Koneeni on hidas, IE hidas ja se jumittaa usein samoin kuin Safari, F-secure ei loyda viruksia

antarktis · Oct 26, 2008

HP:n kannettava alkaa olla loppunsa edessa?
Ensin pyytaisin apua teilta.

Selaimet :IE (jota kaytetaan enemman, kun toimii paremmin kuin Safari ja Firefoxiakin kokeiltu)ja Safari jumittavat harva se kerta.
Iltasanomat on yksi sivuista minka kanssa ongelmia.
Firefoxikin oli kaytossa, mutta viela enemman jumitti.
Herjaa myos virtuaalimuistin vahyydella.

Ohjelmien aukaisussa koneelta ongelmia. Hidas.
Todella hidas!

Ensin F-Securekaan ei toiminut kunnolla. En pystynyt suorittamaan virustarkastusta suoraan ohjelmasta, vaan piti kayttaa online-skanneria. Tanaan poistin ja latasin uudelleen.
Ad-aware loytaa kerran viikossa tehdyssa tarkastuksessa aina vahintaan reilu 20 vakoiluohjelmaa.
CCleaner myos viikottain kaytossa.

Olisin enemman kuin iloinen jos joku voisi auttaa. Joskus tuntuu, etta taalla Italiassa ne vaan kattoo holmona eivatka osaa auttaa mitenkaan. Sanovat vaan etta pitaa vaihtaa virustorjunta johonkin heidan myymaan versioon..
Kiitos etukateen ja toivottavasti tasta saa selvan skandien puuttuessa...

Tassa HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.52.35, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure Internet Security\FSPC\fspc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\9934453.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaet.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [jgmwj] "C:\DOCUME~1\utente\IMPOST~1\Temp\9934453.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [jgmwj] "C:\DOCUME~1\utente\IMPOST~1\Temp\9934453.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157812408718
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 14542 bytes

F-Secure herjas ennen poistoa sellasella viestilla , etta Troijan virus C:ReD.Vexe, mutta nyt ei loytanyt mitaan tarkastuksessa.

Tassa F-securen skannausloki:
Tarkistusraportti
26. lokakuuta 2008 16:47:45 - 20:36:27
Tietokoneen nimi:
Tarkistustyyppi: Suorita tietokoneen täysi tarkistus
Kohde: C:\ + järjestelmä + Rootkit-ohjelmat

Tulos
Haittaohjelmia ei löytynyt

Tilastot
Tarkistettu:
Tiedostot: 109918
Tarkistamatta: 14
Tulos:
Virukset: 0
Vakoiluohjelmat: 0
Epäilyttävät kohteet: 0
Riskiohjelma: 0
Toiminnot:
Puhdistettu: 0
Nimetty uudelleen: 0
Poistettu: 0
Eristetty: 0
Epäonnistui: 0
Käynnistyssektorit:
Tarkistettu: 2
Saanut tartunnan: 0
Epäilyttävät kohteet: 0
Puhdistettu: 0
tiedostot, tarkistamattomat:
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\HIBERFIL.SYS
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\PAGEFILE.SYS
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\SAM
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
Kohteen C:\Swsetup\GGLTB\GR\setup.exe tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\Programmi\DVDFab Platinum\unins000.exe tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\Documents and Settings\utente\Documenti\File ricevuti\iTunesSetup.exe tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\Documents and Settings\utente\Documenti\File ricevuti\X12-30101.exe tarkistus on keskeytetty. [F-Secure AVP]
Pakatussa tiedostossa C:\DOCUMENTS AND SETTINGS\UTENTE\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\Q294TD9O.DEFAULT\GOOGLETOOLBARDATA\FEEDS\ROLLINGSTONE-BUTTON1.XML olevan tiedoston avaaminen ei onnistu.
Pakatussa tiedostossa C:\DOCUMENTS AND SETTINGS\ALL USERS\DATI APPLICAZIONI\SKYPE\PLUGINS\PXML.XML olevan tiedoston avaaminen ei onnistu.

Asetukset
Tunnisteiden versio:
Virukset: 2008-10-26_02
Vakoiluohjelmat: 2008-10-26_01
Tarkistusohjelmat:
F-Secure AVP: 7.00.171, 2008-10-25
F-Secure Libra: 2.04.05, 2008-10-10
F-Secure Orion: 1.02.41, 2008-10-26
F-Secure Draco: 1.01.00, 2008-09-08
F-Secure BlackLight: 1.00.68
Tarkistusasetukset:
Tarkista määritetyt tiedostot: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Tarkista pakatut tiedostot

yaht · Oct 27, 2008

Jeps ohjeita tulee tässä.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [jgmwj] "C:\DOCUME~1\utente\IMPOST~1\Temp\9934453.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [jgmwj] "C:\DOCUME~1\utente\IMPOST~1\Temp\9934453.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

antarktis · Oct 27, 2008

No niin.

Tassa combofixin loki:

ComboFix 08-10-25.01 - utente 2008-10-27 11:29:47.2 - NTFSx86
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nul.nzv
.
---- Previous Run -------
.
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-09-27 al 2008-10-27 )))))))))))))))))))))))))))))))))))
.

