1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Hjt -loki

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi mik4k 04.12.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. Hujo

    Hujo Guest

    @kairis siintä keräämään pitkää listaa työkalukin on valmiina.
     
  2.  
  3. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Tuolla ne vielä näyttäisi olevan..

    Logfile of HijackThis v1.99.1
    Scan saved at 21:04:58, on 5.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6CB6EBBC-541E-3DAA-0256-058B77841450} - C:\WINDOWS\system32\jrewio.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\khfefdc.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O20 - Winlogon Notify: khfefdc - C:\WINDOWS\SYSTEM32\khfefdc.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
     
  4. Hujo

    Hujo Guest

    Joo tuo taitaa olla sulla aktiivisena AVG Anti-Spyware Guard

    avaa AVG Anti-Spyware
    • Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    • "Resident shield is", muuta tila active:sta inactive:ksi


    sitten uusi yritys Killboxsilla.
     
    Moderaattorin viimeksi muokkaama: 05.12.2006
  5. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Kyllä se on inactive-tilassa..
     
  6. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:34, on 5.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6CB6EBBC-541E-3DAA-0256-058B77841450} - C:\WINDOWS\system32\jrewio.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\khfefdc.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O20 - Winlogon Notify: khfefdc - C:\WINDOWS\SYSTEM32\khfefdc.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
     
  7. Hujo

    Hujo Guest

    Fixsaa pois
    O2 - BHO: (no name) - {6CB6EBBC-541E-3DAA-0256-058B77841450} - C:\WINDOWS\system32\jrewio.dll (file missing)

    entäs tuo toinen
     
  8. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Tuon C:\WINDOWS\system32\jrewio.dll sai killboxilla pois kun poisti yksinään, mutta tuohon C:\WINDOWS\SYSTEM32\khfefdc.dll killboxilla ei ollut vaikutusta :(

    Logfile of HijackThis v1.99.1
    Scan saved at 21:51:18, on 5.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\khfefdc.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O20 - Winlogon Notify: khfefdc - C:\WINDOWS\SYSTEM32\khfefdc.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
     
  9. Hujo

    Hujo Guest

    Niin sulla vilkutteli vihreetä single file.

    ajas tuo vundoo uudestaan sanooko se että ei löydy.
     
    Moderaattorin viimeksi muokkaama: 05.12.2006
  10. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Vihreetä vilkutteli myös All Files ja sitä valintaa olen myös käyttänyt.. VundoFix ei löydä mitään..

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:13:31 5.12.2006

    Listing files found while scanning....

    No infected files were found.
     
  11. Hujo

    Hujo Guest

    Tota se mun uneni tiesi, kun sen hereillä näin.
     
  12. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Jep :) Saisikohan AVG Anti-Spywarella tuota pois, jos uudestaan kokeilisi, menee hiukan aikaa vaan taas.. (Tuossa ketjussa AVG oli ainakin tunnistanut ja siirtänyt sen karanteeniin, vaikkakin tuon käyttäjän Hjt -lokissa tuosta ei ollut mainintaa O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\khfefdc.dll)
     
  13. Hujo

    Hujo Guest

    ajas tuosta

    Panda ActiveScan
    Linkki: http://www.pandasoftware.com/products/activescan.htm

    • Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta
    • Uusi ikkuna aukeaa, klikkaa Check Now-painiketta
    • Valitse maa, Country
    • Syötä kaupunki, State/Province
    • Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta
    • Valitse joko kotikäyttäjä Home User tai yritys Company
    • Klikkaa suurta Scan Now-painiketta
    • Jos ActiveX-komponentin asentamista kysytään, salli se.
    • Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja)
    • Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen
    • Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).


    Kattelen tässä tuota txt lokia.
     
    Moderaattorin viimeksi muokkaama: 05.12.2006
  14. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Tuollaisen lokin sylkäisi pihalle.

