1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Epäilyttävä viesti?? HjT-loki. Tarkastakaa... :/

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi eikukaan 05.11.2007.

  1. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Eli Avast! lähettää jtn tommosta kokoajan:
    Epäilyttävä viesti..




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:59:42, on 5.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\PuXpMan.exe
    C:\WINDOWS\system32\wcclzbmcx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alcohol 120\alcohol_.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\imapi.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Windows.old\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O4 - HKLM\..\RunServices: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
    O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Print Spooler Service (uylu4uiaf8upna) - Unknown owner - C:\WINDOWS\system32\wcclzbmcx.exe

    --
    End of file - 11287 bytes
     
  2.  
  3. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    tartten oikeesti nopeest apua... :|
     
  4. SlimJoe

    SlimJoe Regular member

    Liittynyt:
    22.04.2007
    Viestejä:
    285
    Kiitokset:
    0
    Pisteet:
    26
    Eli ei ole minun kirjoittama vaan ajattelin edes yrittää auttaa sinua, koska kukaan muu ei auta.. Otin ohjeen virustorjunta sivustolta..

    edit: siis se löytyy täältä: http://www.kaspersky.com/virusscanner
    edit2: Melko isoja ongelmia on varmaan kyseessä.. Tuossa on keskustelu just samasta ongelmasta : http://keskustelu.afterdawn.com/thread_view.cfm/545092
    edit3: tuossa samaa asiaa englanniksi: http://www.bleepingcomputer.com/forums/index.php?showtopic=64212&hl=identical+emails
     
    Viimeksi muokattu: 10.11.2007
  5. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    moi

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    *Käynnistä tietokone
    *Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    *Seuraavaksi pitäisi ilmestyä valikko
    *Valitse valikosta vikasietotila.

    * Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
    * Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    * Paina Y käynnistääksesi skriptin.
    * Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    * Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    * Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    * Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    * Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    * Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.


    Lähetä sdfix-loki ja uusi hjt-loki
     
  6. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Joo kiitti noista, pitää vähän odotella ku toi kaspersky online skannerilla kestää hiukan.. siinäki se on löytäny jo 4 virusta ja 15 infected objects..
     
  7. joblo92

    joblo92 Member

    Liittynyt:
    16.07.2007
    Viestejä:
    55
    Kiitokset:
    0
    Pisteet:
    16
    Mulla taas Kaspersky skannannut jo vajaa 4h, eikä mitään löytänyt...
    Vasta 51% skannaus valmis.
     
  8. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    peruta se kasperskyn skannaus ja aja tuo sdfix ohjeitten mukaisesti
     
  9. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Tos on toi Kaspersky Online Scannerin loki...



    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, November 10, 2007 6:11:13 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 10/11/2007
    Kaspersky Anti-Virus database records: 455940
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    K:\
    L:\
    M:\
    N:\

    Scan Statistics:
    Total number of scanned objects: 256414
    Number of viruses found: 4
    Number of infected objects: 15
    Number of suspicious objects: 0
    Duration of the scan process: 04:31:12

