       \---system32
    |               xpdx.sys.vir
    |               
    \---Registry_backups
            LEGACY_NPF.reg.cf
            LEGACY_NTIO256.reg.cf
            services_ntio256.reg.cf
            services_xpdx.reg.cf
     
    kid68, Aug 8, 2007
    #3
  4. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    kid68, Aug 8, 2007
    #4
  5. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Millä poistetaan?
     
    kid68, Aug 8, 2007
    #5
  6. Auttaja

    Auttaja Guest

    Jep.. eli jos tosiaan haluat voimme yrittää poistaa sen infektion.. mutta suosittelisin ihan formatointia ja uudelleen asennusta niin pääset parempaan lopputulokseen..
     
    Auttaja, Aug 9, 2007
    #6
  7. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Netti alkoi toimimaan paremmin heti kun ajoin Combofixin onko mahdollista että putsautui?
     
    kid68, Aug 9, 2007
    #7
  8. Auttaja

    Auttaja Guest

    no puhdistetaan sitten.. on siel viel roskaa

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi
     
    Auttaja, Aug 9, 2007
    #8
  9. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Tässä olis niitä...

    Computer name: R2D2
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ D:\ E:\

    Result: 3 malware found
    SpamTool.Win32.Mailbot.bc (virus)
    · C:\QooBox\Quarantine\catchme2007-08-08_221000.18.zip\xpdx.sys
    Tracking Cookie (spyware)
    · System (Disinfected)
    · System

    Statistics
    Scanned:
    · Files: 195811
    · System: 4105
    · Not scanned: 173
    Actions:
    · Disinfected: 1
    · Renamed: 0
    · Deleted: 0
    · None: 2
    · Submitted: 0
    Files not scanned:
    @&#65533;H x ' INDOWS\SYSTEM32\CONFIG\SECURITY
    · C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    · C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    · C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    · C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    · C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    · C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    · C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    · C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E334ADAC-FD77-4FEF-BAAA-A5BDAAFB60C1}.BIN
    · C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
    · C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.IDX4
    · C:\DOCUMENTS AND SETTINGS\R2 D2\NTUSER.DAT
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(4)\_CACHE_001_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(4)\_CACHE_002_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(4)\_CACHE_003_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(3)\_CACHE_001_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(3)\_CACHE_002_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(3)\_CACHE_003_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(2)\_CACHE_001_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(2)\_CACHE_002_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE(2)\_CACHE_003_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE\_CACHE_001_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE\_CACHE_002_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\POGUDG94.DEFAULT\CACHE\_CACHE_003_
    · C:\DOCUMENTS AND SETTINGS\R2 D2\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    · C:\DOCUMENTS AND SETTINGS\R2 D2\APPLICATION DATA\MICROSOFT\MSN MESSENGER\559153170\SQMNOOPT18.SQM
    · C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    · C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    · C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
    · C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    · C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdwareAlert.zip\sbRecovery.reg
    · C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip\sbRecovery.reg
    · C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip\sbRecovery.reg
    · C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
    · C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip\sbRecovery.T&#65533;

    Options
    Scanning engines:
    · F-Secure Libra: 2.4.2, 2007-08-08
    · F-Secure AVP: 7.0.171, 2007-08-09
    · F-Secure Orion: 1.2.37, 2007-08-09
    · F-Secure Blacklight: 1.0.64
    · F-Secure Draco: 1.0.35, 0260-23-12
    · F-Secure Pegasus: 1.19.0, 2007-07-05
    Scanning options:
    · Scan all files
    · Scan inside archives
    · Use Advanced heuristics

     
    kid68, Aug 9, 2007
    #9
  10. Auttaja

    Auttaja Guest

    Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

    -

    Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
     
    Last edited by a moderator: Aug 9, 2007
    Auttaja, Aug 9, 2007
    #10
  11. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 07-08-09.3 - "R2 D2" 2007-08-10 10:54:42.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.614 [GMT 3:00]
    Command switches used :: C:\Documents and Settings\R2 D2\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.bak1


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\bdeeg.bak1
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.ini2


