itunes.exe

vika26 · 18.01.2006

Elikkä aina kun kytken ipodin koneeseen, itunes aukee ja rupeen siirtämää vaikka biisejä niin vähä ajan päästä tulee ilmotus ``itunes.exe on vahingoittunut suorita chkdsk`` lyhennettynä ja ipodi sammuu. luulen että tossa on joku viirus kyseessä

AfterDawn

aaxxeell · 18.01.2006

Taitaa olla mato tullut...

Lähetä HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe .
Tallenna hakemistoon c:\hjt\, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

vika26 · 19.01.2006

Joo arvelinki vähä että se on mato ja oisko ollu vielä toi opanki.

Logfile of HijackThis v1.99.1
Scan saved at 16:04:35, on 19.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137250890123
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137250871638
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

spertti · 19.01.2006

Eipä lokissa mitään pahaa näy.
Puhdistetaanpa ewidolla ->
http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä sen raportti tänne.

vika26 · 19.01.2006

Ei mun mielestä tosta sitä löytyny mutta miten noita svchost.exe on noin
paljon tossa hijackin logfilessä?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:04:34, 19.1.2006
+ Report-Checksum: 55A7F266

+ Scan result:

:mozilla.18:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Skäbä\Application Data\Mozilla\Firefox\Profiles\pk5bqu5t.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

::Report End

spertti · 19.01.2006

Evästeitä vaan... Noita svchost.exe prosesseja on ihan normaali määrä. Minullakin niitä on tällä hetkellä 6, joten mitään huolestuttavaa tuossa ei ole. Kannattaa kokeilla uninstalloida, ja asentaa sen jälkeen uudestaan tuo itunesin ohjelmisto.

vika26 · 19.01.2006

Ei auttanu sekään.. aika ikävä toi mato menny jo muutaman ipodi basaks

aaxxeell · 19.01.2006

Niin no kokeile vielä eScan ajaa jos se paljastaiskin jotain?
http://koti.mbnet.fi/pattaya1/escanmwav.htm
Tee ohjeiden mukainen päivitys ja lähetä alemman laatikon tulokset tänne.

vaihtoehto 2:
http://www.virustotal.com/flash/index_en.html
Lähetä tuonne se itunes.exe jota epäilet niin se tarkistetaan 18 antivirus ohjelman toimesta.

vika26 · 20.01.2006

No tota escania oon jo kokeillu.. Se tossa on vähä ongelma ku en tiiä yhtää mikä vois olla epäilyttävä mutta jos mä kokeilen vaikka lähettää ton itunes.exen..

aaxxeell · 20.01.2006

Löytääkö tuo eScan mitään? ja kokeile juu sitä itunes.exe siellä.
Aikankin tämä on aivan kunnollinen rivi: C:\Program Files\iTunes\iTunesHelper.exe. Sijaitseeko itunes.exe sitten jossain muualla kun ei lokista näy?

fkock · 20.01.2006

Name: itunes

Filename: itunes.exe

Command: Unknown at this time.

Description:

Added by a variant of the WIN32.RBOT WORM! - NOTE - this
file will be placed in de Windows\System32 or Winnt\System32 folder, and should NOT be confused with the (legitimate) Apple iTunes process, always located in the Program Files\iTunes folder.
File Location: Unknown

Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
Laajenna...

http://www.bleepingcomputer.com/startups/itunes.exe-10325.html

EDIT: C:\Windows\System32 Eli tuolta pitäisi löytyä jos on se mato. Käynnistä kone vikasietotilassa ja koita poistaa.

EDIT: HijackThis Category: O4 Entry

aaxxeell · 20.01.2006

EDIT: HijackThis Category: O4 Entry
Laajenna...

Tuota hainkin että se olisi tehnyt Hjt loikiin jäljen mutta kun ei näy 04 rivillä tai muualla...
eScan voisi paljastaa tuon madon myös mutta ilmeisesti ei, eli kone tuntuisi olevan puhdas

vika26 · 21.01.2006

escan ei löytänyt mitään ja toi itunes.exe on 11.5 Mt eli sitä ei voi lähettää. itunes.exe sijaitsee C:\Program Files\iTunes\iTunes.exe.

aaxxeell · 21.01.2006

Sitenpä totean koneen kyllä olevan puhdas nyt ja vika ei siis ole viiruksissa tai muissa örkeissä. Kannattaa nyt kysellä vielä ajuri ja softa ongelmista, mistä voisi kiikastaa kun konekkin on puhdas.

vika26 · 23.01.2006

oorrait, mutta kiitoksia kun ootte jaksanu kirjotella ja pähkäillä

aaxxeell · 23.01.2006

Ole hyvä

Kirjaudu tai liity jäseneksi

itunes.exe

vika26 Member

aaxxeell Regular member

vika26 Member

spertti Active member

vika26 Member

spertti Active member

vika26 Member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

fkock Regular member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

itunes.exe

vika26 Member

aaxxeell Regular member

vika26 Member

spertti Active member

vika26 Member

spertti Active member

vika26 Member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

fkock Regular member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

vika26 Member

aaxxeell Regular member

Jaa tämä sivu

Hyödyllisiä hakuja