Rootkit-haittaohjelma PC:ssä + virukset(?)

sundguy · Jul 27, 2005

Toinen PC:mme on sekaisin. Virustorjunta (f-secure) ei toimi kuin hetken. Se sai kerrottua, että löytyi haittakoodia (rootkit.win32.agent.c). Konetta ei voi pitää verkossa, koska se saa heti sieltä viruksia, joten ZoneAlarm ei siinä auta. F-secure BackWeb (viruspäivitys) estyy haittaohjelman vuoksi.
StartUp:issa oli iso liuta tuntemattomia ohjelmia, mutta eiköhän ne liene haittaohjelman tekosia. Ne näkyvät myös alla olevassa statuksessa.
AdAware-tarkistus tehty ja löydökset poistettu.
SpyBot löysi kaikenlaisia BackWeb:ejä, mutta en uskalla poistaa, koska silloin F-secure saattaa tulla täysin toimimattomaksi.

Toivottavasti näistä saatte jotain irti, muuten taitaa olla formatoinnin paikka.

Kiitos etukäteen:
sundguy

Ohessa HiJackThis-tulostus:

Logfile of HijackThis v1.99.1
Scan saved at 19:25:41, on 27.7.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\msteflog.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:65000
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Update Client] C:\WINDOWS\System32\msteflog.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [hqjkokb] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ogrdegl] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [rqacmoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [icruscs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ljvjfoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqrbmgc] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [gobtggs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [mrapxhg] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fncaxin] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fspycgu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [miurxdu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [raclgix] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ujovqgj] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqokygd] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [mlijqje] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [luridgl] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [ecpfvqn] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [oadcjib] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ktjvsre] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [xhojpus] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ihuvpuj] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ngcyjxo] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [mmpkaci] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [lyjanih] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [wugiaoe] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [svquhjm] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [fniwxka] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pynghwr] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phmhgqk] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [ecpcbdp] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [qwrvdkn] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phtjuoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [juppojq] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [yklgbre] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [asgkvoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pidtxuq] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [nwbmbap] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [srbmnrv] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [ghekdbt] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [noxigrc] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fxwnmsu] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [aovjoxq] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ycplime] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fcpyiiv] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ymscfko] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [kcgetsa] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [jedhcpw] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [byfeoww] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [yhofqqp] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [atrggwh] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [cyldwjx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [ytmkyvx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [amgbxxy] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [utuyufi] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [absxdjl] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [pardpjv] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [ldeuvdj] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [rlmgwig] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [ueaykmo] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [twncfft] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [eqanqhf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [ubqnsge] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [msfaxkf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [fklkkmo] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [thcmtkg] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [fkyicna] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [isaeyqp] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [xpdwgbc] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ftquuxx] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [awyweay] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ufruuom] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [gnypjir] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [orwkynj] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [mljwfvy] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [iliywqa] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kvlsvfb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [oawyfwq] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [gafmvbo] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [jkkwhxb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kmsxruf] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [hhpeldj] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [dxqcmua] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [eumraqd] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [baeceuo] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [enrofhs] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [bbnyhrk] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [ovkufsh] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [bdweruo] c:\windows\boefnmy.exe
O4 - Startup: winupdate72981454[1].0xe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lataa FlashGetillä - F:\apps\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - F:\apps\FlashGet\jc_all.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: MSMserv - {A1C5B2B8-B44B-4C57-BA8E-8E4AFD36783B} - C:\WINDOWS\System32\smlogl32.dll (file missing)
O21 - SSODL: Access - {B28C34DE-0EB6-4B7A-99C9-B42DCC4451E8} - C:\WINDOWS\System32\spxcdblr.dll (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

