Mirc-ongelma (ei mirciä koneessa edes)

reponen · Jan 4, 2007

Koneen käynnisttyessä MIrc hyökkää päälle.. ?
Virus ? Trojan ?
Latasin vertaisverkosta BSPlayerin ja taisi tulle sen mukana paskoa..

Tuossa Hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:02, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\softreg\svchost.exe
E:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\program files\creative\AudioHQ\AHQTB.EXE
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Progs\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKCU\..\Run: [ezlink] "C:\Program Files\EzLink\ezlink.exe" -service_start -background
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: HDDlife.lnk = E:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Outpost Firewall.lnk = E:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

tomato71 · Jan 4, 2007

Moi!
Siirrä hijackthis.exe omaan kansioon C:\HJT\HijackThis.exe

Koneella kaksi Palomuuria,vain yksi softamuuri koneella .Poista toinen

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin(C:\Combofix.txt) . Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä uusi Hjt-loki ja Combofix-loki

reponen · Jan 4, 2007

Agnitum Outpostin poistin (Magic Utilitiesilla) varmaan parisen kuukautta sitten ja vaihdon tuohon Jeticoon.
Tainnut jäädä jotain.. (otin tuon yhden pikakuvakeen pois, ja Agnitum-kansion poistin)
Onkos nyt kaikki OK ?
(-edit- boottasin, ja vielä MIrc yrittää päälle, (tai siis menee päälle kun klikkaa sitä että kokeiluaika-OK (tms.) nappia, mutta poistin MIrcistä kaikki asetukset ettei pääse enää mihinkään undernet.org-osoitteisiin (joihin yrittää) tai mihinkään yleensäkään)

Eli tuossa HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 23:07:23, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
e:\program files\creative\AudioHQ\AHQTB.EXE
E:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKCU\..\Run: [ezlink] "C:\Program Files\EzLink\ezlink.exe" -service_start -background
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Ja tässä tuon Combofixin logi:

Žss„ - 07-01-04 23:05:12,56 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Žss„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\taskmgr.com

((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))

2007-01-04 22:58 <DIR> d-------- C:\HJT
2007-01-04 21:36 <DIR> d-------- C:\Documents and Settings\Žss„\.housecall6.6
2007-01-01 21:52 64,512 --ah----- C:\Documents and Settings\Žss„\Application Data\dach100.dll
2006-12-31 20:13 <DIR> d-------- C:\WINDOWS\system32\softreg
2006-12-31 20:13 <DIR> d-------- C:\Program Files\Webteh
2006-12-31 20:13 <DIR> d-------- C:\Documents and Settings\Žss„\Application Data\BSplayer Pro
2006-12-27 21:46 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-27 21:46 <DIR> d-------- C:\Program Files\ATI Technologies
2006-12-27 21:43 <DIR> d-------- C:\ATI
2006-12-27 21:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-12-27 21:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-27 21:10 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-12-27 21:10 2,829,824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-27 21:09 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2006-12-27 19:51 <DIR> d-------- C:\Documents and Settings\Žss„\Application Data\atitray
2006-12-27 13:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-21 12:03 <DIR> d-------- C:\Documents and Settings\Žss„\Application Data\BinarySense
2006-12-20 12:09 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2006-12-20 12:08 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2006-12-20 12:08 248,064 --a------ C:\WINDOWS\UNINST16.EXE
2006-12-15 20:03 <DIR> d-------- C:\Documents and Settings\Žss„\Application Data\Ahead
2006-12-15 19:59 <DIR> d-------- C:\Program Files\Nero
2006-12-10 13:50 <DIR> dr-h----- C:\Documents and Settings\Žss„\Recent

