Haittaohjelman poisto -- ilmeisesti jotain jäänteitä jäänyt

Discussion in 'Virukset ja haittaohjelmat' started by KIA, Nov 4, 2006.

  1. KIA

    KIA Member

    Joined:
    Dec 7, 2003
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    16
    Eli parin viikon aikana on vaivannut erään downloader trojalaisen ongelma, jonka Soneran tietoturva (f-secure) tunnistaa, muttei poistanut lopullisesti vaikka antoi niin ymmärtää. Selaimen, exploderin, uudelleen käynnistys ponnautti esiin taas mainosspammiä.

    Löysin googlettamalla tietoa epäillysä ipwin -ohjelmasta, joka koneelta löytyi. Sen todettiin olevan yksi näistä haittaohjelmista. Löysin sen ja Toolbar888 -nimiset ohjelmat XP:n lisää/poista sovellusvalikosta. SItä kautta poistin molemmat. Muistaakseni sen jälkeen en ole enää saanut exploder mainosspämmiä.

    Mutta nyt vaivaa vielä seuraava ongelma. Kun käynnistän koneen ja kirjaudun omalle tilille tulee seuraava ilmoitus:

    "Update.exe - Osaa ei löydy
    Sovelluksen käynnistäminen ei onnistu, koska services.dll ei löytynyt. Sovelluksen uudelleenasentaminen saattaa korjata ongelman".

    Rekisteristä olen löytänyt tuollaisen Update.exe ohjelman, joka mahdollisesti on tämä sama. Eli tämmöinen löytyy HKLM\Software\Microsoft\Windows\Current version\Run "C:\windows\UpdReg.exe"

    Samalla tuon update virheilmoituksen kanssa saan firefoxista aina ilmoituksen, että edellinen istunto keskeytettiin odottamatta tjs., vaikka näin ei olisikaan.

    Olen ajanut hijackthis lokin. Kuulostaako sellaiselta, että kannattaa tuo loki postata tänne?
     
    KIA, Nov 4, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kyllä kuulostaa :)
     
    -kemisti-, Nov 5, 2006
    #2
  3. KIA

    KIA Member

    Joined:
    Dec 7, 2003
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    16
    OK. Tämänlainen listaus tuli:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:22, on 5.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva2\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva2\Common\FCH32.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Sonera Tietoturva2\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsrw.exe
    C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE
    C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe
    C:\Program Files\Sonera Tietoturva2\FSGUI\fsguidll.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Multimedia\iTunes\iTunesHelper.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    C:\Program Files\Multimedia\iPod\bin\iPodService.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Common Files\{3C6C1D88-0BC6-1035-0108-040401210166}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razertra.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerofa.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Tiedostot\Common Zip\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Hyoty\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva2\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva2\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Multimedia\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [razer] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.uku.fi:2048/lib/uku/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134167571625
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Multimedia\iPod\bin\iPodService.exe
    O23 - Service: Ql1pateser - Sonic Solutions - (no file)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    KIA, Nov 5, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    1. Lataa combofix.exe tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen

    Lähetä myös uusi HjT-loki.
     
    -kemisti-, Nov 5, 2006
    #4
  5. KIA

    KIA Member

    Joined:
    Dec 7, 2003
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    16
    Tässä ComboFix Loki:

    Antti Hyv„rinen - 06-11-05 16:43:00,10 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Antti Hyv„rinen\Ty”p”yt„"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Inetget2
    C:\Program Files\Common Files\{3C6C1D88-0BC6-1035-0108-040401210166}


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


    2006-11-02 17:39 153,144 --a------ C:\ewido_micro.exe
    2006-10-13 12:38 52,224 --a------ C:\WINDOWS\system32\Crypserv.exe
    2006-10-13 12:38 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
    2006-10-13 12:38 24,608 --a------ C:\WINDOWS\system32\Ckldrv.sys
    2006-10-13 12:38 18,432 --a------ C:\WINDOWS\Setup_ck.dll
    2006-10-13 12:38 165,888 --a------ C:\WINDOWS\Ckconfig.exe
    2006-10-13 12:38 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
    2006-10-11 18:01 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2006-10-11 18:01 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
    2006-10-11 18:01 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2006-10-11 18:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2006-10-11 18:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2006-10-11 18:01 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2006-10-07 15:01 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2006-10-07 15:01 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-10-07 15:01 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-05 16:43 -------- d-------- C:\Program Files\Common Files
    2006-11-05 11:11 -------- d-------- C:\Program Files\Tietoturva
    2006-11-02 19:07 -------- d-------- C:\Program Files\Internet
    2006-10-30 22:11 -------- d-------- C:\Program Files\DATA 4.0
    2006-10-30 22:11 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2006-10-26 17:10 -------- d-------- C:\Program Files\Xinox Software
    2006-10-26 16:56 -------- d-------- C:\Program Files\Java
    2006-10-26 16:55 -------- d-------- C:\Program Files\netbeans-5.0
    2006-10-26 16:51 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-10-21 19:07 434320 --a------ C:\Documents and Settings\Antti Hyv„rinen\Application Data\NMM-MetaData.db
    2006-10-15 17:06 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\Adobe
    2006-10-15 14:06 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\Datalayer
    2006-10-14 15:22 -------- d-------- C:\Program Files\MSXML 4.0
    2006-10-13 19:07 -------- d-------- C:\Program Files\Sonera
    2006-10-13 12:38 -------- d-------- C:\Program Files\Common Files\TreeAge
    2006-10-13 07:57 -------- d-------- C:\Program Files\WIDCOMM
    2006-10-13 07:41 -------- d-------- C:\Program Files\Hyoty
    2006-10-11 18:11 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\Nokia
    2006-10-11 18:02 -------- d-------- C:\Program Files\DIFX
    2006-10-11 18:02 -------- d-------- C:\Program Files\Common Files\PCSuite
    2006-10-11 18:02 -------- d-------- C:\Program Files\Common Files\Nokia
    2006-10-11 18:01 -------- d-------- C:\Program Files\Nokia
    2006-10-11 15:59 -------- d---s---- C:\Documents and Settings\Antti Hyv„rinen\Application Data\Microsoft
    2006-10-07 15:16 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\DivX
    2006-10-07 15:01 -------- d-------- C:\Program Files\DivX
    2006-10-07 14:32 -------- d-------- C:\Program Files\AviSynth 2.5
    2006-10-03 21:03 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\TrueCrypt
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
    2006-10-01 11:13 -------- d-------- C:\Documents and Settings\Antti Hyv„rinen\Application Data\Canon
    2006-09-24 13:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-09-24 13:09 -------- d-------- C:\Program Files\Hiiret ja Ohjaimet
    2006-09-24 12:23 -------- d-------- C:\Program Files\The All-Seeing Eye
    2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-09-09 15:45 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-09-09 09:41 -------- d-------- C:\Program Files\3D_Modeling
    2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-08-11 01:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-08-11 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Steam"=""
    "Spamihilator"="\"C:\\Program Files\\Tietoturva\\Spamihilator\\spamihilator.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
    "Logitech Utility"="Logi_MwX.Exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "Omnipage"="C:\\Program Files\\Hiiret ja Ohjaimet\\Scansoft\\Omni\\opware32.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "CTHelper"="CTHELPER.EXE"
    "CTSysVol"="C:\\Program Files\\Multimedia\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
    "CTDVDDet"="C:\\Program Files\\Multimedia\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "F-Secure Manager"="\"C:\\Program Files\\Sonera Tietoturva2\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\Sonera Tietoturva2\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"C:\\Program Files\\Sonera Tietoturva2\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"C:\\Program Files\\Sonera Tietoturva2\\FSGUI\\ispnews.exe\""
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "iTunesHelper"="\"C:\\Program Files\\Multimedia\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "razer"="C:\\Program Files\\Hiiret ja Ohjaimet\\RazerII\\razerhid.exe"
    "Copperhead"="C:\\Program Files\\Hiiret ja Ohjaimet\\RazerII\\razerhid.exe"
    "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,2e,02,00,00,b7,00,00,00,90,00,00,00,70,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-05 16:43:49.75
    C:\ComboFix.txt ... 06-11-05 16:43

    =========================================================

    Ja tässä Hijackthis loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:46:21, on 5.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva2\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Sonera Tietoturva2\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva2\Common\FAMEH32.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsrw.exe
    C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsav32.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE
    C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Multimedia\iTunes\iTunesHelper.exe
    C:\Program Files\Sonera Tietoturva2\FSGUI\fsguidll.exe
    C:\Program Files\Multimedia\iPod\bin\iPodService.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Tietoturva\Spamihilator\spamihilator.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razertra.exe
    C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerofa.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Tiedostot\Common Zip\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Hyoty\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva2\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva2\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Multimedia\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [razer] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Tietoturva\Spamihilator\spamihilator.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.uku.fi:2048/lib/uku/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134167571625
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Multimedia\iPod\bin\iPodService.exe
    O23 - Service: Ql1pateser - Sonic Solutions - (no file)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    KIA, Nov 5, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Näyttäis olevan ok. Vielä ongelmia?
     
    -kemisti-, Nov 5, 2006
    #6
  7. KIA

    KIA Member

    Joined:
    Dec 7, 2003
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    16
    No nyt äsken uudelleen käynnistyessä ei tullut enää tuota update.exe herjaa puuttuvasta services.dll:stä.

    Eli ilmeisesti tuo combofix korjasi jotain... Uteliaisuuttani kysyn vielä, oli tuo updreg.exe jokin virus tms?

    Kiitokset avusta joka tapauksessa!!
     
    KIA, Nov 5, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    -kemisti-, Nov 5, 2006
    #8

Share This Page