q-hub-op · Jul 27, 2005

!!EN OLE VARMA ASIASTA!!! mutta uskoisin ainakin nuo O4 - HKCU\..\Run: [hqjkokb] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ogrdegl] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [rqacmoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [icruscs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ljvjfoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqrbmgc] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [gobtggs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [mrapxhg] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fncaxin] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fspycgu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [miurxdu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [raclgix] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ujovqgj] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqokygd] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [mlijqje] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [luridgl] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [ecpfvqn] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [oadcjib] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ktjvsre] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [xhojpus] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ihuvpuj] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ngcyjxo] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [mmpkaci] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [lyjanih] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [wugiaoe] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [svquhjm] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [fniwxka] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pynghwr] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phmhgqk] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [ecpcbdp] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [qwrvdkn] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phtjuoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [juppojq] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [yklgbre] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [asgkvoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pidtxuq] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [nwbmbap] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [srbmnrv] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [ghekdbt] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [noxigrc] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fxwnmsu] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [aovjoxq] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ycplime] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fcpyiiv] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ymscfko] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [kcgetsa] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [jedhcpw] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [byfeoww] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [yhofqqp] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [atrggwh] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [cyldwjx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [ytmkyvx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [amgbxxy] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [utuyufi] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [absxdjl] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [pardpjv] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [ldeuvdj] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [rlmgwig] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [ueaykmo] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [twncfft] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [eqanqhf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [ubqnsge] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [msfaxkf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [fklkkmo] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [thcmtkg] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [fkyicna] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [isaeyqp] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [xpdwgbc] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ftquuxx] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [awyweay] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ufruuom] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [gnypjir] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [orwkynj] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [mljwfvy] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [iliywqa] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kvlsvfb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [oawyfwq] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [gafmvbo] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [jkkwhxb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kmsxruf] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [hhpeldj] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [dxqcmua] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [eumraqd] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [baeceuo] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [enrofhs] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [bbnyhrk] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [ovkufsh] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [bdweruo] c:\windows\boefnmy.exe

sundguy · Jul 27, 2005

Joo, nämä lienevät suht. selviä. Luulen kuitenkin että ongelma on jokin muu. Flsmngr.dll:kin lienee sellainen turha. Msteflog.exe ei myöskään anna tuloksia Googlella etsiessä, eli luultavasti haittaohjelman aiheuttama (?).

kwakki · Jul 27, 2005

O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - Startup: winupdate72981454[1].0xe

BLASTER.E WORM/mslaugh.exe
Lovesan worm/teekids.exe
W32/Lovsan.worm/enbiei.exe

Ainakin itse olen huomannut, että noi "0xe" tiedostot sisältävät viiruksen aina, mutta aika epätodennäköistä on, että toi on windowsin oma prosessi. Googlella löytyi ko. tiedot ko. viiruksista.

V-kos · Jul 27, 2005

Laita piilotiedostot näkyviin.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Sulje selain ja ylimääräiset ohjelmat.

Lopeta järjestelmän hallinnasta prosessit:
msteflog.exe

FIXaa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [Update Client] C:\WINDOWS\System32\msteflog.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [hqjkokb] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ogrdegl] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [rqacmoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [icruscs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ljvjfoq] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqrbmgc] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [gobtggs] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [mrapxhg] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fncaxin] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [fspycgu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [miurxdu] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [raclgix] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [ujovqgj] c:\windows\wlwmwvr.exe
O4 - HKCU\..\Run: [cqokygd] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [mlijqje] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [luridgl] c:\windows\nnralai.exe
O4 - HKCU\..\Run: [ecpfvqn] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [oadcjib] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ktjvsre] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [xhojpus] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ihuvpuj] c:\windows\vbsnuwv.exe
O4 - HKCU\..\Run: [ngcyjxo] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [mmpkaci] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [lyjanih] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [wugiaoe] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [svquhjm] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [fniwxka] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pynghwr] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phmhgqk] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [ecpcbdp] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [qwrvdkn] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [phtjuoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [juppojq] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [yklgbre] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [asgkvoa] c:\windows\gkyplyk.exe
O4 - HKCU\..\Run: [pidtxuq] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [nwbmbap] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [srbmnrv] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [ghekdbt] c:\windows\wjnkilg.exe
O4 - HKCU\..\Run: [noxigrc] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fxwnmsu] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [aovjoxq] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ycplime] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [fcpyiiv] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [ymscfko] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [kcgetsa] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [jedhcpw] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [byfeoww] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [yhofqqp] c:\windows\waoxpcr.exe
O4 - HKCU\..\Run: [atrggwh] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [cyldwjx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [ytmkyvx] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [amgbxxy] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [utuyufi] c:\windows\bvppyqw.exe
O4 - HKCU\..\Run: [absxdjl] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [pardpjv] c:\windows\qnnggdb.exe
O4 - HKCU\..\Run: [ldeuvdj] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [rlmgwig] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [ueaykmo] c:\windows\qrgeixr.exe
O4 - HKCU\..\Run: [twncfft] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [eqanqhf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [ubqnsge] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [msfaxkf] c:\windows\knyuter.exe
O4 - HKCU\..\Run: [fklkkmo] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [thcmtkg] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [fkyicna] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [isaeyqp] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [xpdwgbc] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ftquuxx] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [awyweay] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [ufruuom] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [gnypjir] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [orwkynj] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [mljwfvy] c:\windows\ldgstif.exe
O4 - HKCU\..\Run: [iliywqa] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kvlsvfb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [oawyfwq] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [gafmvbo] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [jkkwhxb] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [kmsxruf] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [hhpeldj] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [dxqcmua] c:\windows\fqxhaxy.exe
O4 - HKCU\..\Run: [eumraqd] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [baeceuo] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [enrofhs] c:\windows\lianomk.exe
O4 - HKCU\..\Run: [bbnyhrk] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [ovkufsh] c:\windows\boefnmy.exe
O4 - HKCU\..\Run: [bdweruo] c:\windows\boefnmy.exe
O4 - Startup: winupdate72981454[1].0xe
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: MSMserv - {A1C5B2B8-B44B-4C57-BA8E-8E4AFD36783B} - C:\WINDOWS\System32\smlogl32.dll (file missing)
O21 - SSODL: Access - {B28C34DE-0EB6-4B7A-99C9-B42DCC4451E8} - C:\WINDOWS\System32\spxcdblr.dll (file missing)

