1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Hijack Tarkastus !!!!!

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi petekake 15.10.2005.

  1. petekake

    petekake Member

    Liittynyt:
    18.05.2005
    Viestejä:
    98
    Kiitokset:
    0
    Pisteet:
    16
    Tässsä ois taas jollekkin tekemistä uusi kone uudet (haitat).
    Kiitoksia jo etukäteen ;)





    Adobe Acrobat 5.0
    Adobe Download Manager 1.2 (Poista ainoastaan)
    Adobe Reader 6.0.1 - Suomi
    Advanced Networking Pack for Windows XP
    ArcSoft PhotoStudio 2000
    AsusUpdate
    Canon Internet Library for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon S300
    Canon ScanGear Toolbox CS 2.2
    Canon Utilities File Viewer Utility 1.3
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities ZoomBrowser EX
    DC++ (remove only)
    Disney Interactive Global Compatibility Update June 2003
    Disneyn pelikokoelma
    DivX Codec
    DivX Player
    Euroword 99
    F-Secure Anti-Virus
    F-Secure BackWeb
    F-Secure Distributed Firewall
    F-Secure Management Agent
    HijackThis 1.99.1
    Java 2 Runtime Environment, SE v1.4.2_01
    Messenger Plus! 3
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Finnish Language Pack
    Microsoft PowerPoint Viewer 97
    Microsoft Word 97 Viewer
    Mozilla Firefox (1.0.6)
    MSN Messenger 7.0
    MSN Työkalupalkki
    MTV3 - 24 Screen Saver
    My Search Bar
    Nero
    Päivitys Windows XP:lle (KB898461)
    RealPlayer Basic
    Scan Manager 5.2
    Shockwave
    SiS Audio Driver
    Skype 1.2
    Suojauspäivitys Windows XP:lle (KB890046)
    Suojauspäivitys Windows XP:lle (KB893066)
    Suojauspäivitys Windows XP:lle (KB893756)
    Suojauspäivitys Windows XP:lle (KB896358)
    Suojauspäivitys Windows XP:lle (KB896422)
    Suojauspäivitys Windows XP:lle (KB896423)
    Suojauspäivitys Windows XP:lle (KB896426)
    Suojauspäivitys Windows XP:lle (KB896428)
    Suojauspäivitys Windows XP:lle (KB899587)
    Suojauspäivitys Windows XP:lle (KB899588)
    Suojauspäivitys Windows XP:lle (KB899591)
    Suojauspäivitys Windows XP:lle (KB901214)
    Tattoosociety.de
    Ulead Photo Express 4.0 SE
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 9:n Hotfix-korjauspäivitys [lisätietoja on artikkelissa KB885492]
    Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa wm828026]
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Hotfix - KB896727
    Windows XP Hotfix (SP2) Q322011
    Windows XP Hotfix (SP2) Q327979
    Windows XP Hotfix (SP2) Q328310
    Windows XP Hotfix (SP2) Q329170
    Windows XP Hotfix (SP2) Q329441
    Windows XP Hotfix (SP2) Q810565
    Windows XP Hotfix (SP2) Q810577
    Windows XP Hotfix (SP2) Q810833
    Windows XP Hotfix (SP2) Q811493
    Windows XP Hotfix (SP2) Q814033
    Windows XP Hotfix (SP2) Q814995
    Windows XP Hotfix (SP2) Q815021
    Windows XP Hotfix (SP2) Q817606
    Windows XP Hotfix (SP2) Q819696
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329048]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329390]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329834]
    Windows XP Hotfix- KB282010
    Windows XP Hotfix- KB820291
    Windows XP Hotfix- KB821253
    Windows XP Hotfix- KB821557
    Windows XP Hotfix- KB822603
    Windows XP Hotfix- KB823182
    Windows XP Hotfix- KB823559
    Windows XP Hotfix- KB824105
    Windows XP Hotfix- KB824141
    Windows XP Hotfix- KB824146
    Windows XP Hotfix- KB825119
    Windows XP Hotfix- KB828035
    Windows XP Hotfix- KB828741
    Windows XP Hotfix- KB835732
    Windows XP Hotfix- KB842773





