critical system error työkalurivillä

Marja.H · 10.09.2006

critical system error vilkkuu työkalurivillä ja nyt ois ammattiihmisen neuvot tarpeen..

Logfile of HijackThis v1.99.1
Scan saved at 14:15:24, on 10.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\JANI KIISKINEN\TYÖPÖYTÄ\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

SmitFraudFix v2.85

Scan done at 14:08:49,21, su 10.09.2006
Run from C:\Documents and Settings\Jani Kiiskinen\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6570b782-1a41-4053-b2c9-12c7fcf0d84d}"="imputable"

[HKEY_CLASSES_ROOT\CLSID\{6570b782-1a41-4053-b2c9-12c7fcf0d84d}\InProcServer32]
@="C:\WINDOWS\system32\duxzj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6570b782-1a41-4053-b2c9-12c7fcf0d84d}\InProcServer32]
@="C:\WINDOWS\system32\duxzj.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\duxzj.dll -> Hoax.Win32.Renos.gen.d
C:\WINDOWS\system32\duxzj.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AfterDawn

-kemisti- · 10.09.2006

Lataa process explorer -> http://download.sysinternals.com/Files/ProcessExplorerNt.zip

Pura se omaan kansioon ja sitten avaa
Sitte ylhäältä View ja kato, että siellä on täpit näissä kohdissa

- Show processes from all users.
- Show Lower Pane
- Lower Pane View DLL's

Sitten siitä ikkunasta klikkaa Explorer.exe-kohtaa
Sitten ylhäältä File > Save As > ja säästät sen ja sitte pistä tänne se logi,niin katotaan jos siinä näkyy jotain.

Marja.H · 10.09.2006

Process PID CPU Description Company Name
System Idle Process 0 92.65
Interrupts n/a Hardware Interrupts
DPCs n/a 0.74 Deferred Procedure Calls
System 4 0.74
smss.exe 540 Windows NT:n istunnonhallinta Microsoft Corporation
csrss.exe 764 Client Server Runtime Process Microsoft Corporation
winlogon.exe 792 Windows NT -kirjaus Microsoft Corporation
services.exe 840 0.74 Palvelu- ja ohjainohjelma Microsoft Corporation
svchost.exe 1016 Generic Host Process for Win32 Services Microsoft Corporation
winamp.exe 2144 Winamp Nullsoft
svchost.exe 1112 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1316 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1420 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1616 Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 1836 LexBce Service Lexmark International, Inc.
LEXPPS.EXE 1876 LEXPPS.EXE Lexmark International, Inc.
spoolsv.exe 1884 Spooler SubSystem App Microsoft Corporation
SERVIC~1.EXE 264 BackWeb Runner Application BackWeb Technologies Inc.
fsgk32st.exe 424 fsgk32st F-Secure Corp.
fsgk32.exe 452 Gatekeeper Handler II F-Secure Corp.
fssm32.exe 584 fssm32 F-Secure Corp.
fsbwsys.exe 464 fsbwsys F-Secure Corp.
FSMA32.EXE 492 F-Secure Management Agent F-Secure Corporation
FSMB32.EXE 556 F-Secure Message Broker F-Secure Corporation
FCH32.EXE 1216 F-Secure Configuration Handler F-Secure Corporation
FAMEH32.EXE 1744 F-Secure Alert and Management Extension Handler F-Secure Corporation
FIH32.exe 3100 F-Secure Installation Launcher F-Secure Corporation
FSAV32.exe 2064 FSAV Handler F-Secure Corporation
nvsvc32.exe 592 NVIDIA Driver Helper Service, Version 66.31 NVIDIA Corporation
svchost.exe 644 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 700 Windows User Mode Driver Manager Microsoft Corporation
FNRB32.exe 2872 F-Secure Network Request Broker F-Secure Corporation
fsdfwd.exe 3136 1.47 F-Secure Anti-Virus Internet Shield daemon F-Secure Corporation
alg.exe 3716 Application Layer Gateway Service Microsoft Corporation
lsass.exe 852 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 328 Resurssienhallinta Microsoft Corporation
SOUNDMAN.EXE 2356 Realtek Sound Manager Realtek Semiconductor Corp.
WkUFind.exe 2496 Microsoft® Works Update Detection Microsoft® Corporation
lxbkbmgr.exe 2504 Lexmark X1100 Series Button Manager Lexmark International, Inc.
lxbkbmon.exe 2624 Lexmark X1100 Series Button Monitor Lexmark International, Inc.
jusched.exe 2528 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
FSM32.EXE 2540 F-Secure Settings and Statistics F-Secure Corporation
fsguiexe.exe 2324 F-Secure GUI component F-Secure Corporation
ctfmon.exe 3104 CTF Loader Microsoft Corporation
SweetIM.exe 3176 SweetIM MSN Messenger Enhancer MacroGaming LTD.
msnmsgr.exe 3700 MSN Messenger Microsoft Corporation
F-Secure Automatic Update.exe 3516 BackWeb Runner Application BackWeb Technologies Inc.
BitComet.exe 3376 BitComet - a BitTorrent Client www.BitComet.com
firefox.exe 2868 Firefox Mozilla
procexp.exe 3380 3.68 Sysinternals Process Explorer Sysinternals