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04012007-211231.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16A51F06.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB55B92.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F0A1F34.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F93029E.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FD77452.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\212B02DC.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\224173AB.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D40820.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0E46C7.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A4F0E7F.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36110BF6.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F0B7516.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Sivuhistoria\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\flashgot.log Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\history.dat Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\key3.db Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Minä\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Minä\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Application Data\Mozilla\Firefox\Profiles\0rqyyd6q.default\XUL.mfl Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\History\History.IE5\MSHist012007111020071111\index.dat Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Temp\~DF87AF.tmp Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Temp\~DF9A2A.tmp Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Temp\~DFF5AB.tmp Object is locked skipped
    C:\Documents and Settings\Minä\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Minä\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Minä\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\eDS_PSD_drive.vmdf Object is locked skipped
    C:\Program Files\AdVantage\TR.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\tracking.log Object is locked skipped
    C:\System Volume Information\_restore{1289DBFF-7866-429D-B56A-15FA7EAC6C13}\RP402\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B05B8EDF-22B4-4EC0-B29D-C15B0D9C7D4C}.crmlog Object is locked skipped
    C:\WINDOWS\S4E60D04B.tmp Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{DC20C314-6DC8-4A9B-BB55-CA999B363962}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\te.exe Infected: Backdoor.Win32.Agent.ckj skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wcclzbmcx.exe Infected: Backdoor.Win32.Agent.ckj skipped
    C:\WINDOWS\temp\Perflib_Perfdata_788.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\hiberfil.sys Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{1289DBFF-7866-429D-B56A-15FA7EAC6C13}\RP402\change.log Object is locked skipped
    D:\Users\Minä\AppData\Local\Temp\~DF6582.tmp Object is locked skipped
    D:\Users\Minä\AppData\Local\Temp\~DF666C.tmp Object is locked skipped
    D:\Users\Minä\AppData\Local\Temp\~DFCBEE.tmp Object is locked skipped
    D:\Users\Minä\AppData\Local\Temp\~DFCC11.tmp Object is locked skipped
    D:\Windows\CSC\v2.0.6\pq Object is locked skipped
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped

    Scan process completed.
     
  10. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    se sdfix-loki vielä....
     
  11. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Sori ku kesti, mut ku yritin lähettää, ni jumittus toho "Käsitellään viestiä..."-kohtaan eli laitoin Sen SDFix-lokin ja uus HjT-lokin

    Tänne
     
  12. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    ei ollu uutta hjt-lokia,koita saada se tänne
     
  13. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    DOH!!!!!!!!! menee hermot koht.. Sinne suomi24:n mahtuu vaa rajotetusti eli siin ei ollu ees kaikkii siit SDFix-lokista, ku vaan osa.. Ja tänne en saa niitä ku Jumittuu siihen kun se käsittelee viestiä..
    Mihin laittaisin sen/ne???
     
  14. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    anna sen rauhas käsitellä,voi mennä muutama minuutti
     
  15. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    koitan viel.. Täs uus HjT-loki:






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:44:51, on 10.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\WINDOWS\system32\PuXpMan.exe
    C:\WINDOWS\system32\wcclzbmcx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Windows.old\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
    O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Print Spooler Service (kueuvyii) - Unknown owner - C:\WINDOWS\system32\wcclzbmcx.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 11253 bytes
     
  16. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    ja sitten...


    Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä) sc stop kueuvyii (pamauta enteriä )
    Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä)sc delete kueuvyii (pamauta enteriä )



    Tee uusi hjt-scannaus Do a System scan only
    Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O4 - HKLM\..\RunServices: [wcclzbmcx] C:\WINDOWS\system32\wcclzbmcx.exe
    O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)


    Käynnistä kone uudelleen

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    Lähetä C:\ComboFix.txt + uusi hjt-loki
     
  17. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Täs tää Combofix-loki:






    "Min„" - 07-11-10 22:57:02 Service Pack 2
    ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Min„\Desktop\Ohjelmat"


    ((((((((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))


    2007-11-10 19:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-11-10 10:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-10 10:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-10 10:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-10 10:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-10 10:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-10 10:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-10 10:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-09 17:02 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2007-11-05 16:59 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\wcclzbmcx.exe
    2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\te.exe
    2007-11-02 22:39 299,008 --a------ C:\WINDOWS\uninst.exe
    2007-10-30 17:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-10-29 20:50 188,416 --a------ C:\WINDOWS\system32\eax.dll
    2007-10-29 20:47 <KANSIO> d-------- C:\Program Files\Eidos
    2007-10-29 20:38 <KANSIO> d-------- C:\Program Files\SlySoft
    2007-10-29 20:21 81,920 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\ezpinst.exe
    2007-10-29 20:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-10-29 20:21 47,360 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\pcouffin.sys
    2007-10-29 20:21 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
    2007-10-29 20:21 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Vso
    2007-10-29 18:00 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-10-28 16:29 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-10-26 16:19 <KANSIO> d-------- C:\Program Files\Lavalys
    2007-10-25 18:30 <KANSIO> d-------- C:\Program Files\Alcohol 120
    2007-10-18 16:57 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Command & Conquer 3 Tiberium Wars