    Incident Status Location

    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\JKHFF.DLL
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\KHFEFDC.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\MLLJK.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\SSTTQ.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\DDAYA.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\SSQPN.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\PMNLK.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\VTUTT.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\DDAYW.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\AWVTS.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\PMNNO.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\DDCCB.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\JKKLL.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\VTSQR.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\JKHFE.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\PMNLL.DLL
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\JKKLM.DLL
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sisään\Työpöytä\SmitfraudFix\Process.exe
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.statcounter.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.burstnet.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.zedo.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.adrevolver.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[ad.yieldmanager.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.adopt.hbmediapro.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.adultfriendfinder.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.bravenet.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.fortunecity.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.maxserving.com/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.metriweb.be/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.realmedia.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[.xiti.com/]
    Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Sisään\Application Data\Mozilla\Firefox\Profiles\2eg1u6r5.default\COOKIES.TXT[www.virusbursters.com/]
    Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\KHFEFDC.DLL
    Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khfefdc.dll( 1)
    Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khfefdc.dll( 3)
    Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khfefdc.dll( 2)
    Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khfefdc.dll( 4)
     
  15. Hujo

    Hujo Guest

  16. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    [12/06/2006, 0:05:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sisään\Työpöytä\VirtumundoBeGone.exe" )
    [12/06/2006, 0:06:04] - Detected System Information:
    [12/06/2006, 0:06:04] - Windows Version: 5.1.2600, Service Pack 2
    [12/06/2006, 0:06:04] - Current Username: Sisään (Admin)
    [12/06/2006, 0:06:04] - Windows is in SAFE mode with Networking.
    [12/06/2006, 0:06:04] - Searching for Browser Helper Objects:
    [12/06/2006, 0:06:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [12/06/2006, 0:06:04] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/06/2006, 0:06:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/06/2006, 0:06:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/06/2006, 0:06:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/06/2006, 0:06:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/06/2006, 0:06:04] - BHO 4: {C671A733-A4AA-4B5F-8CEE-006242C457B5} ()
    [12/06/2006, 0:06:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/06/2006, 0:06:04] - Checking for HKLM\...\Winlogon\Notify\khfefdc
    [12/06/2006, 0:06:04] - Found: HKLM\...\Winlogon\Notify\khfefdc - This is probably Virtumundo.
    [12/06/2006, 0:06:04] - Assigning {C671A733-A4AA-4B5F-8CEE-006242C457B5} MSEvents Object
    [12/06/2006, 0:06:04] - BHO list has been changed! Starting over...
    [12/06/2006, 0:06:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [12/06/2006, 0:06:04] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/06/2006, 0:06:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/06/2006, 0:06:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/06/2006, 0:06:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/06/2006, 0:06:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/06/2006, 0:06:04] - BHO 4: {C671A733-A4AA-4B5F-8CEE-006242C457B5} (MSEvents Object)
    [12/06/2006, 0:06:04] - ALERT: Found MSEvents Object!
    [12/06/2006, 0:06:04] - Finished Searching Browser Helper Objects
    [12/06/2006, 0:06:04] - *** Detected MSEvents Object
    [12/06/2006, 0:06:04] - Trying to remove MSEvents Object...
    [12/06/2006, 0:06:05] - Terminating Process: IEXPLORE.EXE
    [12/06/2006, 0:06:05] - Terminating Process: RUNDLL32.EXE
    [12/06/2006, 0:06:05] - Disabling Automatic Shell Restart
    [12/06/2006, 0:06:05] - Terminating Process: EXPLORER.EXE
    [12/06/2006, 0:06:05] - Suspending the NT Session Manager System Service
    [12/06/2006, 0:06:05] - Terminating Windows NT Logon/Logoff Manager
    [12/06/2006, 0:06:06] - Re-enabling Automatic Shell Restart
    [12/06/2006, 0:06:06] - File to disable: C:\WINDOWS\system32\khfefdc.dll
    [12/06/2006, 0:06:06] - Renaming C:\WINDOWS\system32\khfefdc.dll -> C:\WINDOWS\system32\khfefdc.dll.vir
    [12/06/2006, 0:06:06] - File successfully renamed!
    [12/06/2006, 0:06:06] - Removing HKLM\...\Browser Helper Objects\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
    [12/06/2006, 0:06:06] - Removing HKCR\CLSID\{C671A733-A4AA-4B5F-8CEE-006242C457B5}
    [12/06/2006, 0:06:06] - Adding Kill Bit for ActiveX for GUID: {C671A733-A4AA-4B5F-8CEE-006242C457B5}
    [12/06/2006, 0:06:06] - Deleting ATLEvents/MSEvents Registry entries
    [12/06/2006, 0:06:06] - Removing HKLM\...\Winlogon\Notify\khfefdc
    [12/06/2006, 0:06:06] - Searching for Browser Helper Objects:
    [12/06/2006, 0:06:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [12/06/2006, 0:06:06] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/06/2006, 0:06:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/06/2006, 0:06:06] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/06/2006, 0:06:06] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/06/2006, 0:06:06] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/06/2006, 0:06:06] - Finished Searching Browser Helper Objects
    [12/06/2006, 0:06:06] - Finishing up...
    [12/06/2006, 0:06:06] - A restart is needed.
    [12/06/2006, 0:06:22] - Attempting to Restart via STOP error (Blue Screen!)