Process: explorer.exe Pid: 328

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
advapi32.dll Windows 32 -pohjainen lisä-API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
batmeter.dll Battery Meter Helper -kirjasto (DLL) Microsoft Corporation 6.00.2900.2180
browselc.dll Liittymäselaimen käyttöliittymäkirjasto Microsoft Corporation 6.00.2900.2180
browseui.dll Liittymäselaimen käyttöliittymäkirjasto Microsoft Corporation 6.00.2900.2937
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
comdlg32.dll Yleisten valintaikkunoiden dll-tiedosto Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Luottamusliittymän tarjoaja Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline-verkkoagentti Microsoft Corporation 5.01.2600.2180
cscui.dll Asiakkaan puskurointiliittymä Microsoft Corporation 5.01.2600.2180
ctype.nls
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
dsound.dll DirectSound Microsoft Corporation 5.03.2600.2180
duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
explorer.exe Resurssienhallinta Microsoft Corporation 6.00.2900.2180
fpshx.dll FSAV Shell Extension Dll F-Secure Corporation 5.50.9200.0000
FSMA32.DLL F-Secure Management Agent API library F-Secure Corporation 5.70.7913.0000
FSPMAPI.DLL F-Secure Policy Manager API Library F-Secure Corporation 5.70.7913.0000
fxsapi.dll Microsoft Fax API Support DLL Microsoft Corporation 5.02.2600.2180
fxsst.dll Faksipalvelu Microsoft Corporation 5.02.2600.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
IadHide5.dll IAdHide BackWeb 6.03.0002.0110
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
kernel32.dll Windows NT BASE APIn asiakas-DLL Microsoft Corporation 5.01.2600.2945
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
lpk.dll Language Pack Microsoft Corporation 5.01.2600.2180
LQCUI2.dll QuickCam User Interface Language Labtec Inc. 8.04.0002.1019
mfc42.dll MFCDLL Shared Library - Retail Version Microsoft Corporation 6.02.4131.0000
mfc42loc.dll MFC-kieliresurssit Microsoft Corporation 6.00.8665.0000
mgAdaptersProxy.dll AdaptersProxy MacroGaming 1.01.0000.0162
midimap.dll Microsoft MIDI-kartoitin Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mpr.dll Monipalvelureititin-DLL Microsoft Corporation 5.01.2600.2180
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180
msgina.dll Windows NT -kirjaus GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msutb.dll MSUTB Server DLL Microsoft Corporation 5.01.2600.2180
msvcp60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation 6.02.3104.0000
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2952
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI-luokat Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer -kirjasto (DLL) Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntmarta.dll Windows NT MARTA -toimittaja Microsoft Corporation 5.01.2600.2180
ntshrui.dll Liittymälaajennus jakamista varten Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC-resurssit Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE Windowsia varten Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
RarExt.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdoclc.dll Shell Doc -objekti ja Control-kirjasto Microsoft Corporation 6.00.2900.2180
shdocvw.dll Shell Doc -objekti ja Control-kirjasto Microsoft Corporation 6.00.2900.2937
shell32.dll Windows-käyttöliittymän yleinen DLL Microsoft Corporation 6.00.2900.2951
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2937
sortkey.nls
sorttbls.nls
stobject.dll Systray shell -palvelun objekti Microsoft Corporation 5.01.2600.2180
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
syncui.dll Windows Salkku Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
unicode.nls
urlmon.dll OLE32-laajennukset Win32:ta varten Microsoft Corporation 6.00.2900.2960
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web-sivuston valvonta Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wininet.dll Internet-laajennus Win32:ta varten Microsoft Corporation 6.00.2900.2937
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winspool.drv Windows Taustatulostusohjain Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIt Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 Ldap API dll Microsoft Corporation 5.01.2600.2180
wmasf.dll Windows Media ASF DLL Microsoft Corporation 10.00.0000.3802
wmpband.dll Windows Media Player Microsoft Corporation 10.00.0000.3802
wmvcore.dll Windows Media Playback/Authoring DLL Microsoft Corporation 10.00.0000.3802
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows NT:n Windows Socket 2.0 Helper Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socketin 32-bittinen DLL-tiedosto Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 -viestit Microsoft Corporation 5.01.2600.2180

