1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Auttakaa joku blondia, jolla on saipaa koneella!

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Pensq 28.12.2007.

  1. Hujo

    Hujo Guest

    Pensq

    Laitas scannaten uusi hjt:n loki
     
  2.  
  3. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Siinä olisi tuo hjt-logi



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:55:18, on 30.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Winamp\winampa .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {165EDDEA-E8BE-43DF-98A7-999D3DE64016} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7A360DCE-023D-4A6F-8A06-286AFE9A74AB} - C:\WINDOWS\system32\mllmj.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9189 bytes
     
  4. Hujo

    Hujo Guest

    1) Lataa VirtumundoBegone
    2) Tallenna VirtumundoBeGone.exe työpöydällesi.
    3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
    4) Kun työkalu on valmis, käynnistä kone uudelleen
     
  5. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Tällasta sieltä tuli, mitäköhän se meinaa..



    [12/31/2007, 13:41:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\J&L\Työpöytä\VirtumundoBeGone.exe" )
    [12/31/2007, 13:41:53] - Detected System Information:
    [12/31/2007, 13:41:53] - Windows Version: 5.1.2600, Service Pack 2
    [12/31/2007, 13:41:53] - Current Username: J&L (Admin)
    [12/31/2007, 13:41:53] - Windows is in NORMAL mode.
    [12/31/2007, 13:41:53] - Searching for Browser Helper Objects:
    [12/31/2007, 13:41:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [12/31/2007, 13:41:53] - BHO 2: {165EDDEA-E8BE-43DF-98A7-999D3DE64016} ()
    [12/31/2007, 13:41:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/31/2007, 13:41:53] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [12/31/2007, 13:41:53] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [12/31/2007, 13:41:54] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/31/2007, 13:41:54] - BHO 4: {7E148C68-DF6B-424D-9629-9F3187FB25A4} ()
    [12/31/2007, 13:41:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/31/2007, 13:41:54] - Checking for HKLM\...\Winlogon\Notify\mllmj
    [12/31/2007, 13:41:54] - Key not found: HKLM\...\Winlogon\Notify\mllmj, continuing.
    [12/31/2007, 13:41:54] - Finished Searching Browser Helper Objects
    [12/31/2007, 13:41:54] - Finishing up...
    [12/31/2007, 13:41:54] - Nothing found! Exiting...
     
  6. Hujo

    Hujo Guest

    Lataa CWShredder
    http://cwshredder.net/bin/CWShredder.exe
    Ja tallenna se työpöydälle

    -Scannaa kone CWShredder avulla : Muista sulkea selain + kaikki muut ikkunat ennenkuin käytät tuota CWShredderiä.
    -Paina Fix-->näppäintä.
    -Vastaa ohjelman kysymyksiin OK.
    -Ohjelman käytyä kohteet läpi paina Next-->näppäintä.
    -Loppuyhteenvedon tulos tulee tämän jälkeen.
    -puhdistuksen jälkeen käynnistä kone uudelleen.

    Lähetä CWShredder raportti.

    ==============

    scannaa uusi hjt:n loki

     
    Moderaattorin viimeksi muokkaama: 31.12.2007
  7. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:39, on 31.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Winamp\winampa .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0ECA49DB-C890-45F0-AC32-DA5B49C5D655} - C:\WINDOWS\system32\mllmj.dll
    O2 - BHO: (no name) - {165EDDEA-E8BE-43DF-98A7-999D3DE64016} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9121 bytes
     
  8. Hujo

    Hujo Guest

    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    [*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

    C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.dll

    [*]Klikkaa Add Files ja sitten klikkaa Close Window.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
     
  9. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 15:09:00 31.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.exe Has been deleted!

    Performing Repairs to the registry.
    Done!





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:44:43, on 31.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Winamp\winampa .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {165EDDEA-E8BE-43DF-98A7-999D3DE64016} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {DE856176-3C04-4252-9BCF-1CD91B308A92} - C:\WINDOWS\system32\mllmj.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9357 bytes
     
  10. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: (no name) - {165EDDEA-E8BE-43DF-98A7-999D3DE64016} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: (no name) - {DE856176-3C04-4252-9BCF-1CD91B308A92} - C:\WINDOWS\system32\mllmj.dll

    =========================

    Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
    Tallenna se nimellä CFScript

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    ja ajata se vundofix vielä,ohjeet alkuperäisessä viestissä

    Scannaa uusi hjt:n loki viimisenä
     
    Moderaattorin viimeksi muokkaama: 31.12.2007
  11. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    ComboFix 07-12-21.4 - J&L 2007-12-31 16:18:49.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.109 [GMT 2:00]
    Running from: C:\Documents and Settings\J&L\Työpöytä\ComboFix(2).exe
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-11-28 to 2007-12-31 )))))))))))))))))
    .

