1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Auttakaa joku blondia, jolla on saipaa koneella!

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Pensq 28.12.2007.

Sivu 1 / 2
  1. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:46:04, on 28.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Winamp\winampa .exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Windows\wkssvr.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhfd.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Session MG] c:\windows\wkssvr.exe
    O4 - HKLM\..\Run: [MSN] wkssvr.exe
    O4 - HKLM\..\RunServices: [Session MG] c:\windows\wkssvr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9023 bytes

    Siinä olisi tuo hjt-logi, jos siihen jotain selkoa saisin olisin erittäin kiitollinen! Koneella on varmasti jotain ylimääräistä, mutta enpä tosiaan viitsi mitään poistaa, kun en tiedä näistä juurikaan mitään.. Ja jos vielä saisi sitä apua ihan selkokielellä, kun nuo piuhat on välillä melko pitkät.. :)
     
    Pensq, 28.12.2007
    #1
  2.  
  3. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    " Käynnistä tietokone
    " Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    " Seuraavaksi pitäisi ilmestyä valikko
    " Valitse valikosta vikasietotila.

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

    ================

    Lataa VundoFix.exe työpöydällesi.

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
    Hujo, 28.12.2007
    #2
  4. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Elikkä yritin tehdä niinkuin kirjoitit, mutta siellä vikasietotilassa se SDFix ei pyytänyt lopuksi käynnistämään konetta uudelleen, vaan oli siinä tilassa kauan ja ajattelin itse sammuttaa ja käynnistää uudelleen kun ei kerran mitään tuntunut tapahtuvan.. En tiedä menikö ihan pieleen.. Ilmeisesti, koska en sitten löytänyt mitään Report.txt fileä. Jotain TESTNOTIF fileja sekä erilaisia sovelluksia sieltä SDFix-kansiosta löytyi.

    Tuota VundoFixiä en vielä tehnyt, ja tässä olisi nyt ainakin se HJT-logi ton homman jälkeen:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09:49, on 29.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Winamp\winampa .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Windows\wkssvr.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhfd.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Session MG] c:\windows\wkssvr.exe
    O4 - HKLM\..\Run: [MSN] wkssvr.exe
    O4 - HKLM\..\Run: [73574056] rundll32.exe "C:\WINDOWS\system32\hkdktetw.dll",b
    O4 - HKLM\..\RunServices: [Session MG] c:\windows\wkssvr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\ughsqjfs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9115 bytes
     
    Pensq, 29.12.2007
    #3
  5. Hujo

    Hujo Guest

    ajas tuo vundofix.
     
    Hujo, 29.12.2007
    #4
  6. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Se VundoFix ei saanut poistettua paria juttua, vaikka kuinka scannasi uudestaan..


    Tässä olisi tämä logi:


    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:32:24 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\adsa12.exe
    C:\WINDOWS\asd72.exe
    C:\WINDOWS\is.exe
    C:\WINDOWS\is7.exe
    C:\WINDOWS\lux.exe
    C:\WINDOWS\s02.exe
    C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sdz.exe
    C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\th.exe
    C:\WINDOWS\th3.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\adsa12.exe
    C:\WINDOWS\adsa12.exe Has been deleted!

    Attempting to delete C:\WINDOWS\asd72.exe
    C:\WINDOWS\asd72.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is.exe
    C:\WINDOWS\is.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is7.exe
    C:\WINDOWS\is7.exe Has been deleted!

    Attempting to delete C:\WINDOWS\lux.exe
    C:\WINDOWS\lux.exe Has been deleted!

    Attempting to delete C:\WINDOWS\s02.exe
    C:\WINDOWS\s02.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sadsa2.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sdz.exe
    C:\WINDOWS\sdz.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\awttrpo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\byxvtqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\cbxxwww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\fccyawx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\gebxvwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hggecyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hgggggd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\hkdktetw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\iifcywv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkhfd.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jkkkjjk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\jmtqadmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\khfghfe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\nnnllmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnkheb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkhg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnkii.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\pmnnnnl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\wtetkdkh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\vtuvtss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\xxyxwwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\system32\yaywxxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\th.exe
    C:\WINDOWS\th.exe Has been deleted!

