Kone jumittaa. HJT-loki tarkistus.

mardenis · 09.11.2006

Logfile of HijackThis v1.99.1
Scan saved at 21:14:50, on 9.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\system32\sp2ctr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wservice.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\common files\system\b422ac99.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\NICOMA~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: (no name) - {CAF261B6-421B-4D02-8657-7FE995368BEA} - C:\WINDOWS\system32\pgmh.dll (file missing)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\b422ac99.exe /noerrorinfo
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150787593859
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1073F553-0111-44B0-A1DD-D3DEDB75A654}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3F1B9C0-98AD-40FA-8C6B-2DCD08B2FE29}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6772B90-29DF-498C-BAF8-C04653F953F5}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{1073F553-0111-44B0-A1DD-D3DEDB75A654}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5uZSBNYXJ0aW4\command.exe (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

jotain tarvis tehä

AfterDawn

mardenis · 09.11.2006

oon yrittänyt skannata mutta kone on jotenkin aina kaatunut enkä oikein löydä vikaa mitä poistaa. Olisko joku viisaampi joka osais kertoa mitä tehdä....?

mardenis · 09.11.2006

työpöydälle pivittyy jotain ihme tiedostoja ja mainos-ikkunat hyppii silmille... tarvisin kovasti apua.

blade81 · 10.11.2006

Huhhuh.. Jopas on pahasti runnellussa kunnossa kone. :O Lähdetään näillä liikkeelle.

http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix
Tallenna se vaikka työpöydälle. Sammuta kaikki muut ohjelmat, koska fixin jälkeen kone käynnistyy uudelleen. Käynnistä ohjelma ja klikkaa "Desinfektionen starten". Kone käynnistyy tämän jälkeen ja loki avautuu muistioon. Lähetä uusi HijackThis-loki ja sphjfixin lokin sisältö.

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä seuraavat lokit (tarvittaessa useampana viestinä):
- sphjfixin lokin sisältö
- combofixin loki
- uusi hjt loki

fixeri · 10.11.2006

@mardenis

Huh! Onpa sitä kyseenalaisilla sivuilla vietetty useempikin hetki vissiin..

mardenis · 10.11.2006

tä olis nää kolme

(11.10.06 20:27:27) SPSeHjFix started v1.1.2
(11.10.06 20:27:27) OS: WinXP Service Pack 2 (5.1.2600)
(11.10.06 20:27:27) Language: suomi
(11.10.06 20:27:27) Win-Path: C:\WINDOWS
(11.10.06 20:27:27) System-Path: C:\WINDOWS\system32
(11.10.06 20:27:27) Temp-Path: C:\DOCUME~1\ANNEMA~1\LOCALS~1\Temp\
(11.10.06 20:27:33) Disinfection started
(11.10.06 20:27:33) Bad-Dll(IEP): c:\docume~1\nicoma~1\locals~1\temp\sp.dll
(11.10.06 20:27:33) UBF: 4 - UBB: 13 - UBR: 18
(11.10.06 20:27:33) UBF: 4 - UBB: 13 - UBR: 18
(11.10.06 20:27:33) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\nicoma~1\locals~1\temp\sp.dll/sp.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(11.10.06 20:27:34) Stealth-String not found
(11.10.06 20:27:34) No locked Files to delete. End without Reboot
(11.10.06 20:28:06) Disinfection started
(11.10.06 20:28:06) Bad-Dll(IEP): c:\docume~1\nicoma~1\locals~1\temp\sp.dll
(11.10.06 20:28:06) UBF: 4 - UBB: 13 - UBR: 18
(11.10.06 20:28:06) UBF: 4 - UBB: 13 - UBR: 18
(11.10.06 20:28:06) Bad IE-pages: (none)
(11.10.06 20:28:06) Stealth-String not found
(11.10.06 20:28:06) No locked Files to delete. End without Reboot

Anne Martin - 06-11-10 20:32:40,53 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Anne Martin\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\vxgamet1.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\network monitor
C:\WINDOWS\QW5uZSBNYXJ0aW4

((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))