    Logfile of HijackThis v1.99.1
    Scan saved at 0:09:43, on 6.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
     
  17. Hujo

    Hujo Guest

    Miltäs se combofix näyttää uudestaan otettuna.
     
  18. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    Sis„„n - 06-12-06 0:23:55,00 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Sis„„n\Ty”p”yt„"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


    2006-12-05 22:54 276,532 ---hs---- C:\WINDOWS\system32\geedb.dll
    2006-12-05 22:53 <KANSIO> d-------- C:\WINDOWS\system32\ActiveScan
    2006-12-05 20:57 274,484 ---hs---- C:\WINDOWS\system32\gebyx.dll
    2006-12-05 20:40 274,484 ---hs---- C:\WINDOWS\system32\sstqp.dll
    2006-12-05 20:23 <KANSIO> d-------- C:\!KillBox
    2006-12-05 20:07 274,484 ---hs---- C:\WINDOWS\system32\vtutr.dll
    2006-12-05 17:50 274,484 ---hs---- C:\WINDOWS\system32\awvvt.dll
    2006-12-04 23:55 274,484 ---hs---- C:\WINDOWS\system32\gebya.dll
    2006-12-04 23:11 274,484 ---hs---- C:\WINDOWS\system32\awtst.dll
    2006-12-04 23:07 <KANSIO> d-------- C:\rename_this_folder_back_to_sUBs_
    2006-12-04 20:07 <KANSIO> d-------- C:\VundoFix Backups
    2006-12-04 19:54 274,484 ---hs---- C:\WINDOWS\system32\ddcya.dll
    2006-12-04 17:59 274,484 ---hs---- C:\WINDOWS\system32\vtutu.dll
    2006-12-04 17:16 90,164 ---hs---- C:\WINDOWS\system32\ddayy.dll
    2006-12-04 17:06 274,484 ---hs---- C:\WINDOWS\system32\ddabx.dll
    2006-12-04 04:41 274,484 ---hs---- C:\WINDOWS\system32\awtss.dll
    2006-12-04 01:53 274,484 ---hs---- C:\WINDOWS\system32\vtsqp.dll
    2006-12-03 23:52 274,484 ---hs---- C:\WINDOWS\system32\jkhhi.dll
    2006-12-03 23:06 274,484 ---hs---- C:\WINDOWS\system32\mlljh.dll
    2006-12-02 22:10 274,484 ---hs---- C:\WINDOWS\system32\jkklj.dll
    2006-12-02 20:09 274,484 ---hs---- C:\WINDOWS\system32\awvvw.dll
    2006-12-02 18:10 274,484 ---hs---- C:\WINDOWS\system32\pmnlm.dll
    2006-12-02 16:18 274,484 ---hs---- C:\WINDOWS\system32\sstqo.dll
    2006-12-02 12:45 274,484 ---hs---- C:\WINDOWS\system32\pmkhi.dll
    2006-12-02 02:31 276,532 ---hs---- C:\WINDOWS\system32\gebcd.dll
    2006-12-02 00:34 276,532 ---hs---- C:\WINDOWS\system32\ddccy.dll
    2006-12-02 00:14 276,532 ---hs---- C:\WINDOWS\system32\geeba.dll
    2006-12-01 23:23 276,532 ---hs---- C:\WINDOWS\system32\pmkjh.dll
    2006-12-01 16:21 274,484 ---hs---- C:\WINDOWS\system32\ssqrq.dll
    2006-12-01 16:06 274,484 ---hs---- C:\WINDOWS\system32\ddcyy.dll
    2006-12-01 15:55 274,484 ---hs---- C:\WINDOWS\system32\ddaby.dll
    2006-12-01 15:50 274,484 ---hs---- C:\WINDOWS\system32\mljgd.dll
    2006-12-01 12:27 704,564 ---hs---- C:\WINDOWS\system32\jkklm.dll
    2006-12-01 03:53 704,564 ---hs---- C:\WINDOWS\system32\pmnll.dll