    Attempting to delete C:\WINDOWS\th3.exe
    C:\WINDOWS\th3.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:10:13 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\wkssvr.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\klnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\pmnlk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\wkssvr.exe
    C:\WINDOWS\wkssvr.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:41:02 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 20:12:18 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\mljge.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!



    Ja sitten vielä HJT-logi:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:52:41, on 29.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
    C:\Program Files\Winamp\winampa .exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mljge.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Session MG] c:\windows\wkssvr.exe
    O4 - HKLM\..\Run: [MSN] wkssvr.exe
    O4 - HKLM\..\Run: [73574056] rundll32.exe "C:\WINDOWS\system32\hkdktetw.dll",b
    O4 - HKLM\..\RunServices: [Session MG] c:\windows\wkssvr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\ughsqjfs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9084 bytes
     
    Pensq, 29.12.2007
    #5
  7. Hujo

    Hujo Guest

    Nimeä uudelleen

    C:\Program Files\Trend Micro\HijackThis\>>> HijackThis.exe <<< Laita skanneri.exe

    ====================
    scannaa hjt;llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Session MG] c:\windows\wkssvr.exe
    O4 - HKLM\..\Run: [MSN] wkssvr.exe
    O4 - HKLM\..\RunServices: [Session MG] c:\windows\wkssvr.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\ughsqjfs.exe

    Käynnistä > suorita > kirjoita alla olevat ja jokaisen rivin jälkeen paina OK

    sc stop DomainService
    sc delete DomainService

    ===================

    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta postiisi
     
    Moderaattorin viimeksi muokkaama: 29.12.2007
    Hujo, 29.12.2007
    #6
  8. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Hei tota mitäs mun nyt sit pitää tehdä tässä kohtaa:


    Käynnistä > suorita > kirjoita alla olevat ja jokaisen rivin jälkeen paina OK

    sc stop DomainService
    sc delete DomainService

    Minkä käynnistän? Sen vikasietotilan vai häh? Oon hieman hukassa.. :)
     
    Pensq, 29.12.2007
    #7
  9. Hujo

    Hujo Guest

    Klikkaa sitä Käynnistä nappia vasemalla ja sitten suorita ja kirjoita noi mitkä annoin ja painat jokaisen rivin jäkeen ok
     
    Hujo, 29.12.2007
    #8
  10. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Kiitos! Se oli siis noin yksinkertaista.. Tulee hiukan tyhmä olo, kun ei oikein tajua

    Joo tällanen lista sieltä tupsahti:

