Loki tarkasteltavaksi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by anttih_, Jan 11, 2007.

  1. anttih_

    anttih_ Member

    Joined:
    Jan 2, 2007
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Tässä olisi jälleen yhden koneen HjT-logi. Koneen käynnistyessä näytölle tulee joka kerta valkoinen ns. pop-up ikkuna, jonka yläreunassa lukee "C:/Extreme_Live_Show.hta". Se lienee poistettavissa tämän avulla?

    ---

    Logfile of HijackThis v1.99.1
    Scan saved at 0:31:52, on 12.1.2007
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\RUNSERVICE.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\OHJELMATIEDOSTOT\KERIO\PERSONAL FIREWALL\PERSFW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\OHJELMATIEDOSTOT\PICASA2\PICASAMEDIADETECTOR.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\OHJELMATIEDOSTOT\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\OHJELMATIEDOSTOT\WINZIP\WZQKPICK.EXE
    C:\LOTUS\SMARTCTR\SUITEST.EXE
    C:\LOTUS\WORDPRO\LTSSTART.EXE
    C:\OHJELMATIEDOSTOT\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\HJT\HIJACKTHIS_V1.99.1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.puh.ru/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netsor.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.clickyestoenter.net/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchxp.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Ohjelmatiedostot/MS-Connect/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.;*.;;<local>;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    N1 - Netscape 4: user_pref("browser.startup.homepage","http://www.wazzupnet.com"); (C:\Ohjelmatiedostot\Netscape\Users\antti\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {1112954A-58B9-4677-8358-2B9EB5046685} - (no file)
    O2 - BHO: (no name) - {6BA93F29-BE11-0DC1-8756-6D550CAC2213} - (no file)
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Ohjelmatiedostot\HP\e-DiagTools\edtlancfg.exe OS
    O4 - HKLM\..\Run: [WorksFUD] c:\Ohjelmatiedostot\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Ohjelmatiedostot\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Shell] c:\ray.exe
    O4 - HKLM\..\Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Extreme_Live_Show.hta
    O4 - HKLM\..\Run: [P2P NETWORKINGP2P8323] C:\WINDOWS\TEMP\P2P NETWORKINGP2P8323.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Windows Spool Services] ssvcc.exe
    O4 - HKLM\..\Run: [websx] C:\OHJELMATIEDOSTOT\WEBSX\INT339890.EXE -auto
    O4 - HKLM\..\Run: [updmgr] C:\Ohjelmatiedostot\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] c:\windows\SYSTEM\CnxDslTb.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Ohjelmatiedostot\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\OHJELM~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Windows Spool Services] ssvcc.exe
    O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [PersFw] "C:\Ohjelmatiedostot\Kerio\Personal Firewall\persfw.exe" /hide
    O4 - HKCU\..\Run: [Bmar] C:\WINDOWS\Application Data\nrsw.exe
    O4 - HKCU\..\Run: [Gojnxde] C:\WINDOWS\SYSTEM\gcic.exe
    O4 - Startup: Microsoft Works Kalenterin muistutukset.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Ohjelmatiedostot\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
    O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Startup: Lotus Opetusohjelma.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Encoder Agent.lnk = C:\Ohjelmatiedostot\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Sys.lnk = C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987509} - C:\entrefamosasfi\entrefamosasfi.exe (file missing)
    O9 - Extra button: xxx - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\temp\acc\CRISS\CRISS.EXE (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O12 - Plugin for .pdf: C:\OHJELM~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O15 - Trusted Zone: *.libereco.net
    O16 - DPF: {37B630E3-3FED-4F4A-B8BE-46AB443C51A9} - http://dialers.topcashdialer.com/daman/setup.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
     
    anttih_, Jan 11, 2007
    #1
  2. Hujo

    Hujo Guest

    Aloita tuosta Fixsaten

    scannaa hjt:llä merkkaa paina Fix checked

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O2 - BHO: (no name) - {1112954A-58B9-4677-8358-2B9EB5046685} - (no file)
    O2 - BHO: (no name) - {6BA93F29-BE11-0DC1-8756-6D550CAC2213} - (no file)
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    aja escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne. HJT loki
     
