1. Bugiraportit ja palaute XenForo-MuroBBS:stä tähän viestiketjuun

    Tuliko vastaan englantia tai huonoa suomea, raportoi tähän viestiketjuun

Outo ssl-varmenne, virus!?!

Viestiketju alueella 'Internet, tietoturva ja muu tietoliikenne' , aloittaja ottomies, 07.05.2012.

  1. ottomies

    Rekisteröitynyt:
    12.08.2009
    Viestejä:
    85
    [​IMG]
    Yrittää tunkea tämmöstä varmennetta kaikkiin salattuihin sivuihin (https).
    Mikä avuksi kun virus-tutka ei löydä mitään?
     
  2. jjx

    Rekisteröitynyt:
    23.12.2001
    Viestejä:
    11 711
  3. Obi-Lan

    Rekisteröitynyt:
    17.01.2007
    Viestejä:
    1 841
    Ootko omassa verkossa vai jossain yrityksen/vieras verkossa?
     
  4. ottomies

    Rekisteröitynyt:
    12.08.2009
    Viestejä:
    85
    Selain on Firefox, IE:ssä ei näyttäis olevan ongelmaa.
    Kotikoneesta kyse, käyttis Win7 64bit.

    Minkä kentän tietoja pitäisi yksityiskohdista katsella?

    EDIT:
    Ehkä ratkesi.
    Startup defenderillä huomasin että käynnistyksen yhteydessä käynnistyy "my-slide-show-picture.exe" ohjelma, Startup defenderillä sitä ei voinut poistaa kun se vaan monisti itsensä aina uusiksi käynnistyväksi mutta poistin käsin rekisteristä siihen viittaavan merkinnän ja nyt tuntuis kone toimivan normaalisti. Harmi vaan kun panikoin ja poistin Firefoxin ja menetin samalla kaikki linkit yms.
     
    Viimeksi muokattu: 07.05.2012
  5. escalibur

    Rekisteröitynyt:
    27.12.2000
    Viestejä:
    18 207
  6. ottomies

    Rekisteröitynyt:
    12.08.2009
    Viestejä:
    85
    Jotain ylimääräistä löytyikin, kiitti vinkistä ja linkistä.
     
  7. Ouga111

    Rekisteröitynyt:
    10.05.2012
    Viestejä:
    2
    Hei. Luulisin että mulla on täysin sama ongelma - startup defender bongaa naamioituvan reg entryn jonka poistaessa se kopioi itsensä vaan uuden nimisenä. Se tulee nimillä Upgrade, Upgradechecker, licencevalidator, lisence, upgradehelper, on aina jossain c:\users\kone\appdata\roaming\ alla. En vaan ymmärrä tosta rekisterin putsauksesta mitään. Ilmeisesti regedit pitäis käyttää, mut oon uunona mitä siellä.

    CCleaner, malwarebytes, spybot ja avira on ajettu, eikä ne löydä enää mitään. Käyttiksenä vista64b.

    Btw mielenkiintoinen mato. Malwarebytes piti imaa jostain suomisaitilta, kun kaikki noi viralliset download saitit oli mato laittanu redirectaamaan Google (homepageen). Hämärää itsesuojeluvaistoa.
     
  8. Ouga111

    Rekisteröitynyt:
    10.05.2012
    Viestejä:
    2
    Eli startup defenderillä löysin mistä kansiosta ton löytää regedit: HKEY\Current_User\run. Mutta siihen loppu ymmärrys. Koitin poistaa ton matokansion - luo itsensä instana uudestaan. Koitin nyt myös poistaa käyttöoikeudet siitä koko \run\ kansiosta, mikä saattoi olla virhe. Nyt en pääse näkemään sitä ollenkaan, ja startup defenderiä avatessa koitti myös väittää ettei oo oikeuksia siihen. Joskin kun sain sen startattua niin startupista kadonnut toi mato, mutta oireet selaimessa säilyy edelleen. Bootata tarvinnee, mutta kirjoitin nyt jutun valmiiksi jos vaikka kone ei enää starttaakaan niin on jotain mistä lähteä :)
     
  9. gonnaown

    Rekisteröitynyt:
    04.12.2011
    Viestejä:
    67
    joo itsellä kans tekee samaa, putsasin malwarebytesillä, toimi vähä aikaa mainiosti mut mato tul takas
     
  10. ottomies

    Rekisteröitynyt:
    12.08.2009
    Viestejä:
    85
    Selaatte sillä regeditillä sinne kansioon ja poistatte merkinnän joka käynnistää viruksen.
    Sitten noilla aiemmin mainituilla ohjelmilla skannaus.
     
  11. escalibur

    Rekisteröitynyt:
    27.12.2000
    Viestejä:
    18 207
  12. gonnaown

    Rekisteröitynyt:
    04.12.2011
    Viestejä:
    67
    joo ajoin tuonkii mut ei löytäny mitää. malwarebyte löys licencevalidator.exen ja sille rekisterin. Ni miten tuon uusiutumisen sai loppumaan?
     
