HJT-Logi Tarkistettavaksi

Apexi_90 · 30.04.2007

Logfile of HijackThis v1.99.1
Scan saved at 8:51:05, on 30.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\winupd_KB57455861.exe
C:\WINDOWS\System32\winupd_KB68523586.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antti\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69 :3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {26FAFD75-1005-41F6-978D-178C00165C0B} - C:\WINDOWS\System32\urqopqq.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94618468-8ED1-4760-81C4-960B1ACB5758} - C:\WINDOWS\System32\ssttt.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\System32\ucogvttg.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ryidwnly.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8957af7e18724919900049af0cbad538
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8957af7e18724919900049af0cbad538
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173987022670
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173986999483
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {2A701917-D835-4E82-A976-BA434B34D3A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Tiedostot\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: ssttt - C:\WINDOWS\System32\ssttt.dll
O20 - Winlogon Notify: urqopqq - C:\WINDOWS\SYSTEM32\urqopqq.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

AfterDawn

Apexi_90 · 30.04.2007

Jos joku viitsisi katsoa tuon ja neuvoa mitä tehdä, kun en kovin hyvä koneen kanssa ole. Kone TODELLA hidas, netti katkeilee ja jotain mainoksia pukkaa jatkuvasti. Ja jos saa pyytää selkeitä ohjeita mitä tehdä sit.

Hujo · 30.04.2007

Poista lisää poista sovelutuksesta

Logitech Desktop Messenger

=======================

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

=================

1) Lataa VirtumundoBegone
2) Tallenna VirtumundoBeGone.exe työpöydällesi.
3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
4) Kun työkalu on valmis, käynnistä kone uudelleen

================

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

===============

Lähetä lokit tänne uudella hjt lokilla myös

Apexi_90 · 30.04.2007

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 9:10:50 30.4.2007

Listing files found while scanning....

C:\WINDOWS\system32\gebxyyy.dll
C:\WINDOWS\system32\ryidwnly.dll
C:\WINDOWS\System32\ssttt.dll
C:\WINDOWS\System32\tttss.bak1
C:\WINDOWS\System32\tttss.bak2
C:\WINDOWS\System32\tttss.ini
C:\WINDOWS\system32\ucogvttg.dll
C:\WINDOWS\system32\urqopqq.dll
C:\WINDOWS\system32\ylnwdiyr.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebxyyy.dll
C:\WINDOWS\system32\gebxyyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ryidwnly.dll
C:\WINDOWS\system32\ryidwnly.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ssttt.dll
C:\WINDOWS\System32\ssttt.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\tttss.bak1
C:\WINDOWS\System32\tttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\tttss.bak2
C:\WINDOWS\System32\tttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\tttss.ini
C:\WINDOWS\System32\tttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ucogvttg.dll
C:\WINDOWS\system32\ucogvttg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqopqq.dll
C:\WINDOWS\system32\urqopqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ylnwdiyr.ini
C:\WINDOWS\system32\ylnwdiyr.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urqopqq.dll
C:\WINDOWS\system32\urqopqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Apexi_90 · 30.04.2007

Logfile of HijackThis v1.99.1
Scan saved at 9:25:46, on 30.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Antti\ie_updater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Antti\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69 :3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94618468-8ED1-4760-81C4-960B1ACB5758} - C:\WINDOWS\System32\ssttt.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ryidwnly.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8957af7e18724919900049af0cbad538
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8957af7e18724919900049af0cbad538
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173987022670
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173986999483
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Tiedostot\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Hujo · 30.04.2007

Sitten Fixsataan

scannaa hjt:llä merkkaa alla olevat ja paina Fix checked

O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {94618468-8ED1-4760-81C4-960B1ACB5758} - C:\WINDOWS\System32\ssttt.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ryidwnly.dll",realset
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Noitten rivien eteen laitat pikkuseen neliöön ruksin ja sitten painat Fix checked nappia.

=========================

Laitan tähän vielä lisäää niin saat rauhassa tutkia asiaa.

Fixsataan lisää

scannaa hjt:llä merkkaa <- eli rivien eteen ne ruksit

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Paina Fix checked nappia

=======================

sitten laita piilotiedostot näkyviin

* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.

