virushaitta

Discussion in 'Virukset ja haittaohjelmat' started by viltsu11, Sep 6, 2005.

  1. viltsu11

    viltsu11 Regular member

    Joined:
    Feb 21, 2005
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    26
    viitiskö joku katLogfile of HijackThis v1.99.0
    Scan saved at 17:02:08, on 6.9.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
    C:\Program Files\DC++\DCPlusPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Omistaja\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zcnolhqirpvbfswiwfl.biz/...lpnrwVnihjaPsqpWZ4Gw8LRVJyXsYCQI4qnsFmpC.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {441748C4-BBFA-A2E3-403E-419A73621718} - C:\DOCUME~1\Omistaja\APPLIC~1\GLUENE~1\Finditch.exe (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [tray new active skip] C:\Documents and Settings\All Users\Application Data\Draw Wipe Tray New\Fork blah.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [Trust Close] C:\DOCUME~1\Omistaja\APPLIC~1\MAILLI~1\batchic.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: SMS-viesti - {1B893500-4A6A-4914-AACB-52387D2E76FC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {38DE015A-49DA-4CA2-ABB2-28266E66C247} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Tuki - {8B426CFD-7DC0-4281-856C-750559A27F22} - http://tuki.elisa.net/ (file missing) (HKCU)
    O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Elisa Tietoturvapalvelu - Unknown - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: fsbwsys - Unknown - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: F-Secure Policy Manager Server - Unknown - C:\Program Files\F-Secure\Management Server 5\apache.exe
    O23 - Service: Gear Security Service -turvapalvelu - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod-palvelu - Unknown - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exetoo,onko vikaa,vikaa.
     
    viltsu11, Sep 6, 2005
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Onhan sitä.

    Sammuta prosessi tehtävienhallinnasta (ctrl+alt+del -> lopeta prosessi):

    ALCXMNTR.EXE

    Hae hijackthisin uusi versio täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe ja tallenna se vaikka C:\hjt-hakemistoon

    Fixaa hijackthis:illä (sillä uudella) ( klikkaa do a system scan only, merkkaa nämä ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zcnolhqirpvbfswiwfl.biz/Bn13BrCFlyYdt8OHrQDR5v92lpnrwV...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/...
    O2 - BHO: (no name) - {441748C4-BBFA-A2E3-403E-419A73621718} - C:\DOCUME~1\Omistaja\APPLIC~1\GLUENE~1\Finditch.exe (file missing)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [tray new active skip] C:\Documents and Settings\All Users\Application Data\Draw Wipe Tray New\Fork blah.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [Trust Close] C:\DOCUME~1\Omistaja\APPLIC~1\MAILLI~1\batchic.exe
    O9 - Extra button: SMS-viesti - {1B893500-4A6A-4914-AACB-52387D2E76FC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {38DE015A-49DA-4CA2-ABB2-28266E66C247} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Tuki - {8B426CFD-7DC0-4281-856C-750559A27F22} - http://tuki.elisa.net/ (file missing) (HKCU)
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

    Laita piilotiedostot näkyviin , ohje ->http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    tiedosto C:\Windows\==>ALCXMNTR.EXE<==
    hakemisto C:\DOCUME~1\Omistaja\APPLIC~1\==>GLUENE~1<== (polun alku on C:\Documents and Settings\Omistaja\Application Data)
    hakemisto C:\Documents and Settings\All Users\Application Data\==>Draw Wipe Tray New<==
    hakamisto C:\DOCUME~1\Omistaja\APPLIC~1\==>MAILLI~1<== hakemisto (polun alku on C:\Documents and Settings\Omistaja\Application Data)

    Käynnistä uudestaan normaalisti ja laita uusi loki.
     
    -kemisti-, Sep 6, 2005
    #2
  3. viltsu11

    viltsu11 Regular member

    Joined:
    Feb 21, 2005
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    26
    kiitosta vaan mukaville auttajille
     
    viltsu11, Sep 6, 2005
    #3

Share This Page