Windows "jäätyy"

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by suoliis, Aug 15, 2006.

Thread Status:
Not open for further replies.
  1. suoliis

    suoliis Guest

    Tällä kertaa ongelmana on se, että kun windows on ollut jonkin aikaa päällä, se jämähtää. Työpöytä (ei tehtäväpalkki) reagoi hiireen , mutta mikään ohjelma ei aukea. Joskus näin käy viidessä minuutissa ja joskus siihen voi mennä tuntikin.

    Tässä vielä hjt-logi jos se jotain auttaisi:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:07:17, on 15.8.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    D:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    D:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    D:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    D:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    D:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    D:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    D:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    D:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    D:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    D:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
    D:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    D:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    D:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    D:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hpmomarofkrbtbpcjqgcuxst...CAmIFrpx2UmkxegvsTf3y4IY8WGjBbsbkUG355VZ3.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "D:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = D:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - D:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Lataa FlashGetillä - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - D:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - D:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139645139921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139645130171
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - D:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
     
  2. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Lataa NoLop (http://www.spywareedge.net/nolop/NoLop.exe) työpöydällesi

    * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    * Tuplaklikkaa NoLop.exe ajaaksesi sen
    * Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    * Klikkaa "REBOOT"-painiketta.
    * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx (http://www.boletrice.com/downloads/mscomctl.ocx) ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --
     
  3. suoliis

    suoliis Guest

    NoLop sanoi että "no infection", ehkä sitten onnistuin hankkiutumaan töhkistä eroon. Tässä nämä kuitenkin:

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\pentti\Työpöytä
    [20.8.2006]
    [12:04:57]

    ---Infection Files Found/Removed---
    NO INFECTION FILES FOUND - Cleaning Aborted.

    ---Listing AppData sub directories---

    C:\Documents and Settings\All Users\Application Data\F-secure
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Netmon
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Pentti\Application Data\F-secure
    C:\Documents and Settings\Pentti\Application Data\Identities
    C:\Documents and Settings\Pentti\Application Data\Ispnews
    C:\Documents and Settings\Pentti\Application Data\Lavasoft -- EMPTY Directory
    C:\Documents and Settings\Pentti\Application Data\Macromedia
    C:\Documents and Settings\Pentti\Application Data\Microsoft
    C:\Documents and Settings\Pentti\Application Data\Mozilla


    Logfile of HijackThis v1.99.1
    Scan saved at 12:06:55, on 20.8.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Sonera Tietoturva\Common\FSM32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    D:\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    D:\Sonera Tietoturva\Common\FSMA32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fssm32.exe
    D:\Sonera Tietoturva\Common\FSMB32.EXE
    D:\Sonera Tietoturva\Common\FCH32.EXE
    D:\Sonera Tietoturva\Common\FAMEH32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsrw.exe
    D:\Sonera Tietoturva\FSPC\fspc.exe
    D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    D:\Sonera Tietoturva\Anti-Virus\fsav32.exe
    D:\SONERA~1\ANTI-S~1\fsaw.exe
    D:\Sonera Tietoturva\FSGUI\fsguidll.exe
    D:\Program Files\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "D:\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Sonera Tietoturva.lnk = D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - D:\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\o8480ihue8480.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Sonera Tietoturva\Common\FSMA32.EXE


     
  4. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Koneella on uutta shittiä. Suosittelen, että asentaisit Windowsin service pack 1:en (ei kakkosta!) ennen kuin jatkamme koneen puhdistusta. SP:tä vailla oleva kone nimittäin saastuu erittäin helposti uudelleen.
     
  5. suoliis

    suoliis Guest

  6. suoliis

    suoliis Guest

    noniin, jälleen löytyi scannilla malwarea ja pari virusta.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:13:32, on 22.8.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    D:\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    D:\Sonera Tietoturva\Common\FSMA32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fssm32.exe
    D:\Sonera Tietoturva\Common\FSMB32.EXE
    D:\Sonera Tietoturva\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Sonera Tietoturva\Common\FAMEH32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsrw.exe
    D:\Sonera Tietoturva\FSPC\fspc.exe
    D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    D:\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Sonera Tietoturva\Common\FSM32.EXE
    D:\SONERA~1\ANTI-S~1\fsaw.exe
    D:\Sonera Tietoturva\FSGUI\ispnews.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Sonera Tietoturva\FSGUI\fsguidll.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\mIRC\mirc.exe
    D:\Program Files\firefox.exe
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "D:\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - D:\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe




    NoLop! Log by Skate_Punk_21

    Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

    Fix running from: C:\Documents and Settings\pentti\Työpöytä
    [22.8.2006]
    [18:12:24]

    ---Infection Files Found/Removed---
    NO INFECTION FILES FOUND - Cleaning Aborted.