-kemisti- · 10.09.2006

Katotaas sitten tällä:

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen

Marja.H · 10.09.2006

Jani Kiiskinen - 06-09-10 15:15:19,26
ComboFix 06.09.07 - Running from: C:\Documents and Settings\Jani Kiiskinen\Ty”p”yt„

Microsoft Windows XP [versio 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-10 to 2006-09-10 ))))))))))))))))))))))))))))))))))

2006-09-09 00:07 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-09 00:07 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-09 00:07 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-09 00:07 135,168 --a------ C:\WINDOWS\system32\swreg.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-10 15:14 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-08 21:39 -------- d-------- C:\Program Files\eMule
2006-09-08 21:39 -------- d-------- C:\Documents and Settings\Jani Kiiskinen\Application Data\uTorrent
2006-09-08 19:17 -------- d-------- C:\Program Files\Easy CD-DA Extractor 9
2006-09-03 18:06 7650 --a------ C:\Documents and Settings\Jani Kiiskinen\Application Data\wklnhst.dat
2006-08-29 14:27 -------- d-------- C:\Program Files\BitComet
2006-08-29 13:55 -------- d-------- C:\Program Files\uTorrent
2006-08-27 15:50 -------- d-------- C:\Program Files\DC++
2006-08-20 23:33 -------- d-------- C:\Program Files\Music NFO Builder
2006-08-20 09:40 -------- d-------- C:\Program Files\Winamp
2006-08-15 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-06 10:05 -------- d-------- C:\Program Files\Lavasoft
2006-08-06 10:05 -------- d-------- C:\Documents and Settings\Jani Kiiskinen\Application Data\Lavasoft
2006-07-31 20:00 -------- d---s---- C:\Documents and Settings\Jani Kiiskinen\Application Data\Microsoft
2006-07-31 20:00 -------- d-------- C:\Program Files\Macrogaming
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 18:26 -------- d-------- C:\Program Files\PC Wizard 2006
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 21:16 -------- d-------- C:\Program Files\CasinoEuro

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NWEReboot"=""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Sun 10.09.2006 15:16:00.57
ComboFix.txt

-kemisti- · 10.09.2006

Ei näy mitään. Kokeillaas näin:

Ota nettipiuha pois ja F-secure pois päältä. Boottaa vikasietoon ja aja siellä uudestaan smitfraudfix. Käynnistä uudelleen, laita F-secure takaisin päälle ja nettipiuha myös.

Lähetä uusi HjT-loki ja c:\rapport.txt-tiedoston sisältö.

Marja.H · 10.09.2006

Kuinka on mahdollista, että se critical system error juttu on hävinnyt työkaluriviltä???
voiko olla, että se tulee takas ykskaks???
mikä sen poisti?? joku lataamani ohjelma? vikasietotila?

-kemisti- · 10.09.2006

Niin ajoitko sen smitfraudfixin vikasietotilassa? Jos, niin lähetä uusi HjT-loki ja c:\rapport.txt-tiedoston sisältö.

Kirjaudu tai liity jäseneksi

critical system error työkalurivillä

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

critical system error työkalurivillä

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Marja.H Member

-kemisti- Active member

Jaa tämä sivu

Hyödyllisiä hakuja