    Last edited by a moderator: Jan 12, 2007
    Hujo, Jan 12, 2007
    #2
  3. anttih_

    anttih_ Member

    Joined:
    Jan 2, 2007
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Tässäpä näitä olisi, ensin HjT-loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:01:56, on 12.1.2007
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\RUNSERVICE.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\OHJELMATIEDOSTOT\KERIO\PERSONAL FIREWALL\PERSFW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\OHJELMATIEDOSTOT\PICASA2\PICASAMEDIADETECTOR.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\OHJELMATIEDOSTOT\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\OHJELMATIEDOSTOT\WINZIP\WZQKPICK.EXE
    C:\LOTUS\SMARTCTR\SUITEST.EXE
    C:\LOTUS\WORDPRO\LTSSTART.EXE
    C:\OHJELMATIEDOSTOT\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
    C:\OHJELMATIEDOSTOT\MOZILLA FIREFOX\FIREFOX.EXE
    C:\HJT\HIJACKTHIS_V1.99.1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.puh.ru/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netsor.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.clickyestoenter.net/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchxp.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Ohjelmatiedostot/MS-Connect/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.;*.;;<local>;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {1112954A-58B9-4677-8358-2B9EB5046685} - (no file)
    O2 - BHO: (no name) - {6BA93F29-BE11-0DC1-8756-6D550CAC2213} - (no file)
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Ohjelmatiedostot\HP\e-DiagTools\edtlancfg.exe OS
    O4 - HKLM\..\Run: [WorksFUD] c:\Ohjelmatiedostot\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Ohjelmatiedostot\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Extreme_Live_Show.hta
    O4 - HKLM\..\Run: [P2P NETWORKINGP2P8323] C:\WINDOWS\TEMP\P2P NETWORKINGP2P8323.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Windows Spool Services] ssvcc.exe
    O4 - HKLM\..\Run: [websx] C:\OHJELMATIEDOSTOT\WEBSX\INT339890.EXE -auto
    O4 - HKLM\..\Run: [updmgr] C:\Ohjelmatiedostot\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] c:\windows\SYSTEM\CnxDslTb.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Ohjelmatiedostot\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\OHJELM~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Windows Spool Services] ssvcc.exe
    O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [PersFw] "C:\Ohjelmatiedostot\Kerio\Personal Firewall\persfw.exe" /hide
    O4 - HKCU\..\Run: [Bmar] C:\WINDOWS\Application Data\nrsw.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\OHJELMATIEDOSTOT\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
    O4 - Startup: Microsoft Works Kalenterin muistutukset.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Ohjelmatiedostot\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
    O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Startup: Lotus Opetusohjelma.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Encoder Agent.lnk = C:\Ohjelmatiedostot\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Sys.lnk = C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987509} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra button: xxx - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O12 - Plugin for .pdf: C:\OHJELM~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O15 - Trusted Zone: *.libereco.net
    O16 - DPF: {37B630E3-3FED-4F4A-B8BE-46AB443C51A9} - http://dialers.topcashdialer.com/daman/setup.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

    Tässä sitten eScan -ohjelman tiedot (siitä ns. alalaatikosta):

    File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\NDNuninstall4_85.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\pulpit.exe tagged as not-a-virus:porn-Dialer.Win32.Generic. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10-1.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\52242234101.exe infected by "Trojan-Clicker.Win32.Small.kj" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\SYSTEM\HotVideo_fi-uninstall.exe tagged as not-a-virus:Dialer.Win32.gen. No Action Taken.
    File C:\WINDOWS\SYSTEM\ezStubx.exe tagged as not-a-virus:AdWare.Win32.EZula.a. No Action Taken.
    File C:\WINDOWS\SYSTEM\TOPSYS.EXE.VIR tagged as not-a-virus:AdWare.Win32.EZula.w. No Action Taken.
    File C:\WINDOWS\SYSTEM\HotVideo_fi-uninstall.exe tagged as not-a-virus:Dialer.Win32.gen. No Action Taken.
    File C:\WINDOWS\SYSTEM\ezStubx.exe tagged as not-a-virus:AdWare.Win32.EZula.a. No Action Taken.
    File C:\WINDOWS\SYSTEM\TOPSYS.EXE.VIR tagged as not-a-virus:AdWare.Win32.EZula.w. No Action Taken.
    File C:\WINDOWS\Application Data\thblssiykqu.dll tagged as not-a-virus:AdWare.Win32.Lop.y. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\TeenSex.0xe infected by "Trojan.Win32.Liech.c" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\free_mp3.exe tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\sexgalleria.exe tagged as not-a-virus:porn-Dialer.Win32.Direct.a. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\mp3search.exe tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\TeenSex.0xe infected by "Trojan.Win32.Liech.c" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\Downloaded Program Files\109121.exe tagged as not-a-virus:porn-Downloader.Win32.TibSystems.c. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\free_mp3.exe tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken.
    File C:\WINDOWS\Downloaded Program Files\kobietki.exe tagged as not-a-virus:porn-Dialer.Win32.Generic. No Action Taken.
    File C:\WINDOWS\NDNuninstall4_85.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\pulpit.exe tagged as not-a-virus:porn-Dialer.Win32.Generic. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10-1.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\Ohjelmatiedostot\KFH\setup.exe infected by "Trojan.Win32.DelFiles.s" Virus. Action Taken: File Deleted.
    File C:\Ohjelmatiedostot\Mozilla Firefox\plugins\NPMySrch.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
    File C:\Ohjelmatiedostot\SaveNow\SaveNow.exe tagged as not-a-virus:AdWare.Win32.SaveNow.ar. No Action Taken.
    File C:\ht.0ta infected by "Trojan-Clicker.JS.gen" Virus. Action Taken: File Deleted.