    Acer Arcade
    Acer Empowering Technology
    Acer ePerformance Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer OrbiCam
    Acer Screensaver
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    ATI-ohjelmiston poisto-ohjelma
    avast! Antivirus
    ffdshow [rev 610] [2006-12-01]
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows XP (KB915865)
    Hotfix-päivitys Windows XP:lle (KB914440)
    Hotfix-päivitys Windows XP:lle (KB935448)
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1
    Launch Manager
    Logitech Desktop Messenger
    Logitech MouseWare 9.79
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Finnish Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    mIRC
    Mozilla Firefox (2.0.0.11)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    PowerProducer
    Päivitys Windows XP:lle (KB894391)
    Päivitys Windows XP:lle (KB898461)
    Päivitys Windows XP:lle (KB900485)
    Päivitys Windows XP:lle (KB904942)
    Päivitys Windows XP:lle (KB908531)
    Päivitys Windows XP:lle (KB910437)
    Päivitys Windows XP:lle (KB911280)
    Päivitys Windows XP:lle (KB912945)
    Päivitys Windows XP:lle (KB916595)
    Päivitys Windows XP:lle (KB920872)
    Päivitys Windows XP:lle (KB922582)
    Päivitys Windows XP:lle (KB927891)
    Päivitys Windows XP:lle (KB929338)
    Päivitys Windows XP:lle (KB930916)
    Päivitys Windows XP:lle (KB931836)
    Päivitys Windows XP:lle (KB933360)
    Päivitys Windows XP:lle (KB938828)
    Päivitys Windows XP:lle (KB942763)
    Realtek High Definition Audio Driver
    SMSC IrCC V5.1.3600.7
    Soft Data Fax Modem with SmartCP
    Suojauspäivitys ohjelmistolle Windows XP (KB923689)
    Suojauspäivitys ohjelmistolle Windows XP (KB941569)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
    Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
    Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
    Suojauspäivitys Windows Media Player 9:lle (KB917734)
    Suojauspäivitys Windows Media Player 9:lle (KB936782)
    Suojauspäivitys Windows Media Playerille (KB911564)
    Suojauspäivitys Windows XP:lle (KB890046)
    Suojauspäivitys Windows XP:lle (KB893756)
    Suojauspäivitys Windows XP:lle (KB896358)
    Suojauspäivitys Windows XP:lle (KB896423)
    Suojauspäivitys Windows XP:lle (KB896424)
    Suojauspäivitys Windows XP:lle (KB896428)
    Suojauspäivitys Windows XP:lle (KB899587)
    Suojauspäivitys Windows XP:lle (KB899591)
    Suojauspäivitys Windows XP:lle (KB900725)
    Suojauspäivitys Windows XP:lle (KB901017)
    Suojauspäivitys Windows XP:lle (KB901190)
    Suojauspäivitys Windows XP:lle (KB901214)
    Suojauspäivitys Windows XP:lle (KB902400)
    Suojauspäivitys Windows XP:lle (KB904706)
    Suojauspäivitys Windows XP:lle (KB905414)
    Suojauspäivitys Windows XP:lle (KB905749)
    Suojauspäivitys Windows XP:lle (KB908519)
    Suojauspäivitys Windows XP:lle (KB911562)
    Suojauspäivitys Windows XP:lle (KB911567)
    Suojauspäivitys Windows XP:lle (KB911927)
    Suojauspäivitys Windows XP:lle (KB912919)
    Suojauspäivitys Windows XP:lle (KB913433)
    Suojauspäivitys Windows XP:lle (KB913580)
    Suojauspäivitys Windows XP:lle (KB914388)
    Suojauspäivitys Windows XP:lle (KB914389)
    Suojauspäivitys Windows XP:lle (KB917159)
    Suojauspäivitys Windows XP:lle (KB917344)
    Suojauspäivitys Windows XP:lle (KB917422)
    Suojauspäivitys Windows XP:lle (KB917953)
    Suojauspäivitys Windows XP:lle (KB918118)
    Suojauspäivitys Windows XP:lle (KB918439)
    Suojauspäivitys Windows XP:lle (KB918899)
    Suojauspäivitys Windows XP:lle (KB919007)
    Suojauspäivitys Windows XP:lle (KB920213)
    Suojauspäivitys Windows XP:lle (KB920214)
    Suojauspäivitys Windows XP:lle (KB920670)
    Suojauspäivitys Windows XP:lle (KB920683)
    Suojauspäivitys Windows XP:lle (KB920685)
    Suojauspäivitys Windows XP:lle (KB921398)
    Suojauspäivitys Windows XP:lle (KB921503)
    Suojauspäivitys Windows XP:lle (KB921883)
    Suojauspäivitys Windows XP:lle (KB922616)
    Suojauspäivitys Windows XP:lle (KB922760)
    Suojauspäivitys Windows XP:lle (KB922819)
    Suojauspäivitys Windows XP:lle (KB923191)
    Suojauspäivitys Windows XP:lle (KB923414)
    Suojauspäivitys Windows XP:lle (KB923694)
    Suojauspäivitys Windows XP:lle (KB923980)
    Suojauspäivitys Windows XP:lle (KB924191)
    Suojauspäivitys Windows XP:lle (KB924270)
    Suojauspäivitys Windows XP:lle (KB924496)
    Suojauspäivitys Windows XP:lle (KB924667)
    Suojauspäivitys Windows XP:lle (KB925486)
    Suojauspäivitys Windows XP:lle (KB925902)
    Suojauspäivitys Windows XP:lle (KB926255)
    Suojauspäivitys Windows XP:lle (KB926436)
    Suojauspäivitys Windows XP:lle (KB927779)
    Suojauspäivitys Windows XP:lle (KB927802)
    Suojauspäivitys Windows XP:lle (KB928255)
    Suojauspäivitys Windows XP:lle (KB928843)
    Suojauspäivitys Windows XP:lle (KB929123)
    Suojauspäivitys Windows XP:lle (KB930178)
    Suojauspäivitys Windows XP:lle (KB931261)
    Suojauspäivitys Windows XP:lle (KB931784)
    Suojauspäivitys Windows XP:lle (KB932168)
    Suojauspäivitys Windows XP:lle (KB933729)
    Suojauspäivitys Windows XP:lle (KB935839)
    Suojauspäivitys Windows XP:lle (KB935840)
    Suojauspäivitys Windows XP:lle (KB936021)
    Suojauspäivitys Windows XP:lle (KB938829)
    Suojauspäivitys Windows XP:lle (KB941202)
    Suojauspäivitys Windows XP:lle (KB941568)
    Suojauspäivitys Windows XP:lle (KB943460)
    Suojauspäivitys Windows XP:lle (KB944653)
    Synaptics Pointing Device Driver
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Messenger 5.1
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)