2006-11-10 20:22 5,707 --a------ C:\Documents and Settings\Anne Martin\xs7QN4d.exe
2006-11-09 20:52 5,707 --a------ C:\Documents and Settings\Anne Martin\fOOwW1b.exe
2006-11-08 23:14 5,707 --a------ C:\Documents and Settings\Anne Martin\pUSPm73.exe
2006-11-08 21:26 5,707 --a------ C:\Documents and Settings\Anne Martin\l0tg6S4.exe
2006-11-08 11:43 5,707 --a------ C:\Documents and Settings\Anne Martin\pz7xl8u.exe
2006-11-07 10:40 5,707 --a------ C:\Documents and Settings\Anne Martin\udqdf3T.exe
2006-11-07 07:06 5,707 --a------ C:\Documents and Settings\Anne Martin\Vm2AT8x.exe
2006-11-06 21:23 5,707 --a------ C:\Documents and Settings\Anne Martin\eIhd5Qa.exe
2006-11-01 20:44 5,707 --a------ C:\Documents and Settings\Anne Martin\khCD47U.exe
2006-11-01 17:49 5,707 --a------ C:\Documents and Settings\Anne Martin\wi8gm57.exe
2006-11-01 12:57 5,707 --a------ C:\Documents and Settings\Anne Martin\f2BKgKA.exe
2006-11-01 08:52 5,707 --a------ C:\Documents and Settings\Anne Martin\B1LFJ7i.exe
2006-10-31 19:35 5,707 --a------ C:\Documents and Settings\Anne Martin\pIdkpi2.exe
2006-10-31 19:35 5,707 --a------ C:\Documents and Settings\Anne Martin\eR6Lsø6.exe
2006-10-31 19:35 5,707 --a------ C:\Documents and Settings\Anne Martin\aCn2730.exe
2006-10-26 17:18 23,808 --a------ C:\WINDOWS\y.exe
2006-10-26 17:18 22,784 --a------ C:\WINDOWS\wininet32.exe
2006-10-26 17:18 22,016 --a------ C:\WINDOWS\xplugin.dll
2006-10-26 17:18 20,480 --a------ C:\WINDOWS\window.exe
2006-10-26 17:18 16,384 --a------ C:\WINDOWS\winmgnt.exe
2006-10-26 17:18 13,824 --a------ C:\WINDOWS\winajbm.dll
2006-10-26 17:18 12,800 --a------ C:\WINDOWS\x.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-10 20:34 -------- d-------- C:\Program Files\Windows NT
2006-11-10 20:34 -------- d-------- C:\Program Files\Windows Media Player
2006-11-10 20:34 -------- d-------- C:\Program Files\WinClamAVShield
2006-11-10 20:34 -------- d-------- C:\Program Files\Winamp
2006-11-10 20:34 -------- d-------- C:\Program Files\Timanttikuume - musta timantti
2006-11-10 20:33 -------- d-------- C:\Program Files\Spyware Terminator
2006-11-10 20:33 -------- d-------- C:\Program Files\Snapshot Viewer
2006-11-10 20:33 -------- d-------- C:\Program Files\oDC
2006-11-10 20:33 -------- d-------- C:\Program Files\MSN Messenger
2006-11-10 20:33 -------- d-------- C:\Program Files\Motorama_at
2006-11-10 20:32 -------- d-------- C:\Program Files\Messenger
2006-11-10 20:32 -------- d-------- C:\Program Files\Football Tigers
2006-11-10 20:32 -------- d-------- C:\Program Files\DivX
2006-11-10 20:32 -------- d-------- C:\Program Files\DC++
2006-11-10 20:32 -------- d-------- C:\Program Files\Common Files\System
2006-11-10 20:31 -------- d-------- C:\Program Files\CCleaner
2006-11-07 09:49 300032 --a------ C:\WINDOWS\unin040b.exe
2006-11-07 09:48 27648 --a------ C:\WINDOWS\system32\dload.exe.ren
2006-11-07 09:48 20992 --a------ C:\WINDOWS\system32\anti_troj.exe.ren
2006-11-07 09:48 20736 --a------ C:\WINDOWS\system32\POPCORN72.EXE.ren
2006-11-06 21:24 16457 --a------ C:\WINDOWS\system32\taskdir~.exe
2006-10-31 20:43 36864 --------- C:\WINDOWS\system32\slrundll.exe