    Logfile of HijackThis v1.99.1
    Scan saved at 19:14:56, on 15.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cttynuqcxle.com/QUuc53lZkTAwPg6lglFKx4wIYR3dI5uqN2kM9ws2mIqDXR15poz6bDqg9zAvQUEg.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fysidpixjjbmwfdvdp.com/QUuc53lZkTBPqFy0qZFGTVjgaB9mP7XW7h57Vt/dlMM.jpg
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7F585EE5-5F63-1F1A-C44C-ED39ED944123} - C:\DOCUME~1\PELTON~1\APPLIC~1\GlueSeek\JunkFour.exe (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Browse Trans First Inside] C:\Documents and Settings\All Users\Application Data\Rdr Remote Browse Trans\optiongreat.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [1 That] C:\DOCUME~1\PELTON~1\APPLIC~1\BARBBU~1\TYPEGPLMEOW.exe
    O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2fucked.biz
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
    O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
    O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab
    O16 - DPF: {339C58C6-427A-4629-A5A6-7F853C50C5A6} - http://82.179.166.72/1/rdgFI208.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Vai niin ;) Kiitos uninstall-listasta :)

    Poista lisää/poista sovellus-kohdasta:

    My Search Bar

    Fixaa HjT:llä (do a system scan only, merkkaa nämä ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cttynuqcxle.com/QUuc53lZkTAwPg6lglFKx4wIYR3dI5uqN2kM9w...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fysidpixjjbmwfdvdp.com/QUuc53lZkTBPqFy0qZFGTVjgaB9mP7X...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz
    R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {7F585EE5-5F63-1F1A-C44C-ED39ED944123} - C:\DOCUME~1\PELTON~1\APPLIC~1\GlueSeek\JunkFour.exe (file missing)
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto
    O4 - HKLM\..\Run: [Browse Trans First Inside] C:\Documents and Settings\All Users\Application Data\Rdr Remote Browse Trans\optiongreat.exe
    O4 - HKCU\..\Run: [1 That] C:\DOCUME~1\PELTON~1\APPLIC~1\BARBBU~1\TYPEGPLMEOW.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.pizdato.biz
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2fucked.biz
    O15 - Trusted Zone: *.vse-moe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
    O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
    O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab
    O16 - DPF: {339C58C6-427A-4629-A5A6-7F853C50C5A6} - http://82.179.166.72/1/rdgFI208.exe

    Olikos se mese+ asennettu ilman mainosohjelmaa? Koska noita loppeja riittää. Jos ei, niin poista se kans ohjauspaneelista:

    Messenger Plus! 3

    ja fixaa tämä:

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    Laita piilotiedostot näkyviin, ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\DOCUME~1\PELTON~1\APPLIC~1\==>GlueSeek<== (jos on)
    C:\PROGRA~1\==>PERFEC~1<== (jos on)
    C:\Program Files\==>MyWay<==
    C:\Program Files\==>websx<==
    C:\Documents and Settings\All Users\Application Data\==>Rdr Remote Browse Trans<==
    C:\DOCUME~1\PELTON~1\APPLIC~1\==>BARBBU~1<== (eli siis C:\Documents and Settings\Pelton..\Application Data\Barbbu..)
    C:\WINDOWS\web\==>related.htm<==
    (C:\Program Files\==>MessengerPlus! 3<==)

    Käynnistä uudestaan ja lähetä uusi HjT-loki.
     
    Viimeksi muokattu: 15.10.2005
  4. petekake

    petekake Member

    Liittynyt:
    18.05.2005
    Viestejä:
    98
    Kiitokset:
    0
    Pisteet:
    16
    Dodii nyt uusiks



    Logfile of HijackThis v1.99.1
    Scan saved at 20:34:00, on 15.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Phone\Skype.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xkvtfmamyntvqxyq.org/QUu...YR3dI5uqN2kM9ws2mIoklNFMkh6Hqjqg9zAvQUEg.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
  6. petekake

    petekake Member

    Liittynyt:
    18.05.2005
    Viestejä:
    98
    Kiitokset:
    0
    Pisteet:
    16
    Tässä taas


    Logfile of HijackThis v1.99.1
    Scan saved at 21:03:56, on 15.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Phone\Skype.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

     
  7. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    -kemisti- joutui lähtemään...laboratorioon ;)
    Mutta jos minun analyysi kelpaa, niin loki on kunnossa :D
     
  8. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Juurikin sinne ;) Jep, kunnossa on munkin puolesta :)
     
  9. petekake

    petekake Member

    Liittynyt:
    18.05.2005
    Viestejä:
    98
    Kiitokset:
    0
    Pisteet:
    16
    Kiitoksia TAAS jäleen (ehkä joskus opin itsekkin tarkistamaan) ;P
     

Jaa tämä sivu