  13. escalibur

    Rekisteröitynyt:
    27.12.2000
    Viestejä:
    18 207
    Skannaa kone Malwarebytesillä vikasietotilassa/safe modessa. Varmista että Malwarebytes on päivitettynä ja skannauksena on full scan. MBAM:n jälkeen skannaa koneen GMER:lla.

    Jos virus ei edelleenkän ole poistunut suosittelen buuttaamaan koneen CD/DVD-levyltä tai USB-tikulta tällä imagella: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso Kyseinen image on modattu linux jossa on Kasperskyn antivirus (ei ainoastaan rootkit-skanneri).

    Lisäksi voisit liittää tänne login mitä tämä HiJackThis | Free software downloads at SourceForge.net skanneri antaa sun koneesta.
     
    Viimeksi muokattu: 14.05.2012
  14. Anazuke

    Rekisteröitynyt:
    25.09.2008
    Viestejä:
    257
    Sama paska täälläki, laitan nyt oman HiJack listan, vituttaaha tollane.

    EDIT: No tuollaha tuo syypää näkyy
    O4 - HKCU\..\Run: [LicenseValidator] C:\Users\Anssi\AppData\Roaming\Identities\{860C6EE 2-635B-4E96-8607-84B859C7E039}\LicenseValidator.exe
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:42:24, on 14.5.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\ProgramData\DatacardService\DCSHelper.exe
    D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    D:\Program Files (x86)\Steam\Steam.exe
    D:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    D:\Program Files (x86)\Logitech\G35\G35.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    D:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    D:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    D:\Program Files (x86)\Xfire\Xfire.exe
    D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
    D:\Program Files (x86)\mIRC\mirc.exe
    D:\Program Files (x86)\X-Chat 2\xchat.exe
    C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\agcp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    D:\Program Files\VMware\VMware View\Client\bin\wswc.exe
    D:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks-container.exe
    D:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
    D:\Program Files (x86)\Mozilla Firefox\firefox.exe
    D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    D:\Lataukset2\dxr43tbz.exe
    D:\Lataukset2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Suomi - Hotmail, Messenger, Skype, Uutiset, Viihde, Lifestyle, Video, Sää, Terveys, Auto
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Suomi - Hotmail, Messenger, Skype, Uutiset, Viihde, Lifestyle, Video, Sää, Terveys, Auto
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Suomi - Hotmail, Messenger, Skype, Uutiset, Viihde, Lifestyle, Video, Sää, Terveys, Auto
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Logitech G35] D:\Program Files (x86)\Logitech\G35\G35.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Razer Mamba Elite Driver] D:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [NetLimiter] D:\Program Files\NetLimiter 3\NLClientApp.exe /tray
    O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [mapdisk] "F:\BIS TOOLS 2\ArmAWork\mapdisk.bat"
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Standard\MediaDetector.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Anssi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [LicenseValidator] C:\Users\Anssi\AppData\Roaming\Identities\{860C6EE2-635B-4E96-8607-84B859C7E039}\LicenseValidator.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: TotalMedia Server.lnk = D:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B6AA249-1F54-4943-829F-3E9C2FC99F3B}: NameServer = 62.241.198.245 62.241.198.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D5F82383-5EFB-48FC-8385-F8345F78D409}: NameServer = 62.241.198.245 62.241.198.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EDCD6A7A-993C-41A2-8B83-C69A76C77245}: NameServer = 62.241.198.245 62.241.198.246
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6B6AA249-1F54-4943-829F-3E9C2FC99F3B}: NameServer = 62.241.198.245 62.241.198.246
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6B6AA249-1F54-4943-829F-3E9C2FC99F3B}: NameServer = 62.241.198.245 62.241.198.246
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - d:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd - d:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: VMware View Client (wsnm) - VMware, Inc. - D:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - D:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

    --
    End of file - 11755 bytes
     
    Viimeksi muokattu: 15.05.2012
  15. gonnaown

    Rekisteröitynyt:
    04.12.2011
    Viestejä:
    67
    Noniin ajoin malxarebytesin vikasietotilassa, löysi vanhan tutun licencevalidator.exen ja rekisterin, eikä oo tullu takas. Varmuudeks ajoin viel GMER:in vikasietotilassa eikä löytänyt enää mitää.

    E:
    Täs viel logi
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:20:31, on 15.5.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Users\Miksu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Users\Miksu\Downloads\scan\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Miksu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - Startup: firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Realtek8185 - Realtek - C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11333 bytes
     
  16. escalibur

    Rekisteröitynyt:
    27.12.2000
    Viestejä:
    18 207

    Login mukaan tossa ei ole hirveästi saasteita, tai sitten HijackThis! ei tunnista niitä. Ajelepa säkin Malwarebytesin päivitetyn full scanin safe modessa/vikasietotilassa ja kerro miten kävi. Perään kannattaa ajaa GMER:in ihan vaan sen takia ettei koneessa olisi joku tunnetuista rootkiteista.
     

Jaa tämä sivu