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-04 23:05 -------- d-------- C:\Documents and Settings\Žss„\Application Data\uTorrent
2007-01-04 22:52 64512 --ah----- C:\Documents and Settings\Žss„\Application Data\dach100.dll
2007-01-04 22:51 -------- d-------- C:\Program Files\EzLink
2007-01-04 14:10 -------- d-------- C:\Program Files\Internet Explorer
2007-01-04 14:03 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-04 13:16 -------- d-------- C:\Documents and Settings\Žss„\Application Data\BSplayer Pro
2007-01-01 01:48 -------- d-------- C:\Documents and Settings\Žss„\Application Data\OpenOffice.org2
2006-12-27 22:01 -------- d---s---- C:\Documents and Settings\Žss„\Application Data\Microsoft
2006-12-27 21:58 -------- d-------- C:\Documents and Settings\Žss„\Application Data\ATI
2006-12-27 21:46 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-27 21:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-27 19:51 -------- d-------- C:\Documents and Settings\Žss„\Application Data\atitray
2006-12-21 12:03 -------- d-------- C:\Documents and Settings\Žss„\Application Data\BinarySense
2006-12-19 20:15 -------- d-------- C:\Documents and Settings\Žss„\Application Data\Ahead
2006-12-15 20:04 -------- d-------- C:\Program Files\Common Files\Ahead
2006-12-15 11:18 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 11:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 21:55 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-14 21:55 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-07 07:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 18:12 -------- d-------- C:\Documents and Settings\Žss„\Application Data\Jetico Personal Firewall
2006-11-24 18:09 -------- d-------- C:\Program Files\Jetico
2006-11-24 18:07 -------- d-------- C:\Program Files\Kerio
2006-11-22 21:20 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 05:25 261120 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-11-22 05:20 118784 --------- C:\WINDOWS\system32\atipdlxx.dll
2006-11-22 05:20 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-11-22 05:19 90112 --------- C:\WINDOWS\system32\ati2evxx.dll
2006-11-22 05:19 42496 --------- C:\WINDOWS\system32\ati2edxx.dll
2006-11-22 05:19 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-22 05:18 430080 --------- C:\WINDOWS\system32\ati2evxx.exe
2006-11-22 05:17 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-11-22 05:12 2526688 --------- C:\WINDOWS\system32\ati3duag.dll
2006-11-22 05:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-11-22 05:08 1090016 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-11-22 04:57 217088 --------- C:\WINDOWS\system32\atikvmag.dll
2006-11-22 04:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-11-22 04:51 294912 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-11-22 04:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-11-22 04:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-22 04:21 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-21 18:14 -------- d-------- C:\Documents and Settings\Žss„\Application Data\fretsonfire
2006-11-12 22:51 -------- d-------- C:\Program Files\Java
2006-11-08 11:04 -------- d-------- C:\Documents and Settings\Žss„\Application Data\Real
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files\Real
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files
2006-11-08 00:23 -------- d-------- C:\Program Files\Real
2006-11-05 18:07 -------- d-------- C:\Documents and Settings\Žss„\Application Data\AdobeUM
2006-10-19 15:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 14:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PeerGuardian"=""
"ezlink"="\"C:\\Program Files\\EzLink\\ezlink.exe\" -service_start -background"
"µTorrent"="\"E:\\Program Files\\uTorrent\\utorrent.exe\""
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"DU Meter"="E:\\Program Files\\DU Meter\\DUMeter.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="e:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
"PCI Audio Applications"="G:\\Drivers\\Audio\\C-Media\\W2K-ME\\app\\Setup.exe"
"C-Media Mixer"="Mixer.exe /startup"
"Logitech Utility"="Logi_MwX.Exe"
"MBM 5"="\"E:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"DiskeeperSystray"="\"E:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"DAEMON Tools"="\"e:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Microsoft M.S.N. Services"="msnmm.exe"
"AudioHQ"="e:\\program files\\creative\\AudioHQ\\AHQTB.EXE"
"OutpostFeedBack"="e:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dumps_startup"
"JeticoPFStartup"="\"C:\\Program Files\\Jetico\\Jetico Personal Firewall\\fwsrv.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft M.S.N. Services"="msnmm.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,01,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,01,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feedback"
"hkey"="HKLM"
"command"="E:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dumps_startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-04 23:06:11.78
C:\ComboFix.txt ... 07-01-04 23:06

reponen · Jan 4, 2007

Ja netti tuntuu katkeavan noin 15min päästä koneen uudelleenkäynnistämisestä ?
Ja pätkii tällöin on/off välillä muutamiksi sekunneiksi ?
Palveluntarjoajassako vika tähän ?

Nyt alkaa jo harmittaa.
Kiitokset kaikista neuvoista jo etukäteisesti !

tomato71 · Jan 4, 2007

Moi!
Tuo mIRC mikä on kummitellu on ns.Backdoor örkki.Olisi hyvä vaihtaa
kaikki käyttäjätunnukset ja salasanat.Jos olet verkkopankkia tai luottokorttia verkossa niin kannattais tarkkailla kuitit ja ottaa yhteyttä pankkiin /luottoyhtiöön

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe

[*]1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli.
[*]2.Valitse "Kansion asetukset"
[*]3.Siirry "Näytä välilehdelle"
[*]4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot."