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
    2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
    2007-11-08 17:21 -------- d-------- C:\Program Files\steam
    2007-11-08 17:21 -------- d-------- C:\Program Files\steam
    2007-11-06 16:15 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-06 16:13 103736 --a------ C:\WINDOWS\system32\pnkbstrb.exe
    2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
    2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
    2007-10-30 17:12 1780 --a------ C:\WINDOWS\mozver.dat
    2007-10-30 17:12 -------- d-------- C:\Program Files\java
    2007-10-30 17:12 -------- d-------- C:\Program Files\java
    2007-10-29 20:51 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
    2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
    2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
    2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
    2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
    2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
    2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
    2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
    2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
    2007-10-13 18:40 40 --a------ C:\WINDOWS\rsoftinfo.dat
    2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
    2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
    2007-10-07 19:16 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
    2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
    2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
    2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
    2007-09-22 15:29 4 --a------ C:\WINDOWS\info147.sys
    2007-09-22 15:26 -------- d-------- C:\Program Files\Common Files\totem shared
    2007-09-17 20:04 -------- d-------- C:\Program Files\emule
    2007-09-17 20:04 -------- d-------- C:\Program Files\emule
    2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
    2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
    2007-09-10 19:12 -------- d-------- C:\Program Files\urusoft
    2007-09-10 19:12 -------- d-------- C:\Program Files\urusoft
    2007-09-07 15:47 4 --a------ C:\WINDOWS\system32\proc-503976190.bin
    2007-09-04 19:06 0 -ra------ C:\logwmemory.bin
    2007-08-21 08:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-08-13 07:55 66872 --a------ C:\WINDOWS\system32\pnkbstra.exe
    2007-08-10 21:56 93128 --a------ C:\WINDOWS\system32\elbycdio.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "1A:Stardock TrayMonitor"="\"C:\\Program Files\\Common Files\\Stardock\\TrayServer.exe\""
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "LaunchApp"="Alaunch"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "RTHDCPL"="RTHDCPL.EXE"
    "SkyTel"="SkyTel.EXE"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 1"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
    "mspwr"="C:\\WINDOWS\\system32\\PuXpMan.exe"
    "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f3707da-e130-11db-9138-001921053f47}]
    Shell\AutoRun\command K:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\chkdsk.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Tarkistetaan Windows Live -ty”kalurivin p„ivitykset.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-11-10 22:59:13
     
  18. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Ja uus HjT-loki:






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:00:55, on 10.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\WINDOWS\system32\PuXpMan.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08fa1db26a11472a87c38a5a769b8974
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 10532 bytes
     
  19. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    ja sitten...


    Tee uusi hjt-scannaus Do a System scan only
    Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u



    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna nimellä ComboFix-Do.txt (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.



    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi


    Lähetä combofix.txt + f-secure raportti + uusi hjt-loki
     
  20. eikukaan

    eikukaan Regular member

    Liittynyt:
    28.03.2007
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Täs tää Combofix-loki..
    Pitää ootella tota Kaspersky scannausta, jos kestää kauheesti ni jätän sen yöksi päälle ja katon aamulla







    "Min„" - 07-11-10 23:49:15 Service Pack 2
    ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Min„"
    Command switches used :: "C:\Documents and Settings\Min„\Desktop\ComboFix-Do.txt"


    ((((((((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))