======================

käynnistä vikasietotilaan
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjä tilisi ja taas pikkunen ikkuna paina ok

======================

klikkaa hiiren oikenpuoleisella napilla käynnistä napin päällä > valitse resusinhallinta

klikkaa c:/ asemaa

etsi seuraavat polkua seuraten ja poista noi punasella merkityt kun löytyy. Katso tarkkaan että menee oikeen.

C:\wmplayer.dll
C:\WINDOWS\web\related.htm

joko suurempi jännitys lähti

=====================

käynnistä takasin normaaliin tilaan ja laita scannaten uusi hjt loki

====================

Tausta seuraajille tiedoksi: Putsataan ensin vähän ja sitten puututaan pariin tärkeään seikaan.
Myös sekin että näin alkuun lokin lähettäjä tottuu hakemaan ja poistamaan poistettavat.

Apexi_90 · 30.04.2007

avast varoittaa TROIJALAINEN LÖYTYNYT ja vaikka laitan poista ni aina uudelleen tulevat.

Haittaohjelman nimi: C:\WINDOWS\System32\winupd_KB04080293.exe
Haittaohjelman tyyppi: Win32:Agent-GKL [Trj],

C:\WINDOWS\System32\winupd_KB79488011.exe
Win32:Crypt-JN [Trj]

ja

C:\WINDOWS\System32\winupd_KB62074855.exe
Win32:Small-EPJ [Trj]

Onko näihin neuvoa mitä pitäisi tehdä??

Apexi_90 · 30.04.2007

Logfile of HijackThis v1.99.1
Scan saved at 11:15:10, on 30.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\Documents and Settings\Antti\ie_updater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Antti\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69 :3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8957af7e18724919900049af0cbad538
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8957af7e18724919900049af0cbad538
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173987022670
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173986999483
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Tiedostot\Settings\partnership.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Kaiken muun olen saanut tehtyä ohjeiden mukaan, mutta tuon AVG Anti-Spywaren kanssa hiukan ongelmia. Reports kohta tyhjä. Lukee vain "No Reports Available". Eli tuo kohta

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

Hujo · 30.04.2007

Tuo on se kohta

o Sitten "Reports" valikon alta:
Laajenna...

Minkä alta katsot nämä asetukset oikein.

o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

=============================

Ok, toi sun avasti ei näyttä ihan terveeltä.
http://files.avast.com/iavs4pro/setupfin.exe lataa se uudestaa
sitten otat nettipiuhan irti ja poistat vanhan ja asennat uuden

rekisteröi se myös
http://75.126.53.166/eng/home-registration.php
niin saat rekisteröinti avaimen sähköpostiisi

Fixsataan lisää

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Tiedostot\Settings\partnership.dll (file missing)

=============

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

============================

Windows XP Service Pack 1a:n <-- koneelle
http://www.microsoft.com/downloads/...79-fa3a-48bf-ade5-023443e29d78&DisplayLang=fi

===========================

laita sitten uusi hjt loki

Apexi_90 · 30.04.2007

File C:\WINDOWS\default.htm infected by "not-virus:Hoax.Win32.Renos.hg" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\msdtc_32.exe infected by "not-virus:Hoax.Win32.Renos.hg" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\tiayuplo.exe infected by "Trojan-Downloader.Win32.VB.att" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\1303[1] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\1303[2] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\1303[3] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\1303[4] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\1303[5] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\install_conga1[1] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\install_conga1[2] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\install_conga1[3] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\install_conga1[4] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\install_conga1[5] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\loader[1] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\loader[2] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5YJO1YN\loader[3] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\1303[1] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\1303[2] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\1303[3] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\1303[4] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\install_conga1[1] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\install_conga1[2] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\install_conga1[3] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\install_conga1[4] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\install_conga1[5] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1E3SH6J\loader[1] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\1303[1] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\1303[2] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\1303[3] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\install_conga1[1] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\install_conga1[2] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\install_conga1[3] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\install_conga1[4] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\install_conga1[5] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[1] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[2] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[3] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[4] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[5] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[6] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[7] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W56RS1QN\loader[8] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[1] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[2] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[3] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[4] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[5] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\1303[6] infected by "Trojan.Win32.Agent.oh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\install_conga1[1] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\install_conga1[2] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\install_conga1[3] infected by "Trojan.Win32.Crypt.g" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[1] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[2] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[3] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[4] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[5] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXAZC1ER\loader[6] infected by "Trojan-Dropper.Win32.Small.avu" Virus. Action Taken: File Deleted.
File C:\Ohjelmat\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Ohjelmat\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{5902BB77-5110-4F31-8D01-5CAAA2BE5900}\RP59\A0007282.exe infected by "not-virus:Hoax.Win32.Renos.hg" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{5902BB77-5110-4F31-8D01-5CAAA2BE5900}\RP59\A0007283.exe infected by "Trojan-Downloader.Win32.VB.att" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\drivers\ip6fw.sys infected by "Rootkit.Win32.Agent.dp" Virus. Action Taken: File Renamed.