Poista nämä tiedostot vikasietotilassa:
C:\WINDOWS\System32\ --> msteflog.exe
C:\WINDOWS\System32\ --> DSMANA~1.DLL
c:\windows\ --> wlwmwvr.exe
c:\windows\ --> nnralai.exe
c:\windows\ --> vbsnuwv.exe
c:\windows\ --> gkyplyk.exe
c:\windows\ --> wjnkilg.exe
c:\windows\ --> waoxpcr.exe
c:\windows\ --> bvppyqw.exe
c:\windows\ --> qnnggdb.exe
c:\windows\ --> qrgeixr.exe
c:\windows\ --> knyuter.exe
c:\windows\ --> ldgstif.exe
c:\windows\ --> fqxhaxy.exe
c:\windows\ --> lianomk.exe
c:\windows\ --> boefnmy.exe
--> mslaugh.exe
--> teekids.exe
--> enbiei.exe
--> winupdate72981454[1].0xe
C:\WINDOWS\SYSTEM32\ --> drct16.dll

Tyhjennä tempit, roskis ja väliaikaiset internet tiedostot.

Boottaa kone.

Hae LSPFix
http://cexx.org/lspfix.htm

Avaa LSPFix
Rasti ruutuun: I know what I’m doing.
Klikkaa vasemmassa ruudussa olevaa flsmngr.dll , siirrä se oikealla olevaan ruutuun nuolinäppäimellä, klikkaa Remove ja sulje LSPFix.

[bold] Päivitä Windows [/bold]

Laita uusi logi.

Huh huh... Olipas rankkaa. Nyt nukkumaan.

sundguy · Jul 30, 2005

Kiitos V-kos hyvistä ohjeista! Töitä niiden kanssa taisi olla aika paljon.
Nyt kone tuntuu toimivan OK. Jotkut poistettavista tiedostoista ei enää löytynyt (mslaugh, teekids, enbiei, winupdate..). Ehkä syynä oli yritys poistaa ongelmia autoruns-sovelluksella, tai sitten ne vain olivat jättänyt jälkiään aiemmista hyökkäyksistä? Yritin etsiä niitä kaikilla keksimälläni kombinaatioilla. Etsin lisäksi ja poistin kaikki tiedostot 11.2.2005-päivämäärällä, koska monella ongelmatiedostolla oli tämä pvm.
Kun vihdoin sain virustarkistimen taas päälle huomasi se monenlaista virusfileä (yleensä *.0xe, *.0tm, *.0ys, *.0ll).

Seuraavassa vielä nykyinen HiJackThis-tilanne:

Logfile of HijackThis v1.99.1
Scan saved at 22:46:53, on 29.7.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\EmergencyTools\HiJackThis_1.99\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:65000
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lataa FlashGetillä - F:\apps\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - F:\apps\FlashGet\jc_all.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122646453873
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ooops, huomasinkin vielä yhden dumprep-rivin, jonka minun pitäisi vielä poistaa!

V-kos · Aug 1, 2005

Hyvä, että toimii

Kokeile FIXata vielä nuo:

O9 - Extra button: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {33F1CE5A-CC1A-4417-81EB-67C19262BEB6} - (no file) (HKCU)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)

Ja [bold] Päivitä Windows! [/bold]
Ei se sp2:n ole niin paha kuin väitetään.

Nuo *.0xe:t ja muut on F-securen uudelleen nimeämiä vaarattomia viruksia.

Log in or Sign up

Rootkit-haittaohjelma PC:ssä + virukset(?)

sundguy Member

q-hub-op Regular member

sundguy Member

kwakki Member

V-kos Regular member

sundguy Member

V-kos Regular member

Share This Page

Log in or Sign up

Rootkit-haittaohjelma PC:ssä + virukset(?)

sundguy Member

q-hub-op Regular member

sundguy Member

kwakki Member

V-kos Regular member

sundguy Member

V-kos Regular member

Share This Page

Useful Searches