2006-10-31 20:43 163840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2006-10-31 20:42 921600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-31 20:42 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-31 20:42 393216 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-31 20:42 172032 --------- C:\WINDOWS\system32\nvudisp.exe
2006-10-31 20:42 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
2006-10-31 20:42 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-31 20:42 131072 --a------ C:\WINDOWS\system32\E_SCHK03.EXE
2006-10-31 20:39 524288 --------- C:\WINDOWS\system32\DivXsm.exe
2006-10-31 20:39 20480 --------- C:\WINDOWS\system32\cliconfg.exe
2006-10-31 20:33 208896 --------- C:\WINDOWS\alcupd.exe
2006-10-31 20:33 139264 --------- C:\WINDOWS\alcrmv.exe
2006-10-31 20:27 4651520 --------- C:\winamp508_full_emusic-7plus.exe
2006-10-31 20:19 175169536 --a------ C:\flatout_demo.exe
2006-10-31 19:41 5707 --a------ C:\WINDOWS\system32\oE45aNU.exe
2006-10-31 19:34 5707 --a------ C:\WINDOWS\system32\pAISCUI.exe
2006-10-30 21:26 5707 --a------ C:\WINDOWS\system32\h1Drh8I.exe
2006-10-30 21:26 15947 ---h----- C:\WINDOWS\system32\wservice.exe
2006-10-29 18:48 0 --a------ C:\WINDOWS\system32\1821.exe
2006-10-26 17:18 9216 --a------ C:\WINDOWS\waol.exe
2006-10-26 17:18 32256 --a------ C:\WINDOWS\time.exe
2006-10-26 17:18 31488 --a------ C:\WINDOWS\inetdctr.dll
2006-10-26 17:18 29696 --a------ C:\WINDOWS\runwin32.exe
2006-10-26 17:18 28160 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-10-26 17:18 28160 --a------ C:\WINDOWS\accesss.exe
2006-10-26 17:18 27392 --a------ C:\WINDOWS\win64.exe
2006-10-26 17:18 26880 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-26 17:18 24064 --a------ C:\WINDOWS\win32e.exe
2006-10-26 17:18 23552 --a------ C:\WINDOWS\system32\netstat2.exe
2006-10-26 17:18 23296 --a------ C:\WINDOWS\clrssn.exe
2006-10-26 17:18 22528 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-26 17:18 22528 --a------ C:\WINDOWS\notepad32.exe
2006-10-26 17:18 19200 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-26 17:18 18688 --a------ C:\WINDOWS\system32\performent202.dll
2006-10-26 17:18 18432 --a------ C:\WINDOWS\users32.exe
2006-10-26 17:18 18176 --a------ C:\WINDOWS\avpcc.dll
2006-10-26 17:18 15360 --a------ C:\WINDOWS\cpan.dll
2006-10-26 17:18 13824 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-26 17:18 13568 --a------ C:\WINDOWS\dialup.exe
2006-10-26 17:18 13312 --a------ C:\WINDOWS\systeem.exe
2006-10-26 17:18 13056 --a------ C:\WINDOWS\system32\ace16win.dll
2006-10-26 17:18 11776 --a------ C:\WINDOWS\spp3.dll
2006-10-26 17:18 10752 --a------ C:\WINDOWS\systemcritical.exe
2006-10-26 17:17 8192 --a------ C:\WINDOWS\system32\sklmnf.exe
2006-10-26 17:17 53835 --a------ C:\WINDOWS\system32\image1.gif.exe
2006-10-26 17:17 10752 --a------ C:\WINDOWS\system32\instreg_tmp.exe
2006-10-26 17:16 9216 --a------ C:\WINDOWS\system32\ytsnqwuu.exe
2006-10-26 17:16 5707 --a------ C:\WINDOWS\system32\ocpckdtr.exe
2006-10-26 17:16 45056 --a------ C:\WINDOWS\system32\msmapi32.exe
2006-10-26 17:16 13824 --a------ C:\WINDOWS\system32\intr32.dll
2006-10-10 13:56 51782 --a------ C:\WINDOWS\system32\cslne.exe
2006-10-08 20:13 43520 --a------ C:\WINDOWS\system32\sp2ctr.exe
2006-09-19 19:23 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-19 19:23 -------- d-------- C:\Program Files\Common Files