    Jokohan rupeis olemaan kunnossa?

     
    Pensq, 29.12.2007
    #9
  11. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1

    ==================================

    Javan päivitys ja välimuistin tyhjennys:

    1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
    2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
    Niissä pitäisi olla seuraava kuva vieressä: [​IMG]

    3. Valitse kaikki entiset Java versiosi ja valitse Poista.
    4. Asenna uusin Java päivitys seuraavasta linkistä..
    5. Käynnistä kone uudelleen asennuksen jälkeen:

    http://java.sun.com/javase/downloads/index.jsp

    Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u3

    Paina Download

    Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

    6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

    7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

    (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
    Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

    8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

    *Applications and Applets

    *Trace and Log Files

    Ja paina OK -nappia

    9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

    10. Klikkaa OK jättääksesi Java asetusikkunasi.
     
    Hujo, 29.12.2007
    #10
  12. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Nonnii, se homma tuli tehtyy. Voiko nuo HJT, SDFix ja Vundon poistaa vai tarviiko niitä vielä johonkin? Onko vielä jotain mitä pitäisi tehdä?

    Miksiköhän muuten tossa kun käynnistää koneen uudelleen niin tulee ikkunoita, joissa on jotain Runner Error ja Rundll-ikkunoita

    --> virhe ladattaessa --> määritettyä osaa ei löydy

    Pitäskö olla huolissaan?
     
    Pensq, 29.12.2007
    #11
  13. Hujo

    Hujo Guest

    ajas tuo vundofix nyt uudestaan ja se SDFix
     
    Hujo, 29.12.2007
    #12
  14. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Ajoin molemmat uudestaan ja tässä olisi VundoFixin logi:


    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:32:24 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\adsa12.exe
    C:\WINDOWS\asd72.exe
    C:\WINDOWS\is.exe
    C:\WINDOWS\is7.exe
    C:\WINDOWS\lux.exe
    C:\WINDOWS\s02.exe
    C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sdz.exe
    C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\th.exe
    C:\WINDOWS\th3.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\adsa12.exe
    C:\WINDOWS\adsa12.exe Has been deleted!

    Attempting to delete C:\WINDOWS\asd72.exe
    C:\WINDOWS\asd72.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is.exe
    C:\WINDOWS\is.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is7.exe
    C:\WINDOWS\is7.exe Has been deleted!

    Attempting to delete C:\WINDOWS\lux.exe
    C:\WINDOWS\lux.exe Has been deleted!

    Attempting to delete C:\WINDOWS\s02.exe
    C:\WINDOWS\s02.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sadsa2.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sdz.exe
    C:\WINDOWS\sdz.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\awttrpo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\byxvtqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\cbxxwww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\fccyawx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\gebxvwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hggecyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hgggggd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\hkdktetw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\iifcywv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkhfd.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jkkkjjk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\jmtqadmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\khfghfe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\nnnllmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnkheb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkhg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnkii.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\pmnnnnl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\wtetkdkh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\vtuvtss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\xxyxwwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\system32\yaywxxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\th.exe
    C:\WINDOWS\th.exe Has been deleted!

    Attempting to delete C:\WINDOWS\th3.exe
    C:\WINDOWS\th3.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:10:13 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\wkssvr.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\klnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\pmnlk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\wkssvr.exe
    C:\WINDOWS\wkssvr.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:41:02 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 20:12:18 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\mljge.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 23:50:28 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\mljge.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 0:26:46 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.exe
    C:\WINDOWS\system32\mljjg.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 12:59:48 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.exe
    C:\WINDOWS\system32\mljjg.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 13:30:22 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 14:02:55 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 14:41:03 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Performing Repairs to the registry.
    Done!


    Sitä SDFixin report.txt fileä ei vieläkään tullut ja se ei pysty poistamaan yhtä tiedostoa.. Mutta tässä olisi uusin HJT -logi, jos siitä on jotain apua..


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:17:46, on 30.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Winamp\winampa .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkji.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3901F25F-47CD-48C5-A900-F56681F799B9} - C:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {48297D65-395B-4E5E-92EC-3419EA3B5E17} - C:\WINDOWS\system32\jkkji.dll
    O2 - BHO: (no name) - {52115ABE-2AE0-4F80-A6D0-6E19937039D7} - C:\WINDOWS\system32\pmnlk.dll (file missing)
    O2 - BHO: (no name) - {6D5A1118-485A-4939-AA52-B436C5E8EDBD} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {A6DA0CE2-D15A-4694-BF33-2E36A56A4749} - C:\WINDOWS\system32\mljge.dll (file missing)
    O2 - BHO: (no name) - {B0EEDC94-E177-43D2-B600-84E7AC69969B} - C:\WINDOWS\system32\gebxuvs.dll
    O2 - BHO: {a8017844-405c-b289-4bb4-592355f5972b} - {b2795f55-3295-4bb4-982b-c5044487108a} - C:\WINDOWS\system32\jmtqadmf.dll (file missing)
    O2 - BHO: (no name) - {FC47246A-B17F-43FF-891B-5CFBC6F2E5F1} - C:\WINDOWS\system32\mllmj.dll (file missing)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [73574056] rundll32.exe "C:\WINDOWS\system32\hkdktetw.dll",b
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9995 bytes

     
    Pensq, 30.12.2007
    #13
  15. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkji.exe
    O2 - BHO: (no name) - {3901F25F-47CD-48C5-A900-F56681F799B9} - C:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {52115ABE-2AE0-4F80-A6D0-6E19937039D7} - C:\WINDOWS\system32\pmnlk.dll (file missing)
    O2 - BHO: (no name) - {6D5A1118-485A-4939-AA52-B436C5E8EDBD} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: (no name) - {A6DA0CE2-D15A-4694-BF33-2E36A56A4749} - C:\WINDOWS\system32\mljge.dll (file missing)
    O2 - BHO: {a8017844-405c-b289-4bb4-592355f5972b} - {b2795f55-3295-4bb4-982b-c5044487108a} - C:\WINDOWS\system32\jmtqadmf.dll (file missing)
    O2 - BHO: (no name) - {FC47246A-B17F-43FF-891B-5CFBC6F2E5F1} - C:\WINDOWS\system32\mllmj.dll (file missing)
    O4 - HKLM\..\Run: [73574056] rundll32.exe "C:\WINDOWS\system32\hkdktetw.dll",b

    =====================

    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    [*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\gebxuvs.dll

    [*]Klikkaa Add Files ja sitten klikkaa Close Window.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
     
    Hujo, 30.12.2007
    #14
  16. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:32:24 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\adsa12.exe
    C:\WINDOWS\asd72.exe
    C:\WINDOWS\is.exe
    C:\WINDOWS\is7.exe
    C:\WINDOWS\lux.exe
    C:\WINDOWS\s02.exe
    C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sdz.exe
    C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\th.exe
    C:\WINDOWS\th3.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\adsa12.exe
    C:\WINDOWS\adsa12.exe Has been deleted!

    Attempting to delete C:\WINDOWS\asd72.exe
    C:\WINDOWS\asd72.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is.exe
    C:\WINDOWS\is.exe Has been deleted!

    Attempting to delete C:\WINDOWS\is7.exe
    C:\WINDOWS\is7.exe Has been deleted!

    Attempting to delete C:\WINDOWS\lux.exe
    C:\WINDOWS\lux.exe Has been deleted!

    Attempting to delete C:\WINDOWS\s02.exe
    C:\WINDOWS\s02.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sadsa2.exe
    C:\WINDOWS\sadsa2.exe Has been deleted!

    Attempting to delete C:\WINDOWS\sdz.exe
    C:\WINDOWS\sdz.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awttrpo.dll
    C:\WINDOWS\system32\awttrpo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\byxvtqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxxwww.dll
    C:\WINDOWS\system32\cbxxwww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
    C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\fccyawx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gebxvwu.dll
    C:\WINDOWS\system32\gebxvwu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hggecyy.dll
    C:\WINDOWS\system32\hggecyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgggggd.dll
    C:\WINDOWS\system32\hgggggd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hkdktetw.dll
    C:\WINDOWS\system32\hkdktetw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcywv.dll
    C:\WINDOWS\system32\iifcywv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.exe
    C:\WINDOWS\system32\jkhfd.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkkjjk.dll
    C:\WINDOWS\system32\jkkkjjk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmtqadmf.dll
    C:\WINDOWS\system32\jmtqadmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfghfe.dll
    C:\WINDOWS\system32\khfghfe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnllmk.dll
    C:\WINDOWS\system32\nnnllmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnkheb.dll
    C:\WINDOWS\system32\pmnkheb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkhg.dll
    C:\WINDOWS\system32\pmnnkhg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnkii.dll
    C:\WINDOWS\system32\pmnnkii.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnnnl.dll
    C:\WINDOWS\system32\pmnnnnl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\wtetkdkh.ini
    C:\WINDOWS\system32\wtetkdkh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuvtss.dll
    C:\WINDOWS\system32\vtuvtss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\xxyxwwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yaywxxv.dll
    C:\WINDOWS\system32\yaywxxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\th.exe
    C:\WINDOWS\th.exe Has been deleted!

    Attempting to delete C:\WINDOWS\th3.exe
    C:\WINDOWS\th3.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:10:13 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\wkssvr.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\klnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.dll
    C:\WINDOWS\system32\pmnlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlk.exe
    C:\WINDOWS\system32\pmnlk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\wkssvr.exe
    C:\WINDOWS\wkssvr.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 19:41:02 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 20:12:18 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\mljge.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 23:50:28 29.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\ughsqjfs.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.exe
    C:\WINDOWS\system32\mljge.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ughsqjfs.exe
    C:\WINDOWS\system32\ughsqjfs.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 0:26:46 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.exe
    C:\WINDOWS\system32\mljjg.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 12:59:48 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
    C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\mljjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjg.exe
    C:\WINDOWS\system32\mljjg.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 13:30:22 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 14:02:55 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 14:41:03 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 17:27:12 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 18:02:02 30.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\jkkji.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\gebxuvs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:39:18, on 30.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Winamp\winampa .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {165EDDEA-E8BE-43DF-98A7-999D3DE64016} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: (no name) - {5BEF1E84-7CB2-46D7-88FE-76E31C887F86} - C:\WINDOWS\system32\mllmj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {B0EEDC94-E177-43D2-B600-84E7AC69969B} - C:\WINDOWS\system32\gebxuvs.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9296 bytes
     
    Pensq, 30.12.2007
    #15
  17. Hujo

    Hujo Guest

    Johan on

    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    [*]Kopioi ja liitä seuraavat 3 riviä Kolmeen ylimmäiseen boksiin

    C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\mllmj.dll

    [*]Klikkaa Add Files ja sitten klikkaa Close Window.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    ==========================

    Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
     
    Moderaattorin viimeksi muokkaama: 30.12.2007
    Hujo, 30.12.2007
    #16
  18. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Joo yritetään nyt vielä, mut ei se kyllä varmaan poista tota
    C:\WINDOWS\system32\gebxuvs.dll, kun siitä tulee joka kerta jotain noottia ettei sitä voi poistaa..
     
    Pensq, 30.12.2007
    #17
  19. Hujo

    Hujo Guest

    Ota tolla sitten

    1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, 30.12.2007
    #18
  20. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Joopa joo, taisi olla aika paljon sontaa koneella.. :) Tai en tiedä lähtikö ne edes vai mitä..?


    ComboFix 07-12-21.4 - J&L 2007-12-30 19:48:26.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.136 [GMT 2:00]
    Running from: C:\Documents and Settings\J&L\Työpöytä\ComboFix(2).exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
    C:\WINDOWS\images.zip
    C:\WINDOWS\system32\gebxuvs.dll
    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\khfdawt.dll
    C:\WINDOWS\system32\mllmj.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-11-28 to 2007-12-30 )))))))))))))))))
    .

    2007-12-30 20:00 . 2007-12-30 20:01 319 --ahs---- C:\WINDOWS\system32\jmllm.ini
    2007-12-30 19:57 . 2007-12-30 19:57 344,576 --------- C:\WINDOWS\system32\mllmj.dll
    2007-12-30 19:34 . 2007-12-30 19:58 348,160 --a------ C:\WINDOWS\system32\mllmj.exe
    2007-12-29 22:41 . 2007-12-29 22:41 348,160 --a------ C:\WINDOWS\system32\RCX59.tmp
    2007-12-29 22:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Java
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-12-29 17:33 . 2007-12-29 17:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-12-29 16:54 . 2007-12-29 16:54 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-29 11:38 . 2007-12-29 11:38 1,044,480 --a------ C:\WINDOWS\dsad31.exe
    2007-12-28 20:05 . 2007-12-28 20:05 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-28 18:10 . 2007-12-29 21:31 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-27 21:39 . 2007-12-27 21:39 180,769 --a------ C:\WINDOWS\activate.exe
    2007-12-26 22:17 . 2007-12-26 22:17 268 --ah----- C:\sqmdata04.sqm
    2007-12-26 22:17 . 2007-12-26 22:17 244 --ah----- C:\sqmnoopt04.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 268 --ah----- C:\sqmdata03.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 244 --ah----- C:\sqmnoopt03.sqm
    2007-12-26 12:38 . 2007-12-30 19:34 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-26 12:35 . 2007-12-26 12:35 268 --ah----- C:\sqmdata02.sqm
    2007-12-26 12:35 . 2007-12-26 12:35 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 268 --ah----- C:\sqmdata01.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-23 23:22 . 2007-12-29 18:03 189,952 --a------ C:\WINDOWS\wkssvr .exe
    2007-12-23 23:18 . 2007-12-23 23:18 268 --ah----- C:\sqmdata00.sqm
    2007-12-23 23:18 . 2007-12-23 23:18 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-21 19:48 . 2007-12-21 19:48 15,934 --a------ C:\WINDOWS\sdoz.exe
    2007-11-29 16:13 . 2007-11-29 16:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-03 22:07 . 2007-11-03 22:07 <KANSIO> d-------- C:\Documents and Settings\J&L\Contacts

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-30 17:58 365,056 ----a-w C:\WINDOWS\system32\ctfmon.exe
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:52 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:52 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:52 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:52 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:52 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:52 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:52 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:52 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:52 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:52 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:52 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:52 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:52 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:52 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:52 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:52 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:52 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:52 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{165EDDEA-E8BE-43DF-98A7-999D3DE64016}]
    C:\WINDOWS\system32\jkkji.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBD88DB8-26CE-41E8-954B-9E94F2ECC17C}]
    2007-12-30 19:57 344576 --------- C:\WINDOWS\system32\mllmj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-30 19:39]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2007-12-30 19:39]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2007-12-30 19:39]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-12-30 19:39]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2007-12-30 19:39]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-12-30 19:39]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-12-30 19:39]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-30 19:39]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-30 19:39]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-12-30 19:39]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-12-30 19:39]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 12:50 C:\WINDOWS\LOGI_MWX.EXE]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-30 19:58]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-30 19:39]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-30 19:39]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\mllmj.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmj

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
    R2 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2005-12-23 01:13]
    R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-06-02 13:59]
    R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-06-02 13:59]
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 23:10]
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-03-23 09:59]
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-03-23 09:59]
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-03-23 09:59]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-30 20:00:42
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-30 20:03:10 - machine was rebooted
    .
    2007-12-12 07:28:21 --- E O F ---
     
    Pensq, 30.12.2007
    #19
  21. judas6

    judas6 Regular member

    Liittynyt:
    25.04.2006
    Viestejä:
    104
    Kiitokset:
    0
    Pisteet:
    26
    Kokeiles kuule f-securen online scannerii , löytyy googlella
     
    judas6, 30.12.2007
    #20
Sivu 1 / 2

Jaa tämä sivu