Toivottavasti kopioin oikeasta kohtaan...

Hujo · 30.04.2007

aivan okeesta on kopioitu

===================

rummutetaas tuolla vielä

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
• Käynnistä tietokone
• Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
• Seuraavaksi pitäisi ilmestyä valikko
• Valitse valikosta vikasietotila.
• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

Apexi_90 · 30.04.2007

SDFix: Version 1.81

Run by Antti - ma 30.04.2007 - 14:52:07,37

Microsoft Windows XP [versio 5.1.2600]
"CSDVersion" does not exist!

Running From: C:\DOCUME~1\Antti\TYPYT~1\SDFix

Safe Mode:
Checking Services:

Name:
EXAMPLE
NDnet1
Runtime

ImagePath:
\??\C:\WINDOWS\System32\main.sys
\??\C:\WINDOWS\System32\ksys.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys

EXAMPLE - Deleted
NDnet1 - Deleted
Runtime - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\O1E3SH6J\33_1_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WXAZC1ER\33_1_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\BHO_1_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\O1E3SH6J\BHO_1_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\TPKTSK~1.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\TPKTSK~2.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\W56RS1QN\TPKTSK~1.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WXAZC1ER\TPKTSK~2.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WXAZC1ER\TPKTSK~3.HTM - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\CHIST_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\W56RS1QN\CHIST_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\G5YJO1YN\IS6734~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\O1E3SH6J\IS6734~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\W56RS1QN\SETUP_~1 - Deleted
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\W56RS1QN\SETUP_~2 - Deleted
C:\Documents and Settings\Antti\ie_updater.exe - Deleted
C:\WINDOWS\system32\CONFIG\SYSTEM~1\APPLIC~1\INSTALL.DAT - Deleted
C:\WINDOWS\system32\rpcc.exe - Deleted
C:\WINDOWS\system32\RunOnce1.t__ - Deleted
C:\WINDOWS\system32\RunOnce1.tm_ - Deleted
C:\WINDOWS\xpupdate.exe - Deleted

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Antti\TYPYT~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

Finished

Logfile of HijackThis v1.99.1
Scan saved at 14:58:19, on 30.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Antti\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69 :3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8957af7e18724919900049af0cbad538
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8957af7e18724919900049af0cbad538
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173987022670
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173986999483
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Auttaja · 30.04.2007

kopioi seuraavat rivit esim notepad:in

@echo off
sc stop MSIEUpdater_1
sc delete MSIEUpdater_1

Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a

Laita uusi Hijackthis logi

*************

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\Documents and Settings\Antti\ie_updater.exe

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

*********

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Hujo · 30.04.2007

Scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe (file missing)

======

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop "Microsoft IE Updater_1"
sc delete "Microsoft IE Updater_1"

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

===================

lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja puhistaja > tutki > putsaa oikea alakulma
aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.

==================

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

Auttaja · 30.04.2007

hujo turhan aikaseen puhdistelet järjestelmänpalautusta kun takaovi on koneella..

Apexi_90 · 30.04.2007

Logfile of HijackThis v1.99.1
Scan saved at 16:04:07, on 30.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antti\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69 :3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8957af7e18724919900049af0cbad538
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8957af7e18724919900049af0cbad538
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173987022670
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173986999483
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Antti\ie_updater.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Teinköhän homman oikeen, kun klikkas sitä fix.bat ni kävi vaan sellanen musta ikkuna joka katos... Käykö siitä CCleanerista versio v1.38.485??