     
    anttih_, Jan 12, 2007
    #3
  4. anttih_

    anttih_ Member

    Joined:
    Jan 2, 2007
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Mainittakoon nyt uudessa viestissä sen verran, että käynnistäessäni äsken konetta ei enää ilmaantunut sitä valkoista ikkunaa. Vika ilmeisesti korjattu, vai vieläkö pitäisi tehdä jonkinlaisia toimenpiteitä?
     
    anttih_, Jan 12, 2007
    #4
  5. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {1112954A-58B9-4677-8358-2B9EB5046685} - (no file)
    O2 - BHO: (no name) - {6BA93F29-BE11-0DC1-8756-6D550CAC2213} - (no file)
    O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

     
    Hujo, Jan 14, 2007
    #5
  6. anttih_

    anttih_ Member

    Joined:
    Jan 2, 2007
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Tehtävä suoritettu. Tosin valikossa oli enää noista seitsemästä rivistä vain kaksi näkyvissä, liekkö meinaa mitään..
     
    anttih_, Jan 14, 2007
    #6
  7. Hujo

    Hujo Guest

    laitas hjt loki
     
    Hujo, Jan 14, 2007
    #7
  8. anttih_

    anttih_ Member

    Joined:
    Jan 2, 2007
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 14:02:09, on 14.1.2007
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\RUNSERVICE.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\OHJELMATIEDOSTOT\KERIO\PERSONAL FIREWALL\PERSFW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\OHJELMATIEDOSTOT\PICASA2\PICASAMEDIADETECTOR.EXE
    C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\OHJELMATIEDOSTOT\SKYPE\PHONE\SKYPE.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\OHJELMATIEDOSTOT\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\OHJELMATIEDOSTOT\WINZIP\WZQKPICK.EXE
    C:\LOTUS\SMARTCTR\SUITEST.EXE
    C:\LOTUS\WORDPRO\LTSSTART.EXE
    C:\OHJELMATIEDOSTOT\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\OHJELMATIEDOSTOT\MOZILLA FIREFOX\FIREFOX.EXE
    C:\OHJELMATIEDOSTOT\BERSIRC\BERSIRC.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
    C:\HJT\HIJACKTHIS_V1.99.1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.puh.ru/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netsor.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.clickyestoenter.net/ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://art-xxx.com/top/1.shtml#Teen...Galleries_Amateur_Galleries_Fucking_Galleries
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchxp.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Ohjelmatiedostot/MS-Connect/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.;*.;;<local>;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Ohjelmatiedostot\HP\e-DiagTools\edtlancfg.exe OS
    O4 - HKLM\..\Run: [WorksFUD] c:\Ohjelmatiedostot\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [P2P NETWORKINGP2P8323] C:\WINDOWS\TEMP\P2P NETWORKINGP2P8323.EXE /AUTOSTART
    O4 - HKLM\..\Run: [websx] C:\OHJELMATIEDOSTOT\WEBSX\INT339890.EXE -auto
    O4 - HKLM\..\Run: [CnxDslTaskBar] c:\windows\SYSTEM\CnxDslTb.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Ohjelmatiedostot\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\OHJELM~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [PersFw] "C:\Ohjelmatiedostot\Kerio\Personal Firewall\persfw.exe" /hide
    O4 - HKCU\..\Run: [BitTorrent] "C:\OHJELMATIEDOSTOT\BITTORRENT\BITTORRENT.EXE" --force_start_minimized
    O4 - HKCU\..\Run: [Skype] "C:\OHJELMATIEDOSTOT\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
    O4 - Startup: Microsoft Works Kalenterin muistutukset.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Ohjelmatiedostot\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
    O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Startup: Lotus Opetusohjelma.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Startup: Encoder Agent.lnk = C:\Ohjelmatiedostot\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Sys.lnk = C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987509} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra button: xxx - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O12 - Plugin for .pdf: C:\OHJELM~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O15 - Trusted Zone: *.libereco.net
    O16 - DPF: {37B630E3-3FED-4F4A-B8BE-46AB443C51A9} - http://dialers.topcashdialer.com/daman/setup.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

     
    anttih_, Jan 14, 2007
    #8

Share This Page