outo virusjuttu

Discussion in 'Virukset ja haittaohjelmat' started by werppa, Mar 29, 2006.

  1. werppa

    werppa Member

    Joined:
    Aug 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    16
    ongelmani on semmoinen, että koneessa on joku outo virustorjuntaohjelma joka vaikuttaa enemmän ad-warelta. nimi on spyware quake ja se ilmoittaa virus alertista, vaikkei viruksia olekaan ja syöttää aina vähän väliä mainoksia, en pysty myöskään vaihtamaan aloitussivua millään vaan se on automaattisesti osoitteessa systemupdates.com. ad-aware tai spybot ym. eivät huomaa mitään, mikä neuvoksi?
     
    werppa, Mar 29, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Örkkihän se on. Ja sen verran uusi, ettei Ad-aware ym. sitä huomaa.

    Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.
     
    -kemisti-, Mar 29, 2006
    #2
  3. werppa

    werppa Member

    Joined:
    Aug 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    16
    tässä se nyt sit olis:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:29:31, on 29.3.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\NORMAN\Npf\BIN\NPFSVICE.EXE
    C:\NORMAN\bin\ZANDA.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\NORMAN\bin\NJEEVES.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\mssearchnet.exe
    C:\WINDOWS\system32\nvctrl.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\NORMAN\bin\ZLH.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\NORMAN\Npf\BIN\npfmsg2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\bin\cclaw.exe
    C:\NORMAN\Nvc\BIN\NVCOD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpAD0F.tmp
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Npf\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\ZANDA.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
     
    werppa, Mar 29, 2006
    #3
  4. werppa

    werppa Member

    Joined:
    Aug 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    16
    taitaa muuten olla smitfraud toi örkki...
     
    werppa, Mar 29, 2006
    #4
  5. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    On smitfraud-perheen yksi jäsen, kyllä :)
    Lataa tuosta smitrem http://noahdfear.geekstogo.com/click counter/click.php?id=1 ©noahdfear, ja tallenna se työpöydällesi.
    Tupla-klikkaa tiedostoa purkaaksesi sen omaan kansioonsa.

    ==

    Lataa Ewido Anti-malware täältä:
    http://www.ewido.net/en/download

    Lue ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

    ÄLÄ aja skanneria vielä, ainoastaan päivitä ja asenna ja pistä asetukset. Älä myöskään asenna Ewidon vartijaa.

    ==

    Lataa ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 Cleaner by Atribune.
    Tämä ohjelma on vain XP ja 2000 käyttiksille.

    ÄLÄ aja sitä vielä.

    ==

    Lataa Roguescanfix http://www.martijnc.be/tools/roguescanfix.exe ja tallenna se työpöydällesi:
    [*]Tupla-klikkaa roguescanfix.exe filua asentaaksesi sen.
    [*]Avaa roguescanfix kansio, ja tupla-klikkaa run.bat.
    [*]Työpöytäsi ja pikakuvakkeesi katoavat ja ilmaantuvat uudestaan, tämä on normaalia.
    [*]Odota viestiä joka sanoo "Completed script execution", ja klikkaa OK.
    [*]Klikkaa "Exit" sulkeaksesi BFU:n.
    [*]Klikkaa "OK" aloittaaksesi SpywareQuake/Spyfalcon poistajan, sen jälkeen klikkaa "uninstall".

    HUOMAA: Jos palomuurisi antaa minkään sortin varoituksia tähän skriptiin tai työkaluun, hyväksy ne koska kieltämällä korjaus ei toimisi!

    ==

    Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

    ==

    Fixaa nämä HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpAD0F.tmp
    O4 - Startup: PowerReg Scheduler V3.exe

    ==

    Aja ATF Cleaner:
    Tupla-klikkaa ATF-Cleaner.exe ajaaksesi ohjelman.
    Mainin alapuolelta valitse: Select All
    Klikkaa Empty Selected nappia.
    Jos käytät Firefoxia selaimenasi Klikkaa Firefox välilehteä yläpuolella ja klikkaa: Select All
    Klikkaa Empty Selected nappia.
    HUOMAA: Jos haluat pitää tallennetut salasanasi, klikkaa No varoitukseen.
    Jos käytät Operaa selaimenasiKlikkaa Opera välilehteä yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected nappia.
    HUOMAA: Jos haluat pitää tallennetut salasanasi, klikkaa No varoitukseen.
    Klikkaa Exit päävalikossa sulkeaksesi ohjelman.