Hujo · 30.04.2007

sieltä tulee aina se viimisin versio kun sen lataa.

juu se musta taulu vain vilahtaa se on ihan normaalia

Apexi_90 · 30.04.2007

ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Antti\Ty”p”yt„\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ihpawbfw.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\764.exe
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry1.dll
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\DOCUME~1\Antti\TYPYT~1\internet.lnk
C:\Program Files\bravesentry

((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))

2007-04-30 16:09 <KANSIO> d-------- C:\!KillBox
2007-04-30 12:07 <KANSIO> d-------- C:\Downloads
2007-04-30 12:07 <KANSIO> d-------- C:\Bases
2007-04-30 12:05 <KANSIO> d-------- C:\Kaspersky
2007-04-30 11:52 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 11:52 90,112 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-04-30 11:52 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 11:52 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-30 11:52 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 11:52 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 11:52 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 09:10 <KANSIO> d-------- C:\VundoFix Backups
2007-04-27 03:32 87,040 --a------ C:\WINDOWS\system32\winupd_KB57455861.exe
2007-04-27 03:32 53,248 --a------ C:\WINDOWS\system32\winupd_KB68523586.exe
2007-04-27 03:31 235,008 --a------ C:\WINDOWS\system32\winupd_KB00178364.exe
2007-04-27 03:01 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-26 02:44 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
2007-04-26 02:44 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\K„ynnist„-valikko
2007-04-22 22:46 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-04-22 22:46 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-04-22 22:46 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-22 03:44 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-21 11:46 <KANSIO> d-------- C:\DOCUME~1\Antti\Contacts
2007-04-21 11:45 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2007-04-21 11:45 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-04-21 11:44 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-04-17 01:22 <KANSIO> d-------- C:\Program Files\TVAnts
2007-04-13 03:06 <KANSIO> d-------- C:\Program Files\Sonera
2007-04-13 02:22 <KANSIO> d-------- C:\DOCUME~1\Antti\APPLIC~1\MSN6
2007-04-13 02:22 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-04-04 03:41 <KANSIO> d-------- C:\DOCUME~1\Antti\APPLIC~1\vlc
2007-04-04 03:34 <KANSIO> d-------- C:\Program Files\VideoLAN
2007-04-03 18:44 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-03 18:44 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-03 18:44 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-03 18:44 <KANSIO> d-------- C:\Program Files\Winamp
2007-03-31 23:02 <KANSIO> d-------- C:\Program Files\Common Files\SupportSoft
2007-03-31 23:02 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-03-31 22:54 50,944 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-03-31 22:54 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-03-31 22:54 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-03-31 22:50 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-31 22:50 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-31 22:50 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-31 22:49 <KANSIO> d-------- C:\Program Files\MUSICMATCH
2007-03-31 22:49 <KANSIO> d-------- C:\DOCUME~1\Antti\APPLIC~1\Musicmatch
2007-03-31 22:48 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-31 22:48 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-31 22:48 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-31 22:48 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-30 08:33 -------- d-------- C:\Program Files\dc++
2007-04-29 23:09 -------- d-------- C:\DOCUME~1\Antti\APPLIC~1\sopcast
2007-04-26 19:36 -------- d-------- C:\Program Files\pafpoker
2007-04-26 03:52 -------- d-------- C:\Program Files\sopcast
2007-04-20 05:22 -------- d-------- C:\Program Files\tvuplayer
2007-04-01 02:50 48670 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-04-01 02:50 283354 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-31 22:55 -------- d--h----- C:\Program Files\installshield installation information
2007-03-26 19:19 -------- d-------- C:\Program Files\cdburnerxp pro 3
2007-03-21 17:33 -------- d-------- C:\Program Files\ffdshow
2007-03-19 18:53 -------- d-------- C:\Program Files\ccleaner