    2007-12-31 16:24 . 2007-12-31 16:24 344,576 --------- C:\WINDOWS\system32\mllmj.dll
    2007-12-31 15:09 . 2007-12-31 15:09 <KANSIO> d-------- C:\VundoFix Backups
    2007-12-30 21:41 . 2007-12-30 21:41 348,160 --a------ C:\WINDOWS\system32\RCX3C.tmp
    2007-12-30 21:21 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-30 21:21 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2007-12-30 21:21 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-12-30 21:21 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-30 21:21 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-30 21:21 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-30 21:21 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-30 21:21 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-30 21:17 . 2007-12-30 21:17 348,160 --a------ C:\WINDOWS\system32\RCX39.tmp
    2007-12-29 22:41 . 2007-12-29 22:41 348,160 --a------ C:\WINDOWS\system32\RCX59.tmp
    2007-12-29 22:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Java
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-12-29 17:33 . 2007-12-29 17:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-12-29 16:54 . 2007-12-29 16:54 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-29 11:38 . 2007-12-29 11:38 1,044,480 --a------ C:\WINDOWS\dsad31.exe
    2007-12-28 20:05 . 2007-12-28 20:05 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-28 18:10 . 2007-12-29 21:31 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-27 21:39 . 2007-12-27 21:39 180,769 --a------ C:\WINDOWS\activate.exe
    2007-12-26 22:17 . 2007-12-26 22:17 268 --ah----- C:\sqmdata04.sqm
    2007-12-26 22:17 . 2007-12-26 22:17 244 --ah----- C:\sqmnoopt04.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 268 --ah----- C:\sqmdata03.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 244 --ah----- C:\sqmnoopt03.sqm
    2007-12-26 12:38 . 2007-12-31 16:25 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-26 12:35 . 2007-12-26 12:35 268 --ah----- C:\sqmdata02.sqm
    2007-12-26 12:35 . 2007-12-26 12:35 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 268 --ah----- C:\sqmdata01.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-23 23:22 . 2007-12-29 18:03 189,952 --a------ C:\WINDOWS\wkssvr .exe
    2007-12-23 23:18 . 2007-12-23 23:18 268 --ah----- C:\sqmdata00.sqm
    2007-12-23 23:18 . 2007-12-23 23:18 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-21 19:48 . 2007-12-21 19:48 15,934 --a------ C:\WINDOWS\sdoz.exe
    2007-11-29 16:13 . 2007-11-29 16:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-03 22:07 . 2007-11-03 22:07 <KANSIO> d-------- C:\Documents and Settings\J&L\Contacts

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-31 14:24 365,056 ----a-w C:\WINDOWS\system32\ctfmon.exe
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:52 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:52 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:52 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:52 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:52 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:52 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:52 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:52 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:52 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:52 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:52 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:52 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:52 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:52 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:52 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:52 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:52 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:52 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-30_20.02.03.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-07 14:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
    + 2007-05-07 14:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
    + 2007-05-07 14:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
    - 2007-12-29 20:41:24 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    + 2007-12-31 11:35:28 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    - 2007-12-30 17:58:12 558,592 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
    + 2007-12-31 14:25:30 558,592 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
    - 2007-12-29 20:41:24 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
    + 2007-12-31 11:35:26 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
    - 2007-12-30 17:58:14 407,552 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    + 2004-09-15 18:00:00 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
    - 2007-12-29 20:41:26 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
    + 2007-12-31 11:35:34 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
    - 2007-12-30 17:58:16 805,376 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    + 2004-09-15 18:00:00 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
    + 2007-12-31 14:24:26 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_164.dat
    + 2007-12-31 14:24:20 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_698.dat
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CCB589-F4FE-4C9E-9A39-4545D9675658}]
    2007-12-31 16:24 344576 --------- C:\WINDOWS\system32\mllmj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-31 16:25]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2007-12-31 13:35]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2007-12-31 16:25]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-12-31 13:35]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2007-12-31 13:35]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-12-31 15:40]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-12-31 13:35]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-31 16:25]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-31 13:35]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-12-31 13:35]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-12-31 13:35]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 12:50 C:\WINDOWS\LOGI_MWX.EXE]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-31 13:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:35]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-31 15:40]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\mllmj.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmj

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
    R2 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2005-12-23 01:13]
    R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-06-02 13:59]
    R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-06-02 13:59]
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 23:10]
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-03-23 09:59]
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-03-23 09:59]
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-03-23 09:59]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 16:27:12
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-31 16:30:02 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-30 20:03
    .
    2007-12-12 07:28:21 --- E O F ---
     
  12. Hujo

    Hujo Guest

    ajas vundoFix ja sitten uusi hjt:n loki
     
    Moderaattorin viimeksi muokkaama: 31.12.2007
  13. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 15:09:00 31.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 16:37:09 31.12.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllmj.dll
    C:\WINDOWS\system32\mllmj.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:16:35, on 31.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Winamp\winampa .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {78D0E7D2-2ECD-4E32-8324-20B0C85F1FB6} - C:\WINDOWS\system32\mllmj.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9176 bytes
     
  14. Hujo

    Hujo Guest

    ajas combofix uudestaan
     
  15. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    ComboFix 07-12-21.4 - J&L 2008-01-01 10:55:06.3 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.103 [GMT 2:00]
    Running from: C:\Documents and Settings\J&L\Työpöytä\ComboFix(2).exe
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\jmllm.ini
    C:\WINDOWS\system32\jmllm.ini2
    C:\WINDOWS\system32\mllmj.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-01 to 2008-01-01 )))))))))))))))))
    .

    2008-01-01 11:01 . 2008-01-01 11:01 344,576 --------- C:\WINDOWS\system32\mllmj.dll
    2007-12-31 17:12 . 2008-01-01 11:02 348,160 --a------ C:\WINDOWS\system32\mllmj.exe
    2007-12-31 15:09 . 2007-12-31 15:09 <KANSIO> d-------- C:\VundoFix Backups
    2007-12-30 21:41 . 2007-12-30 21:41 348,160 --a------ C:\WINDOWS\system32\RCX3C.tmp
    2007-12-30 21:21 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-30 21:21 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2007-12-30 21:21 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-12-30 21:21 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-30 21:21 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-30 21:21 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-30 21:21 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-30 21:21 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-30 21:17 . 2007-12-30 21:17 348,160 --a------ C:\WINDOWS\system32\RCX39.tmp
    2007-12-29 22:41 . 2007-12-29 22:41 348,160 --a------ C:\WINDOWS\system32\RCX59.tmp
    2007-12-29 22:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Java
    2007-12-29 22:18 . 2007-12-29 22:18 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-12-29 17:33 . 2007-12-29 17:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-12-29 16:54 . 2007-12-29 16:54 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-29 11:38 . 2007-12-29 11:38 1,044,480 --a------ C:\WINDOWS\dsad31.exe
    2007-12-28 20:05 . 2007-12-28 20:05 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-28 18:10 . 2007-12-29 21:31 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-27 21:39 . 2007-12-27 21:39 180,769 --a------ C:\WINDOWS\activate.exe
    2007-12-26 22:17 . 2007-12-26 22:17 268 --ah----- C:\sqmdata04.sqm
    2007-12-26 22:17 . 2007-12-26 22:17 244 --ah----- C:\sqmnoopt04.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 268 --ah----- C:\sqmdata03.sqm
    2007-12-26 13:20 . 2007-12-26 13:20 244 --ah----- C:\sqmnoopt03.sqm
    2007-12-26 12:38 . 2008-01-01 11:01 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-26 12:35 . 2007-12-26 12:35 268 --ah----- C:\sqmdata02.sqm
    2007-12-26 12:35 . 2007-12-26 12:35 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 268 --ah----- C:\sqmdata01.sqm
    2007-12-24 20:05 . 2007-12-24 20:05 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-23 23:22 . 2007-12-29 18:03 189,952 --a------ C:\WINDOWS\wkssvr .exe
    2007-12-23 23:18 . 2007-12-23 23:18 268 --ah----- C:\sqmdata00.sqm
    2007-12-23 23:18 . 2007-12-23 23:18 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-21 19:48 . 2007-12-21 19:48 15,934 --a------ C:\WINDOWS\sdoz.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-01 09:01 365,056 ----a-w C:\WINDOWS\system32\ctfmon.exe
    2007-11-29 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:52 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:52 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:52 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:52 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:52 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:52 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:52 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:52 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:52 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:52 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:52 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:52 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:52 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:52 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:52 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:52 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:52 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:52 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-30_20.02.03.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-07 14:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
    + 2007-05-07 14:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
    + 2007-05-07 14:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
    - 2007-12-29 20:41:24 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    + 2008-01-01 08:46:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    - 2007-12-30 17:58:12 558,592 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
    + 2004-09-15 18:00:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
    - 2007-12-29 20:41:24 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
    + 2008-01-01 08:45:58 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
    - 2007-12-30 17:58:14 407,552 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    + 2008-01-01 09:02:02 407,552 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    - 2007-12-29 20:41:26 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
    + 2008-01-01 08:46:04 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
    - 2007-12-30 17:58:16 805,376 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    + 2008-01-01 09:02:14 805,376 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    + 2008-01-01 09:00:54 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_158.dat
    + 2008-01-01 09:00:50 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6496D31-4D87-4BA3-9BB5-993A340E0D9F}]
    2008-01-01 11:01 344576 --------- C:\WINDOWS\system32\mllmj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-01 11:01]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-01 10:45]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2008-01-01 11:01]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2008-01-01 10:45]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2008-01-01 10:45]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2008-01-01 10:45]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-01-01 10:45]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2008-01-01 11:02]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-01 10:45]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-01-01 10:45]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-01-01 10:45]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 12:50 C:\WINDOWS\LOGI_MWX.EXE]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-01 10:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-01 10:45]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 11:02]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\mllmj.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmj

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
    R2 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2005-12-23 01:13]
    R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-06-02 13:59]
    R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-06-02 13:59]
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 23:10]
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-03-23 09:59]
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-03-23 09:59]
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-03-23 09:59]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-01 11:03:48
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-01 11:06:32 - machine was rebooted
    C:\ComboFix3.txt ... 2007-12-30 20:03
    C:\ComboFix2.txt ... 2007-12-31 16:30
    .
    2007-12-12 07:28:21 --- E O F ---
     
  16. Hujo

    Hujo Guest

    Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

    ============

    niin se hjt loki
     
    Moderaattorin viimeksi muokkaama: 01.01.2008
  17. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:52, on 1.1.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Program Files\Winamp\winampa .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {494A056F-A888-4184-9F51-ED2847636B8F} - C:\WINDOWS\system32\mllmj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9176 bytes
     
  18. Hujo

    Hujo Guest

    Lataa KillBox http://www.killbox.net/downloads/KillBox.exe

    Tallenna työpöydälle. Jolloin ilmestyy kuvake KillBox.exe

    Avaa KillBox ja laita "täppi" kohtaan Delete on Reboot sekä paina kohdasta All Files niin ,että se alkaa "vilkkumaan" vihreänä.

    Kopioi tuosta alta kaikki yhtäaikkaa

    C:\WINDOWS\system32\mllmj.exe
    C:\WINDOWS\system32\mllmj.dll

    Valitse ylhäältä valikosta File ja sitten Paste from Clipboard.

    Riville Full Path of File to Delete ilmestyy jokin annetuista poluista ja tiedosto näkyy rivin alapuolella sinisellä merkittynä jos se löytyy koneelta.Paina tämän jälkeen oikealla olevaa punaista ympyrää jossa on valkoinen rasti.

    Haluatko buutata nyt ? Vastaa tähän Kyllä

    Tämän jälkeen kone buuttaa itsensä. Jos ei buuttaa niin suorita toimenpide itse "käsin".
     
  19. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Koitin tota Killboxii ja tässä on uusin HJT-logi:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00:18, on 1.1.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Acer\Acer Arcade\PCMService .exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
    C:\PROGRA~1\LAUNCH~1\LManager .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Winamp\winampa .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {F5899285-C909-4738-AF34-D00020199AD6} - C:\WINDOWS\system32\mllmj.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9189 bytes
     
  20. Hujo

    Hujo Guest

    Lataa CWShredder http://us.trendmicro.com/us/products/personal/CWShredder/index.html
    Ja tallenna se työpöydälle

    -Scannaa kone CWShredder avulla : Muista sulkea selain + kaikki muut ikkunat ennenkuin käytät tuota CWShredderiä.
    -Paina Fix-->näppäintä.
    -Vastaa ohjelman kysymyksiin OK.
    -Ohjelman käytyä kohteet läpi paina Next-->näppäintä.
    -Loppuyhteenvedon tulos tulee tämän jälkeen.
    -puhdistuksen jälkeen käynnistä kone uudelleen.

    Lähetä CWShredder raportti.
     
    Moderaattorin viimeksi muokkaama: 01.01.2008
  21. Pensq

    Pensq Member

    Liittynyt:
    28.12.2007
    Viestejä:
    20
    Kiitokset:
    0
    Pisteet:
    11
    Ei tuo CWShredder löytänyt mitään..
     

Jaa tämä sivu