    2007-11-10 19:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-11-10 10:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-10 10:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-10 10:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-10 10:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-10 10:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-10 10:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-10 10:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-09 17:02 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2007-11-05 16:59 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\wcclzbmcx.exe
    2007-11-04 21:28 236,713 --a------ C:\WINDOWS\system32\te.exe
    2007-11-02 22:39 299,008 --a------ C:\WINDOWS\uninst.exe
    2007-10-30 17:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-10-29 20:50 188,416 --a------ C:\WINDOWS\system32\eax.dll
    2007-10-29 20:47 <KANSIO> d-------- C:\Program Files\Eidos
    2007-10-29 20:38 <KANSIO> d-------- C:\Program Files\SlySoft
    2007-10-29 20:21 81,920 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\ezpinst.exe
    2007-10-29 20:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-10-29 20:21 47,360 --a------ C:\DOCUME~1\MIN~1\APPLIC~1\pcouffin.sys
    2007-10-29 20:21 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
    2007-10-29 20:21 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Vso
    2007-10-29 18:00 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-10-28 16:29 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-10-26 16:19 <KANSIO> d-------- C:\Program Files\Lavalys
    2007-10-25 18:30 <KANSIO> d-------- C:\Program Files\Alcohol 120
    2007-10-18 16:57 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Command & Conquer 3 Tiberium Wars


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
    2007-11-09 17:13 -------- d--h----- C:\Program Files\installshield installation information
    2007-11-08 17:21 -------- d-------- C:\Program Files\steam
    2007-11-08 17:21 -------- d-------- C:\Program Files\steam
    2007-11-06 16:15 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-06 16:13 103736 --a------ C:\WINDOWS\system32\pnkbstrb.exe
    2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
    2007-10-30 20:27 -------- d-------- C:\Program Files\limewire
    2007-10-30 17:12 1780 --a------ C:\WINDOWS\mozver.dat
    2007-10-30 17:12 -------- d-------- C:\Program Files\java
    2007-10-30 17:12 -------- d-------- C:\Program Files\java
    2007-10-29 20:51 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
    2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
    2007-10-28 16:36 -------- d-------- C:\Program Files\electronic arts
    2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
    2007-10-14 20:56 -------- d-------- C:\Program Files\ganymede
    2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
    2007-10-14 20:55 -------- d-------- C:\Program Files\artmoney
    2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
    2007-10-14 20:52 -------- d-------- C:\Program Files\videolan
    2007-10-13 18:40 40 --a------ C:\WINDOWS\rsoftinfo.dat
    2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
    2007-10-11 20:07 -------- d-------- C:\Program Files\bittorrent
    2007-10-07 19:16 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
    2007-10-04 15:56 -------- d-------- C:\Program Files\ipod
    2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
    2007-09-22 21:42 -------- d-------- C:\Program Files\winamp
    2007-09-22 15:29 4 --a------ C:\WINDOWS\info147.sys
    2007-09-22 15:26 -------- d-------- C:\Program Files\Common Files\totem shared
    2007-09-17 20:04 -------- d-------- C:\Program Files\emule
    2007-09-17 20:04 -------- d-------- C:\Program Files\emule
    2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
    2007-09-11 16:12 -------- d-------- C:\Program Files\gamespy arcade
    2007-09-10 19:12 -------- d-------- C:\Program Files\urusoft
    2007-09-10 19:12 -------- d-------- C:\Program Files\urusoft
    2007-09-07 15:47 4 --a------ C:\WINDOWS\system32\proc-503976190.bin
    2007-09-04 19:06 0 -ra------ C:\logwmemory.bin
    2007-08-21 08:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-08-13 07:55 66872 --a------ C:\WINDOWS\system32\pnkbstra.exe
    2007-08-10 21:56 93128 --a------ C:\WINDOWS\system32\elbycdio.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "1A:Stardock TrayMonitor"="\"C:\\Program Files\\Common Files\\Stardock\\TrayServer.exe\""
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "LaunchApp"="Alaunch"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "RTHDCPL"="RTHDCPL.EXE"
    "SkyTel"="SkyTel.EXE"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 1"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
    "mspwr"="C:\\WINDOWS\\system32\\PuXpMan.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f3707da-e130-11db-9138-001921053f47}]
    Shell\AutoRun\command K:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\chkdsk.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Tarkistetaan Windows Live -ty”kalurivin p„ivitykset.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-11-10 23:50:14
    C:\ComboFix2.txt ... 07-11-10 22:59
     
  21. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    typo,ei lähteny

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö(katkoviivojen välis oleva) sinne:

    Tallenna nimellä ComboFix-Do.txt (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
     

Jaa tämä sivu