    ==

    Avaa smitRem kansio, ja tupla-klikkaa RunThis.bat filua ajaaksesi työkalun. Seuraa ohjeita.
    Odota kunnes työkalu on valmis ja levyn puhdistus kunnossa.

    Työkalu luo seuraavan lokin: smitfiles.txt paikalliselle levyllesi, kuten C: tai sille mille käyttöjärjestelmäsi on asennettu. Postita tämä loki muiden lokien mukana seuraavaan vastaukseesi.

    ==

    Aja Ewido:
    [*]Klikkaa scanner
    [*]Klikkaa Complete System Scan ja skannaus alkaa.
    [*]Kun skannaus on kesken sinua pyydetään puhdistamaan filuja, klikkaa OK
    [*]Kun se pyytää sinua puhdistamaan ensimmäisen filun, rastita vasemmassa alakulmassa boksin joka sanoo "Perform action on all infections" sitten valitse Clean ja klikkaa OK.
    [*]Kun skanneri on valmis, Save report tulee näkyville.
    [*]Klikkaa sitä.
    [*]Tallenna report .txt file työpöydällesi.
    Sulje Ewido Anti-malware.

    ==

    Seuraavaksi, klikkaa työpöydällä oikealla hiiren nappulalla -> ominaisuudet -> työpöytä -> mukauta työpöytää -> web-välilehti.
    Katso, jos siellä on jotain security-välilehti, ota rasti pois tämän kohdalta.

    ==

    Käynnistä uudelleen normaaliin Windowsiin, postita takaisin seuraavilla tiedoilla:

    Ewido Log
    SmitFiles.txt login kaikki sisältö
    Tuore HijackThis logi

     
    -kemisti-, Mar 29, 2006
    #5
  6. werppa

    werppa Member

    Joined:
    Aug 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    16
    Näyttää puhtaalta tällä hetkellä. mutta tässä ne raportit:

    smitremin raportti:

    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [versio 5.1.2600]

    Running from
    C:\Werppa\smitti\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    hp***.tmp


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~

    secure32.html


    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 760 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    CLEAN! :)

    ja Ewidon raportti:
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 21:06:11, 29.3.2006
    + Report-Checksum: 2F419639

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
    HKU\S-1-5-21-2087402627-4021488407-121579851-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\Werppa\Application Data\Mozilla\Firefox\Profiles\7iy1eqz7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Werppa\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Werppa\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Werppa\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Werppa\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Werppa\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Werppa\Local Settings\Temporary Internet Files\Content.IE5\3ZHZVL4W\243461[1].exe -> Downloader.Small.on : Cleaned with backup
    C:\Documents and Settings\Werppa\Local Settings\Temporary Internet Files\Content.IE5\58S3T9KH\YmdDeEVVVXl0Sm9BQUJpNzFJd0FBQUtD[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
    C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\iNetPal\ezTSetup.exe -> Dropper.Small.sc : Cleaned with backup
    C:\WINDOWS\system32\SHAgentNew.dll -> Adware.BargainBuddy : Cleaned with backup


    ::Report End

    ja HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:36:39, on 29.3.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\NORMAN\Npf\BIN\NPFSVICE.EXE
    C:\NORMAN\bin\ZANDA.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\bin\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\NORMAN\bin\ZLH.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\bin\cclaw.exe
    C:\NORMAN\Npf\BIN\npfmsg2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Npf\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\ZANDA.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

     
    werppa, Mar 29, 2006
    #6
  7. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Juu, hyvältä näyttää :) Ongelmat hävinneet?
     
    -kemisti-, Mar 29, 2006
    #7
  8. werppa

    werppa Member

    Joined:
    Aug 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    16
    jep, hävinneet kokonaan. kiitos Kemisti! :)
     
    werppa, Mar 30, 2006
    #8

Share This Page