    ((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


    2007-08-09 21:11 <DIR> d-------- C:\Program Files\Sunbelt Software
    2007-08-08 23:35 <DIR> d-------- C:\DOCUME~1\R2D2~1\APPLIC~1\Uniblue
    2007-08-08 22:33 <DIR> d-------- C:\WINDOWS\Internet Logs
    2007-08-08 22:06 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-08 15:48 <DIR> d-------- C:\HJT
    2007-08-07 22:19 <DIR> d-------- C:\WINDOWS\CSC
    2007-08-07 21:05 70,144 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
    2007-08-07 21:05 <DIR> d-------- C:\WINDOWS\OPTIONS
    2007-08-07 20:52 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
    2007-08-07 20:52 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
    2007-08-05 23:37 <DIR> d-------- C:\WINDOWS\BBSTORE
    2007-08-05 19:45 <DIR> d-------- C:\Downloads
    2007-08-02 20:26 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
    2007-08-02 20:26 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
    2007-08-02 20:26 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
    2007-08-02 20:26 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
    2007-08-02 20:26 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
    2007-08-02 20:26 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
    2007-08-02 20:26 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
    2007-08-02 20:26 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
    2007-08-02 20:26 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
    2007-08-02 19:25 259,584 -ra------ C:\WINDOWS\system32\drivers\ZD1211U.sys
    2007-07-10 15:00 6,291,456 --a------ C:\DOCUME~1\R2D2~1\ntuser.dat
    2007-07-10 15:00 1,310,720 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 21:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-07 20:57 --------- d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-07 20:57 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-07 20:57 --------- d-------- C:\DOCUME~1\R2D2~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-06 01:04 --------- d-------- C:\Program Files\BitComet
    2007-08-05 19:45 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2007-07-28 01:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-07-28 01:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-07-28 01:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-07-28 01:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-07-28 00:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-07-28 00:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-07-28 00:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-07-27 18:13 --------- d-------- C:\Program Files\Full Tilt Poker
    2007-07-26 21:27 --------- d-------- C:\Program Files\SpywareBlaster
    2007-07-25 20:15 --------- d-------- C:\Program Files\DC++
    2007-07-11 18:24 --------- d-------- C:\Program Files\WinTrade
    2007-06-25 18:41 --------- d-------- C:\Program Files\CCleaner
    2007-06-06 21:07 196608 --a------ C:\WINDOWS\system32\ssleay32.dll
    2007-06-06 21:07 1040384 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-06-03 11:54 34308 --a------ C:\WINDOWS\system32\Chip.dll
    2007-05-16 18:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 18:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 18:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 18:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 18:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 18:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2005-11-22 15:30 284 --a------ C:\DOCUME~1\R2D2~1\APPLIC~1\ViewerApp.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-16 15:39 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 01:03]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 01:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
    S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\DUBE100B.sys
    S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 WINFLASH;WINFLASH;\??\C:\WINDOWS\system32\DRIVERS\WINFLASH.sys
    S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDBRGSYS.SYS
    S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
    S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\ZDPSp50.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2662217a-5f37-11da-8cce-0001805d587d}]
    AutoRun\command- I:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388a9e30-91ce-11da-8d21-0001805d587d}]
    AutoRun\command- I:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fa8a776-4147-11da-8c8d-806d6172696f}]
    AutoRun\command- H:\Setup\rsrc\autorun.exe
    dinstall\command- H:\Directx\dxsetup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-08-08 00:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert\AdwareAlert.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-10 10:56:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    C:\WINDOWS\system32\cmd.exe [2892] 0x858AA1B8


    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{013AB564-8933-CE7F-DDB3-45655A933DBB}]
    "eaofhbifig"=hex:66,61,69,66,61,69,65,62,68,6b,64,63,00,fc
    "danaiano"=hex:64,62,61,65,61,6e,61,6a,65,70,69,6f,63,6e,66,70,66,67,62,6b,6d,..
    "iaggkmcjpojpmjhbbj"=hex:6a,61,63,63,6d,67,68,6d,6c,67,70,6b,6c,65,61,6e,67,64,68,64,00,..
    "haaealgfkkmmhhpe"=hex:6a,61,63,63,6d,67,68,6d,6c,67,70,6b,6c,65,61,6e,67,64,68,64,00,..

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-10 10:58:30
    C:\ComboFix-quarantined-files.txt ... 2007-08-10 10:58
    C:\ComboFix2.txt ... 2007-08-08 22:11

    --- E O F ---
     
    kid68, Aug 10, 2007
    #11
  12. Auttaja

    Auttaja Guest

    Ajetaanpas blacklightia.

    Lataa ja tallenna Blacklight työpöydällesi;

    Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa -> Scan, sitten -> Next

    Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

    Laita myös uusi Hijackthis logi.

    Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".
     
    Last edited by a moderator: Aug 10, 2007
    Auttaja, Aug 10, 2007
    #12
  13. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    08/10/07 11:26:24 [Info]: BlackLight Engine 1.0.64 initialized
    08/10/07 11:26:24 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    08/10/07 11:26:24 [Note]: 7019 4
    08/10/07 11:26:24 [Note]: 7005 0
    08/10/07 11:26:28 [Note]: 7006 0
    08/10/07 11:26:28 [Note]: 7011 2704
    08/10/07 11:26:28 [Note]: 7026 0
    08/10/07 11:26:28 [Note]: 7026 0
    08/10/07 11:26:30 [Note]: FSRAW library version 1.7.1022
    08/10/07 11:28:12 [Note]: 2000 1012
    08/10/07 11:29:17 [Note]: 7007 0
     
    kid68, Aug 10, 2007
    #13
  14. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:43:25, on 10.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\hijackthis_v2.0.2\Skanneri.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122659187232
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

    --
    End of file - 7163 bytes
     
    kid68, Aug 10, 2007
    #14
  15. Auttaja

    Auttaja Guest

    tutkastaanpa tälläkin

    Kaspersky online-skanneri

    Skannaa koneesi Kaspersky Online Skannerilla

    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    [*] Klikkaa nyt asetuksia, Scan Settings
    [*] Tarkista asetuksista, että seuraavat ovat valittuina:

    o Scan using the following Anti-Virus database:

    + Extended (Jos valittavissa, muuten valitse Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

    [*] Klikkaa OK
    [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    [*] Klikkaa nyt Save as Text-painiketta.
    [*] Tallenna tiedosto työpöydällesi.
    [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
     
    Auttaja, Aug 10, 2007
    #15
  16. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Pari tais löytyä mut ei voinu poistaa..

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\R2 D2\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\Temp\Acr6540.tmp Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\ntuser.dat Object is locked skipped
    C:\Documents and Settings\R2 D2\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
    C:\QooBox\Quarantine\catchme2007-08-08_221000.18.zip/xpdx.sys Infected: SpamTool.Win32.Mailbot.bc skipped
    C:\QooBox\Quarantine\catchme2007-08-08_221000.18.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{4F5E5795-8956-4E45-A465-3B989FAB290C}\RP100\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd6749.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\madCHook.dll Infected: not-a-virus:RiskTool.Win32.Hooker.a skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_684.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{4F5E5795-8956-4E45-A465-3B989FAB290C}\RP100\change.log Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    E:\System Volume Information\_restore{4F5E5795-8956-4E45-A465-3B989FAB290C}\RP100\change.log Object is locked skipped
    Scan process completed.
     
    kid68, Aug 10, 2007
    #16
  17. Auttaja

    Auttaja Guest

    joo.. eiköhän toi puhas oo..


    Pysy puhtaana

    -> Tyhjennä järjestelmänpalautus Ohjeet
    Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

    -> Käytä CCleaneria -> CCleaner
    Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

    -> Asenna SpywareBlaster -> SpywareBlaster
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Asenna MVPS Hosts tiedosto -> MVPS Hosts
    Estää koneesi yhteyden haitallisiin sivustoihin.
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    -> Vaihda selaimesi Firefoxiin -> Firefox
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

    -> Pidä järjestelmäsi ajantasalla. -> Windows Update
    Vieraile Windows Updatessa säännöllisesti.

    -> Pidä palomuuri ja virustorjunta ajantasalla
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
    ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

    ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
    Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

    ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

    Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
     
    Auttaja, Aug 10, 2007
    #17
  18. kid68

    kid68 Member

    Joined:
    Aug 8, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Kiitti paljon..nii olihan se niin että online kaperskyn ei ollu tarkotus poistaa näitä..
    Infected: SpamTool.Win32.Mailbot.bc
    Infected: not-a-virus:RiskTool.Win32.Hooker.a
     
    kid68, Aug 10, 2007
    #18
  19. Auttaja

    Auttaja Guest

    joo eli C:\QooBox\ voit poistaa ton kansion. ne tiedostot on siel karanteenissa.. :)
     
    Auttaja, Aug 10, 2007
    #19
  20. Auttaja

    Auttaja Guest

    edit.. tupla..
     
    Last edited by a moderator: Aug 10, 2007
    Auttaja, Aug 10, 2007
    #20

Share This Page