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"UpdateService"="C:\\WINDOWS\\system32\\wservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"QuickTime Task"="\"C:\\WINDOWS\\system32\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"sp2ctr"="c:\\windows\\system32\\sp2ctr.exe /nocomm"
"MPlay64"="c:\\program files\\common files\\system\\b422ad90.exe /noerrorinfo"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"UpdateService"="C:\\WINDOWS\\system32\\wservice.exe"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"dmsvp.exe"="C:\\WINDOWS\\system32\\"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\WINDOWS\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
"FriendlyName"="Security"
"Flags"=dword:00006002
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,e1,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,00,00,00,32,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,e1,02,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"UpdateService"="C:\\WINDOWS\\system32\\wservice.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"UpdateService"="C:\\WINDOWS\\system32\\wservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-10 20:37:10.28
C:\ComboFix.txt ... 06-11-10 20:37

Logfile of HijackThis v1.99.1
Scan saved at 20:39:41, on 10.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\system32\sp2ctr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wservice.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\system\b422ad90.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: (no name) - {CAF261B6-421B-4D02-8657-7FE995368BEA} - C:\WINDOWS\system32\pgmh.dll (file missing)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\b422ad90.exe /noerrorinfo
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [dmsvp.exe] C:\WINDOWS\system32\dmsvp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150787593859
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1073F553-0111-44B0-A1DD-D3DEDB75A654}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3F1B9C0-98AD-40FA-8C6B-2DCD08B2FE29}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6772B90-29DF-498C-BAF8-C04653F953F5}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{1073F553-0111-44B0-A1DD-D3DEDB75A654}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

mardenis · 10.11.2006

Nyt lähetin nämä:
- sphjfixin lokin sisältö
- combofixin loki
- uusi HjT loki
mit pitäs tehd seuraavaks?

blade81 · 10.11.2006

Tee seuraavat skannaukset:

1. eTrustin Antivirus Web Scanner (käytä Internet Exploreria)
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan

Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.

Kun scan on valmis, merkkaa asemat, jotka haluat scannata.

Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.

Klikaa vihreää nuolta oikealla ja scan alkaa.

Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.

Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:

Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.

Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list

Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv

Sulje Dr.Web Cureit.

Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.

Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

3.Tarkista koneesi Panda Online Skannerilla:

Panda ActiveScan

* Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta
* Uusi ikkuna aukeaa...klikkaa Check Now-painiketta
* Valitse maa, Country
* Syötä kaupunki, State/Province
* Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta
* Valitse joko kotikäyttäjä Home User tai yritys Company
* Klikkaa suurta Scan Now-painiketta
* Jos ActiveX-komponentin asentamista kysytään, salli se.
* Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja)
* Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen
* Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).

Liitä Pandan skannausraportin sisältö vastaukseesi uuden HijackThis-lokin kera.

Yhteenveto lähetettävistä tuloksista:
-Etrust scannerin tulokset
-DrWeb.csv -tiedoston sisältö
-Pandan skannausraportin tulokset
-uusi hjt-loki

Kirjaudu tai liity jäseneksi

Kone jumittaa. HJT-loki tarkistus.

mardenis Member

mardenis Member

mardenis Member

blade81 Active member

fixeri Regular member

mardenis Member

mardenis Member

blade81 Active member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Kone jumittaa. HJT-loki tarkistus.

mardenis Member

mardenis Member

mardenis Member

blade81 Active member

fixeri Regular member

mardenis Member

mardenis Member

blade81 Active member

Jaa tämä sivu

Hyödyllisiä hakuja