2008-10-26 16:38 . 2008-10-26 16:38 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2008-10-26 15:37 . 2008-10-26 16:37 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-10-26 15:37 . 2008-10-26 16:37 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-10-24 07:14 . 2008-10-15 17:36 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 08:14 . 2008-09-08 11:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 08:12 . 2008-08-14 14:22 2,192,896 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 08:12 . 2008-08-14 14:22 2,148,864 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:12 . 2008-08-14 14:22 2,069,760 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:12 . 2008-08-14 14:22 2,027,520 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 08:12 . 2008-09-15 16:24 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:25 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Skype
2008-10-27 07:04 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\skypePM
2008-10-26 15:47 --------- d-----w C:\Programmi\F-Secure Internet Security
2008-10-26 14:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\F-Secure
2008-10-26 14:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\fssg
2008-10-21 13:39 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\ZoomBrowser EX
2008-10-21 12:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ZoomBrowser
2008-10-19 20:16 --------- d-----w C:\Programmi\eMule
2008-10-15 11:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-10-03 22:03 --------- d-----w C:\Programmi\File comuni\Apple
2008-10-03 16:58 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 17:17 --------- d-----w C:\Programmi\Lavasoft
2008-09-23 17:14 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-09-17 14:46 --------- d-----w C:\Programmi\Apple Software Update
2008-09-17 14:43 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Apple Computer
2008-09-17 14:42 --------- d-----w C:\Programmi\iTunes
2008-09-17 14:42 --------- d-----w C:\Programmi\iPod
2008-09-17 14:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 14:39 --------- d-----w C:\Programmi\QuickTime
2008-09-17 14:28 --------- d-----w C:\Programmi\Safari
2008-09-17 14:25 --------- d-----w C:\Programmi\Bonjour
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 23:04 --------- d-----w C:\Programmi\CCleaner
2008-08-27 08:57 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-11 13:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-11 13:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-06 14:05 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-05-12 16:17 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-02-08 21:09 28 ----a-w C:\Programmi\deviceinfo
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 344064]
"PTHOSTTR"="C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
"UpdateManager"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 499712]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"WatchDog"="C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"CanonSolutionMenu"="C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="C:\Programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"F-Secure Manager"="C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 182936]
"F-Secure TNB"="C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 739936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*efvl"="\\?\C:\WINDOWS\system32\nul.nzv" [?]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 19:41 40960 C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=\\?\C:\WINDOWS\system32\nul.nzv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-10-26 51072]
R1 F-Secure HIPS;F-Secure HIPS;C:\Programmi\F-Secure Internet Security\HIPS\fshs.sys [2008-10-26 41184]
R2 ASChannel;Canale di comunicazione locale;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programmi\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 62048]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 200576]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [ ]
S3 ThSerial;ThSerial;C:\WINDOWS\system32\DRIVERS\thserial.sys [2005-04-29 59776]
S3 ThSerMux;ThSerMux;C:\WINDOWS\system32\DRIVERS\thsermux.sys [2005-04-29 33408]
S3 thserprt;thserprt;C:\WINDOWS\system32\DRIVERS\thserprt.sys [2005-04-29 17664]
S4 F-Secure Filter;F-Secure File System Filter;C:\Programmi\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programmi\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d2b276-3662-11dd-a7f6-0014a56ce75f}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-27 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe [2008-04-04 19:07]

2008-10-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-06-05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\q294td9o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gaet.it/
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 11:46:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

C:\:ReD.Vexe 84882 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32.exe
C:\Programmi\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmi\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure Internet Security\FSPC\fspc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure Internet Security\FWES\program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\PROGRA~1\F-SECU~1\Common\FSM32.EXE
C:\PROGRA~1\F-SECU~1\FSGUI\fsguidll.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-27 11:53:55 - macchina è stato riavviato [utente]
ComboFix-quarantined-files.txt 2008-10-27 10:53:40

Pre-Run: 47,374,970,880 byte disponibili
Post-Run: 47,885,492,224 byte disponibili

220 --- E O F --- 2008-10-24 06:43:18

Malwareloki (tehty Combon jalkeen)

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1326
Windows 5.1.2600 Service Pack 3

27/10/2008 14.27.36
mbam-log-2008-10-27 (14-27-36).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 134585
Kulunut aika: 1 hour(s), 33 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Ja HJT-loki ,joka tehty just asken

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.33.30, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmi\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure Internet Security\FSPC\fspc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaet.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157812408718
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\nul.nzv
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 13104 bytes

yaht · Oct 27, 2008

Fixaa tämä rivi pois.

O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\nul.nzv

Mene http://virusscan.jotti.org/ tuonne ja lähetä seuraava tiedosto sinne jos löytyy C:\WINDOWS\system32\nul.nzv
ja kerro tulokset.

Huom. pistä piilotiedostot näkyviin.

antarktis · Oct 27, 2008

Sielta tuli tallainen vastaus:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Kone on jo paljon parempi, mutta viela tokkimen ei oo kokonaan loppunut.

Kiitos x 1000!

Log in or Sign up

Koneeni on hidas, IE hidas ja se jumittaa usein samoin kuin Safari, F-secure ei loyda viruksia

antarktis Member

yaht Regular member

antarktis Member

yaht Regular member

antarktis Member

Share This Page

Log in or Sign up

Koneeni on hidas, IE hidas ja se jumittaa usein samoin kuin Safari, F-secure ei loyda viruksia

antarktis Member

yaht Regular member

antarktis Member

yaht Regular member

antarktis Member

Share This Page

Useful Searches