2007-03-19 18:24 882 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-19 18:18 31232 --a------ C:\WINDOWS\updatetc.exe
2007-03-19 18:01 27136 --a------ C:\WINDOWS\salm.exe
2007-03-19 15:25 9984 --a------ C:\WINDOWS\2020search.dll
2007-03-19 15:25 8704 --a------ C:\WINDOWS\bjam.dll
2007-03-19 15:25 8448 --a------ C:\WINDOWS\system32\wer8274.dll
2007-03-19 15:25 32000 --a------ C:\WINDOWS\flt.dll
2007-03-19 15:25 31232 --a------ C:\WINDOWS\mssvr.exe
2007-03-19 15:25 30720 --a------ C:\WINDOWS\voiceip.dll
2007-03-19 15:25 28160 --a------ C:\WINDOWS\mspphe.dll
2007-03-19 15:25 24576 --a------ C:\WINDOWS\satmat.exe
2007-03-19 15:25 24320 --a------ C:\WINDOWS\pbar.dll
2007-03-19 15:25 24320 --a------ C:\WINDOWS\180ax.exe
2007-03-19 15:25 24064 --a------ C:\WINDOWS\saiemod.dll
2007-03-19 15:25 21760 --a------ C:\WINDOWS\stcloader.exe
2007-03-19 15:25 20736 --a------ C:\WINDOWS\swin32.dll
2007-03-19 15:25 20736 --a------ C:\WINDOWS\bokja.exe
2007-03-19 15:25 19712 --a------ C:\WINDOWS\bi.dll
2007-03-19 15:25 18944 --a------ C:\WINDOWS\vxddsk.exe
2007-03-19 15:25 18176 --a------ C:\WINDOWS\7search.dll
2007-03-19 15:25 16640 --a------ C:\WINDOWS\biprep.exe
2007-03-19 15:25 15360 --a------ C:\WINDOWS\wml.exe
2007-03-19 15:25 13824 --a------ C:\WINDOWS\2020search2.dll
2007-03-19 15:25 13568 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-03-19 15:25 12288 --a------ C:\WINDOWS\cdsm32.dll
2007-03-19 15:25 12032 --a------ C:\WINDOWS\system32\wml.exe
2007-03-19 15:25 11264 --a------ C:\WINDOWS\system32\msixu.dll
2007-03-19 15:24 12800 --a------ C:\WINDOWS\system32\user_32.dll
2007-03-19 15:24 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-03-19 15:24 0 --a------ C:\WINDOWS\grsa32.exe
2007-03-18 21:04 -------- d-------- C:\DOCUME~1\Antti\APPLIC~1\utorrent
2007-03-18 19:44 -------- d-------- C:\Program Files\webteh
2007-03-15 23:46 -------- d-------- C:\Program Files\realtek ac97
2007-03-15 23:30 -------- d-------- C:\Program Files\b2bpoker
2007-03-15 23:19 -------- d-------- C:\Program Files\sygate
2007-03-15 22:42 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-15 22:30 -------- d--h----- C:\Program Files\windowsupdate
2007-03-15 21:24 -------- d-------- C:\Program Files\messenger
2007-03-15 21:19 -------- d-------- C:\Program Files\microsoft frontpage
2007-03-15 21:18 0 -rahs---- C:\MSDOS.SYS
2007-03-15 21:18 0 -rahs---- C:\IO.SYS
2007-03-15 21:18 0 --a------ C:\CONFIG.SYS
2007-03-15 21:18 0 --------- C:\AUTOEXEC.BAT
2007-03-15 21:18 -------- d-------- C:\Program Files\online services
2007-03-15 21:17 -------- d-------- C:\Program Files\movie maker
2007-03-15 21:16 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-15 21:16 -------- d-------- C:\Program Files\windows nt
2007-03-15 21:16 -------- d-------- C:\Program Files\msn gaming zone
2007-03-15 21:16 -------- d-------- C:\Program Files\Common Files\mssoap
2007-03-15 21:11 62 --ahs---- C:\DOCUME~1\Antti\APPLIC~1\desktop.ini
2007-03-15 21:11 -------- d-------- C:\Program Files\Common Files\speechengines
2007-03-15 21:11 -------- d-------- C:\Program Files\Common Files\odbc
2007-02-21 22:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"AGRSMMSG"="AGRSMMSG.exe"
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"tgcmd"="\"C:\\Program Files\\Sonera\\InternetAvustaja\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Brave-Sentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tarkistetaan Windows Live -ty”kalurivin p„ivitykset.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 16:24:23
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-30 16:24:24
C:\ComboFix-quarantined-files.txt ... 07-04-30 16:24

Hujo · 30.04.2007

ei lähtenyt tuo pois otas tolla uudestaan

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop "Microsoft IE Updater_1"
sc delete "Microsoft IE Updater_1"

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

Noi lainaus merkit pitää olla mukana "

Apexi_90 · 30.04.2007

Nyt on kaikki tehty ohjeiden mukaan, mutta seuraava kohta jäi CCleanerin käytöstä epäselväksi.

aja puhistaja > tutki > putsaa oikea alakulma
aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.

Kirjaudu tai liity jäseneksi

HJT-Logi Tarkistettavaksi

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Auttaja Guest

Hujo Guest

Auttaja Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HJT-Logi Tarkistettavaksi

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Auttaja Guest

Hujo Guest

Auttaja Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Hujo Guest

Apexi_90 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja