SurfSideKick?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by J4NZ4, Nov 13, 2006.

Thread Status:
Not open for further replies.
  1. J4NZ4

    J4NZ4 Member

    Joined:
    Nov 13, 2006
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    F-Secure kertoo koko ajan koneellani olevan ohjelma SurfSideKick.
    Se avaa koko ajan popuppeja selaillessani, joissa on aina samoja mainoksia. Itse en ymmärrä HijackThis:in logista mitään, joten voisitteko auttaa?



    Logfile of HijackThis v1.99.1
    Scan saved at 18:42:12, on 13.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Globe Software\StatBar\StatBar.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Samurize\Client.exe
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Optiplex\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\dna Nettiturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156413241171
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: dna Nettiturva (BackWeb Client - 4653381) - dna Nettiturva - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
    J4NZ4, Nov 13, 2006
    #1
  2. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    1. Lataa combofix.exe tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    blade81, Nov 13, 2006
    #2
  3. J4NZ4

    J4NZ4 Member

    Joined:
    Nov 13, 2006
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    Tässä Combofixin loki:

    Optiplex - 06-11-13 19:05:19,82 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Optiplex\Ty”p”yt„"

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Documents and Settings\Optiplex\Application Data\Dxcknwrd.dll
    C:\WINDOWS\system32\bkd.exe
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\misc002
    C:\WINDOWS\system32\crunner
    C:\Program Files\Common Files\{00A96C56-095A-1035-0929-040409040166}
    C:\Program Files\Common Files\{30A96C56-095A-1035-0929-040409040166}


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


    2006-11-10 15:49 36,864 --a------ C:\WINDOWS\SYSTEM32\wbsys.dll
    2006-11-10 15:36 564,736 --a------ C:\WINDOWS\SYSTEM32\ah.scr
    2006-11-10 15:36 45,056 --a------ C:\WINDOWS\SYSTEM32\sstunst3.exe
    2006-10-22 12:07 5,120 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll
    2006-10-20 22:30 73,728 --a------ C:\WINDOWS\SYSTEM32\FLKill.exe
    2006-10-20 22:30 256 --a------ C:\sccfg.sys
    2006-10-20 18:06 43,520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
    2006-10-16 20:03 131,072 --a------ C:\WINDOWS\SYSTEM32\dzip32.dll
    2006-10-16 20:03 110,592 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
    2006-10-14 21:16 303,616 --a------ C:\WINDOWS\IsUninst.exe
    2006-10-14 21:13 639,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
    2006-10-14 19:48 737,280 --a------ C:\WINDOWS\iun6002.exe
    2006-10-14 19:26 81,728 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys
    2006-10-14 19:25 89,872 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys
    2006-10-14 19:25 79,488 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys
    2006-10-14 19:25 6,576 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys
    2006-10-14 19:25 6,144 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750cmnt.sys
    2006-10-14 19:25 6,144 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750cm.sys
    2006-10-14 19:23 55,216 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys
    2006-10-14 19:23 5,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750whnt.sys
    2006-10-14 19:23 5,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\k750wh.sys
    2006-10-13 20:24 10 --a------ C:\WINDOWS\smdat32m.sys
    2006-10-13 19:28 70,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fsdfw.sys
    2006-10-13 19:28 33,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fsndis5.sys
    2006-10-13 17:28 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
    2006-10-13 17:07 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-4653381L.exe
    2006-10-13 15:34 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.58-4653381L.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-13 19:06 -------- d-------- C:\Program Files\Common Files
    2006-11-13 18:23 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-13 18:22 -------- d-------- C:\Program Files\Steam
    2006-11-13 18:21 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Xfire
    2006-11-12 15:17 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Apple Computer
    2006-11-12 13:14 -------- d-------- C:\Program Files\QuickTime
    2006-11-12 00:08 -------- d-------- C:\Program Files\RevConnect
    2006-11-11 19:45 -------- d-------- C:\Program Files\mIRC
    2006-11-11 19:19 -------- d-------- C:\Program Files\DAEMON Tools
    2006-11-11 13:42 -------- d-------- C:\Program Files\Opera
    2006-11-10 23:56 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\foobar2000
    2006-11-10 19:46 -------- d-------- C:\Program Files\Alcohol Soft
    2006-11-10 16:13 -------- d-------- C:\Program Files\AlienGUIse
    2006-11-10 15:49 -------- d-------- C:\Program Files\Common Files\Stardock
    2006-11-09 21:11 -------- d-------- C:\Program Files\Samurize
    2006-11-09 20:44 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-09 20:44 -------- d-------- C:\Program Files\iTunes
    2006-11-09 17:23 -------- d-------- C:\Program Files\Last.fm
    2006-11-09 15:24 -------- d---s---- C:\Program Files\Xfire
    2006-11-05 16:23 -------- d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder
    2006-11-05 00:19 -------- d-------- C:\Program Files\Netscape
    2006-11-05 00:12 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Avant Profiles
    2006-11-03 20:58 -------- d-------- C:\Program Files\foobar2000
    2006-11-03 20:58 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\AdobeUM
    2006-11-03 20:57 -------- d-------- C:\Program Files\Yahoo!
    2006-11-03 19:30 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Adobe
    2006-11-03 19:28 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-11-03 19:27 -------- d-------- C:\Program Files\Adobe
    2006-11-02 18:57 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Dev-Cpp
    2006-11-02 18:41 -------- d-------- C:\Program Files\LIVEUPDATE
    2006-11-02 18:36 -------- d-------- C:\Program Files\Apple Software Update
    2006-11-02 18:12 -------- d-------- C:\Program Files\LimeWire
    2006-11-01 19:20 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Opera
    2006-10-29 14:22 662 --a------ C:\Documents and Settings\Optiplex\Application Data\AdobeDLM.log
    2006-10-29 14:22 0 --a------ C:\Documents and Settings\Optiplex\Application Data\dm.ini
    2006-10-28 17:43 -------- d-------- C:\Program Files\Guild Wars
    2006-10-24 21:01 -------- d-------- C:\Program Files\Rockstar Games
    2006-10-24 20:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-24 20:31 -------- d-------- C:\Program Files\vcmm
    2006-10-23 14:59 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Azureus
    2006-10-23 09:59 -------- d-------- C:\Program Files\Folder Lock
    2006-10-22 12:07 -------- d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
    2006-10-22 12:07 -------- d-------- C:\Program Files\ffdshow
    2006-10-22 10:47 -------- d---s---- C:\Documents and Settings\Optiplex\Application Data\Microsoft
    2006-10-20 22:26 -------- d-------- C:\Program Files\Folder Password Expert
    2006-10-20 18:19 -------- d-------- C:\Program Files\Activision
    2006-10-19 20:32 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-10-18 19:37 -------- d-------- C:\Program Files\EA GAMES
    2006-10-18 17:38 -------- d-------- C:\Program Files\ImTOO
    2006-10-16 17:21 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Ulead Systems
    2006-10-16 17:14 -------- d-------- C:\Program Files\SmartSound Software
    2006-10-16 17:13 -------- d-------- C:\Program Files\Windows Media Components
    2006-10-15 19:15 219136 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
    2006-10-15 15:47 -------- d-------- C:\Program Files\Globe Software
    2006-10-15 10:29 -------- d-------- C:\Program Files\Uplink
    2006-10-14 21:53 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-14 21:13 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\F-Secure
    2006-10-14 21:09 -------- d-------- C:\Program Files\FLVPlayer
    2006-10-14 09:13 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\.ABC
    2006-10-13 20:48 -------- d-------- C:\Program Files\ABC
    2006-10-13 20:40 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Macromedia
    2006-10-13 20:32 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Sun
    2006-10-13 20:28 -------- d-------- C:\Program Files\WinRAR
    2006-10-13 19:40 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\CyberLink
    2006-10-13 19:34 -------- d-------- C:\Program Files\dna Nettiturva
    2006-10-13 19:34 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\ispnews
    2006-10-13 19:24 -------- d-------- C:\Program Files\Java
    2006-10-13 17:19 -------- d-------- C:\Program Files\Common Files\Java
    2006-10-13 15:55 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-10-13 15:53 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Talkback
    2006-10-13 15:52 -------- d-------- C:\Documents and Settings\Optiplex\Application Data\Mozilla
    2006-09-13 07:03 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
    2006-09-13 00:24 46345 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE
    2006-08-25 17:49 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
    2006-08-21 14:26 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
    2006-08-16 13:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
    "StatBar"="C:\\Program Files\\Globe Software\\StatBar\\StatBar.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /installquiet"
    "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
    "F-Secure Manager"="\"C:\\Program Files\\dna Nettiturva\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\dna Nettiturva\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"
    "F-Secure Startup Wizard"="\"C:\\Program Files\\dna Nettiturva\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"C:\\Program Files\\dna Nettiturva\\FSGUI\\ispnews.exe\""
    "Openwares LiveUpdate"="C:\\Program Files\\LiveUpdate\\LiveUpdate.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,55,00,00,00,00,00,00,00,ab,04,00,00,c8,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Scheduled scanning task.job

    Completion time: 06-11-13 19:08:20.03
    C:\ComboFix.txt ... 06-11-13 19:08
     
    J4NZ4, Nov 13, 2006
    #3
  4. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Uploadaa seuraava tiedosto tänne ja postaa tulokset vastauksessasi:
    C:\WINDOWS\SYSTEM32\ah.scr


    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    • Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    • Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    • Käynnistä AVG Anti-Spyware.
    • Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
      • Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    • Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    • Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    • Sitten "Reports" valikon alta:
      • Laita täppi kohtaan "Automatically generate report after every scan"
      • Ota täppi pois kohdasta"Only if threats were found"
    • Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    • "Resident shield is", muuta tila active:sta inactive:ksi
    • Sulje ohjelma, ÄLÄ skannaa vielä.
    Käynnistä koneesi vikasietotilaan, Ohje!

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    • Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    • Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    • Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

      Kun skannaus on valmis:
      TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    • Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    • Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
      [​IMG]
    • Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    • Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    • Sulje ohjelma.

    Poista, jos löytyy:
    C:\WINDOWS\smdat32m.sys


    Käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi yhdessä uuden hjt-lokin kanssa.
     
    blade81, Nov 13, 2006
    #4
Thread Status:
Not open for further replies.

Share This Page