    ---Listing AppData sub directories---

    C:\Documents and Settings\All Users\Application Data\F-secure
    C:\Documents and Settings\All Users\Application Data\Hp
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Msn6
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Netmon
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Pentti\Application Data\F-secure
    C:\Documents and Settings\Pentti\Application Data\Hp
    C:\Documents and Settings\Pentti\Application Data\Identities
    C:\Documents and Settings\Pentti\Application Data\Image Zone Express
    C:\Documents and Settings\Pentti\Application Data\Ispnews
    C:\Documents and Settings\Pentti\Application Data\Lavasoft -- EMPTY Directory
    C:\Documents and Settings\Pentti\Application Data\Macromedia
    C:\Documents and Settings\Pentti\Application Data\Microsoft
    C:\Documents and Settings\Pentti\Application Data\Mozilla
    C:\Documents and Settings\Pentti\Application Data\Msn6
    C:\Documents and Settings\Pentti\Application Data\Sun
    C:\Documents and Settings\Testi\Application Data\Identities
    C:\Documents and Settings\Testi\Application Data\Ispnews
    C:\Documents and Settings\Testi\Application Data\Microsoft
     
  7. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    No niin, jatketaan :)

    Käynnistä hjt, klikkaa do a system scan only, merkkaa:
    [bold]R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
    [/bold]
    Sulje muut ikkunat ja klikkaa fix checked.

    Käynnistä kone vikasietotilaan (F8ia koneen käynnistyessä ja listalta vikasietotila) ja poista seuraavat, jos löytyvät:
    c:\windows\system32\[bold]taskmgn.exe[/bold] (huom! älä sekoita tätä oikeaan task manageriin, joka on samassa kansiossa oleva taskmg[bold]r[/bold].exe)
    C:\WINDOWS\System32\[bold]csrs.exe[/bold]

    Käynnistä tämän jälkeen takaisin normaalitilaan.

    Lataa SmitfraudFix (c) S!Ri (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi. Liitä myös tuore hjt-loki.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
     
    Last edited: Aug 22, 2006
  8. suoliis

    suoliis Guest

    taskmgn.exe ja csrs.exe ei löytynyt, eli se on hoidossa :)

    SmitFraudFix v2.81

    Scan done at 20:04:47,76, ti 22.08.2006
    Run from C:\Documents and Settings\pentti\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\uniq FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\drsmartload2.dat FOUND !
    C:\WINDOWS\keyboard1.dat FOUND !
    C:\WINDOWS\newname.dat FOUND !
    C:\WINDOWS\teller2.chk FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pentti\Application Data

    C:\Documents and Settings\pentti\Application Data\Install.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pentti\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    Logfile of HijackThis v1.99.1
    Scan saved at 20:06:48, on 22.8.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Sonera Tietoturva\Common\FSM32.EXE
    D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    D:\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    D:\Sonera Tietoturva\Common\FSMA32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fssm32.exe
    D:\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Sonera Tietoturva\Common\FCH32.EXE
    D:\Sonera Tietoturva\Common\FAMEH32.EXE
    D:\Sonera Tietoturva\FSPC\fspc.exe
    D:\Sonera Tietoturva\Anti-Virus\fsrw.exe
    D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Sonera Tietoturva\Anti-Virus\fsav32.exe
    D:\SONERA~1\ANTI-S~1\fsaw.exe
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Sonera Tietoturva\FSGUI\fsguidll.exe
    D:\Program Files\firefox.exe
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "D:\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - D:\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
     
  9. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Laita mukaan uusi hjt-loki.
     
  10. suoliis

    suoliis Guest

    Toivottavasti tämä alkaa olla kohta kunnossa :)


    SmitFraudFix v2.81

    Scan done at 22:05:14,01, ti 22.08.2006
    Run from C:\Documents and Settings\pentti\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\uniq Deleted
    C:\WINDOWS\drsmartload2.dat Deleted
    C:\WINDOWS\keyboard1.dat Deleted
    C:\WINDOWS\newname.dat Deleted
    C:\WINDOWS\teller2.chk Deleted
    C:\Documents and Settings\pentti\Application Data\Install.dat Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Logfile of HijackThis v1.99.1
    Scan saved at 22:13:47, on 22.8.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Sonera Tietoturva\Common\FSM32.EXE
    D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    D:\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    D:\Sonera Tietoturva\FSGUI\ispnews.exe
    D:\Sonera Tietoturva\Common\FSMA32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    D:\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Sonera Tietoturva\Common\FAMEH32.EXE
    D:\Sonera Tietoturva\Anti-Virus\fsrw.exe
    D:\Sonera Tietoturva\FSPC\fspc.exe
    D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Sonera Tietoturva\Anti-Virus\fsav32.exe
    D:\SONERA~1\ANTI-S~1\fsaw.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Sonera Tietoturva\FSGUI\fsguidll.exe
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Program Files\firefox.exe
    D:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "D:\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sonera Tietoturva.lnk = D:\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - D:\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Sonera Tietoturva\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - D:\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - D:\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
     
  11. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Lokisi on kunnossa :)

    Poista vielä vanha Javan versio (lisää/poista sovellus -toiminnolla) ja hae uusi täältä -> http://java.com/en/download/index.jsp. Tämän lisäksi voit nyt asentaa sp2:en ja hakea hosts-tiedoston (allekirjoitukseni mvps-linkki) surffausta suojaamaan. Noiden jälkeen kone on astetta turvallisempi :)
     
  12. suoliis

    suoliis Guest

    Kiitos sinulle.
     
  13. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Ole hyvä :)
     
Thread Status:
Not open for further replies.

Share This Page