1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Rootkit virus hengailee

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi mfn72os 28.07.2012.

  1. mfn72os

    mfn72os Member

    Liittynyt:
    28.08.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Eli koneella on ollut asustelemassa ilmeisesti rootkit-virus, jonka seurauksena netti ei toimi. Tässä HJT-logi:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:43:00, on 28.7.2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Documents and Settings\Reijo\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\PROGRA~1\Uniblue\POWERS~1\powersuite.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\JHT\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
    O4 - HKCU\..\Run: [PowerSuite] "C:\PROGRA~1\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Reijo\Application Data\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173792658875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232714791500
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Fsdfwd (ARCSOFTVIRTUALCAPTURE) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google-päivityspalvelu (gupdate1c9cc03dcb49e44) (gupdate1c9cc03dcb49e44) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Amdagp (ipodsrv) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Proxyhostmirrordisplay (mdc8021x) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: TdmService (MRESP50) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: AVWLP_USB (pxfhbus) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: QV2KUX (XFX_program) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

    --
    End of file - 10088 bytes
     
    Viimeksi muokattu: 28.07.2012
    mfn72os, 28.07.2012
    #1
  2.  
  3. OneMember

    OneMember Active member

    Liittynyt:
    12.01.2006
    Viestejä:
    3,188
    Kiitokset:
    56
    Pisteet:
    78
    Nämä poistoon:
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"


    Nämä voi korjata:
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)



    Tämän tarkoitus on minullekin arvoitus, joten ehkä kannattaa poistaa:
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/ph...ol/MSNPUpld.cab
     
    Viimeksi muokattu: 30.07.2012
    OneMember, 30.07.2012
    #2
  4. mfn72os

    mfn72os Member

    Liittynyt:
    28.08.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    En tiedä tuliko tämän rootkit -viruksen ansiosta vai mistä, mutta koneelle myös ilmestyi tälläinen ns. "ransomware" virus, jonka sain sen verran taltutettua, ettei kone mene enää jumiin ja pääsee nettiin surffaamaan. Korjasin nuo kohdat HJT:llä, mutta jotain epämääräistä siellä näyttäisi olevan. Tässä tuorein HJT-logi:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:41:02, on 6.8.2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Documents and Settings\Reijo\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Uniblue\POWERS~1\powersuite.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\JHT\Trend Micro\HiJackThis\HEIJAAKKOTÄMÄ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
    O4 - HKCU\..\Run: [PowerSuite] "C:\PROGRA~1\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Reijo\Application Data\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173792658875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232714791500
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Fsdfwd (ARCSOFTVIRTUALCAPTURE) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe (file missing)
    O23 - Service: AV Watch Service - Unknown owner - (no file)
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google-päivityspalvelu (gupdate1c9cc03dcb49e44) (gupdate1c9cc03dcb49e44) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Amdagp (ipodsrv) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Proxyhostmirrordisplay (mdc8021x) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: TdmService (MRESP50) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    O23 - Service: AVWLP_USB (pxfhbus) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: QV2KUX (XFX_program) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

    --
    End of file - 10129 bytes
     
    mfn72os, 06.08.2012
    #3
  5. OneMember

    OneMember Active member

    Liittynyt:
    12.01.2006
    Viestejä:
    3,188
    Kiitokset:
    56
    Pisteet:
    78
    Nuo ransomwaret ovat ilmestyneet hyvin äkkiä ja ovat vaikeita poistaa.
    Itselle tuli sukulaiselta kone jossa semmoinen oli. Otin kannettavasta kovalevyn irti ja skannasin sen omalla koneella ja poistin kaiken roskan.
    Sitten laitoin kovon takaisin ja käynnistin vikasietotilassa ja tarkistin että kovo on puhdas.


    Mutta asiaan...

    Tässä on mitä Skypen ja Googlen toolbarit änkee koneelle. Selaimet ei vaadi mitään toolbareja, joten ne voi ihan hyvin poistaa sovellusten hallinnasta.
    Huom, Googlen haun saa selaimeen ilman toolbaria.

    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe



    Korjaa:
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
    03 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)


    Poista:
    (Nämä voi jättää, mutta jos ei tarvetta niin lue TÄMÄ.)
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')



    Näitä en käyttäisi, joten poistaminen on sinusta kiinni.
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Näiden ei pitäisi tarvita omia poikkeuksia, joten voi poistaa:
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...b?1173792658875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...b?1232714791500



    EDIT: Onhan sinulla päällä vain yksi Palomuuri sekä Virustorjunta ohjelma samaan aikaan?
    Useaa ohjelmaan samaan tarkoitukseen EI kannata käyttää.
    Esim Comodo tarjoaa ilmaisen virustorjunnan ja palomuurin samassa paketissa. Hyviä ilmaisia ohjelmia löytyy myös aD:n lataus-sivulta.
     
    Viimeksi muokattu: 06.08.2012
    OneMember, 06.08.2012
    #4

Jaa tämä sivu