[
[*]Käynnistä tietokone
[*]Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
[*]Seuraavaksi pitäisi ilmestyä valikko
[*]Valitse valikosta vikasietotila.

Poista seuraavat kansiot: C:\WINDOWS\system32\softreg\
e:\Program Files\Agnitum

Sitten käytä Windowsin "Etsi" toimintoa.
Käynnistä-valikko "Etsi"
->Lisävaihtoehdot
->Raksi seuraaviin:
-Etsi järjestelmäkansioista
-Etsi piilotiedostoista ja -kansioista
-Etsi alikansioista
->Hakusanaksi msnmm.exe
Poista jos löytyy

* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Käynnistä kone vikasietotilaan

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan

Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.

Kun scan on valmis, merkkaa asemat, jotka haluat scannata.

Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.

Klikaa vihreää nuolta oikealla ja scan alkaa.

Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.

Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:

Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.

Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Lähetä uusi hjt-loki ja DrWeb-loki

reponen · Jan 5, 2007

Ei hyökkää enää alussa mIRC.
Kiitos jo tähän astisesta avusta.
Tässä HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 17:20:47, on 5.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
e:\program files\creative\AudioHQ\AHQTB.EXE
E:\Program Files\DU Meter\DUMeter.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Integrator.exe
E:\Program Files\Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis_v1.99.1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

---------------------------------------------------------------

Ja tässä Tuo DR.Webin logi:

Gta2.exe D:\Pelit\UUSI\CRAPOLI\GTA.2 BackDoor.Noknok.50 Deleted.
revolt_nocd.exe D:\Pelit\UUSI\CRAPOLI\Re-Volt-BACKLASH\REVOLT.NO-CD.PATCH Tool.GameCrack Incurable.Moved.
A0107781.exe D:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 BackDoor.Noknok.50 Deleted.
EZLINK.EXE C:\Program Files\EzLink Probably BACKDOOR.Trojan
A0107745.exe C:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 Program.mIRC.617 Incurable.Moved.
A0107803.EXE C:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 Probably BACKDOOR.Trojan Incurable.Moved.

tomato71 · Jan 5, 2007

Loki on puhdas,Drweb poisti viimesetkin örkit ja vähän muutakin

Jos tuo Ezlink.exe on jonkun tärkeän ohjelma osa niin sen saa palautettu
täältä -->Omatietokone -->c: asema -->Documents and Settings ---> kansio mikä on käyttäjätilin niminen -->DoctorWeb --->Quarantine

reponen · Jan 5, 2007

Tuon Ezlinkin poistinkin kokonaan. (DVD-soittimelle LAN-soitin tms.)
Kiitos !

tomato71 · Jan 5, 2007

Ole Hyvä

devol · Jan 10, 2007

Kiitos hyvistä ohjeista... Norton, Ad-aware tai Spybot ei mahtanut kyseiselle haittaohjelmalle mitään!

Itselläni ei kyllä löytynyt alunperinkään näitä:
Agnitum-kansio
msnmm.exe
Ezlink.exe

Eikä rekisteristä myöskään:
-O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
-O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
-O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe

Taitaa olla oma konekin puhdas nyt...

tomato71 · Jan 10, 2007

@devol

Ne ei oikee sillee toimi nää hjt-lokit .Joka koneesta tulee erinäköinen
loki ja nuo virukset yleensä keksii itselleen ihan satunnaisia nimiä.
Jos epäilet virusta niin ota hjt-loki ja avaa oman viestiketjun niin joku sen varmaan tutkii.

Log in or Sign up

Mirc-ongelma (ei mirciä koneessa edes)

reponen Member

tomato71 Regular member

reponen Member

reponen Member

tomato71 Regular member

reponen Member

tomato71 Regular member

reponen Member

tomato71 Regular member

devol Member

tomato71 Regular member

Share This Page

Log in or Sign up

Mirc-ongelma (ei mirciä koneessa edes)

reponen Member

tomato71 Regular member

reponen Member

reponen Member

tomato71 Regular member

reponen Member

tomato71 Regular member

reponen Member

tomato71 Regular member

devol Member

tomato71 Regular member

Share This Page

Useful Searches