    2006-12-01 01:55 704,564 ---hs---- C:\WINDOWS\system32\jkhfe.dll
    2006-12-01 00:47 <KANSIO> dr-h----- C:\Documents and Settings\Sis„„n\Application Data\SecuROM
    2006-11-30 23:56 704,564 ---hs---- C:\WINDOWS\system32\vtsqr.dll
    2006-11-30 21:54 704,564 ---hs---- C:\WINDOWS\system32\jkkll.dll
    2006-11-30 21:33 <KANSIO> d-------- C:\HijackThis
    2006-11-30 21:05 704,564 ---hs---- C:\WINDOWS\system32\ddccb.dll
    2006-11-30 18:41 704,564 ---hs---- C:\WINDOWS\system32\pmnno.dll
    2006-11-30 18:21 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-11-30 16:51 18,484 ---hs---- C:\WINDOWS\system32\jkkji.dll
    2006-11-30 16:41 704,564 ---hs---- C:\WINDOWS\system32\ddayw.dll
    2006-11-30 16:26 704,564 ---hs---- C:\WINDOWS\system32\vtutt.dll
    2006-11-30 15:40 704,564 ---hs---- C:\WINDOWS\system32\pmnlk.dll
    2006-11-30 15:02 704,564 ---hs---- C:\WINDOWS\system32\ssqpn.dll
    2006-11-30 14:23 704,564 ---hs---- C:\WINDOWS\system32\ddaya.dll
    2006-11-30 02:03 704,564 ---hs---- C:\WINDOWS\system32\ssttq.dll
    2006-11-30 00:02 704,564 ---hs---- C:\WINDOWS\system32\mlljk.dll
    2006-11-29 23:32 704,564 ---hs---- C:\WINDOWS\system32\jkhff.dll
    2006-11-29 23:28 4,290 --a------ C:\WINDOWS\system32\tmp.reg
    2006-11-29 22:06 <KANSIO> dr-h----- C:\$VAULT$.AVG
    2006-11-29 15:58 704,564 ---hs---- C:\WINDOWS\system32\awvts.dll
    2006-11-29 15:52 94,720 --a------ C:\WINDOWS\system32\nhmitnl.dll
    2006-11-29 15:52 40,973 --a------ C:\WINDOWS\system32\khfefdc.dll.vir
    2006-11-20 02:53 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-18 20:41 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2006-11-18 20:37 96,256 --a------ C:\WINDOWS\system32\drivers\sptddrv1.sys
    2006-11-18 20:37 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-11-17 22:49 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2006-11-17 12:49 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\Help
    2006-11-17 12:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-11-17 12:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-11-17 12:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-11-17 12:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-11-17 12:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-11-17 12:08 <KANSIO> d-------- C:\Program Files\Grisoft
    2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\AVG7
    2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2006-11-14 14:22 <KANSIO> d-------- C:\Program Files\Medieval II Total War Demo SE
    2006-11-14 14:22 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\InstallShield
    2006-11-12 16:03 <KANSIO> d-------- C:\Program Files\Ubisoft
    2006-11-12 15:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-11-12 14:25 <KANSIO> d-------- C:\Program Files\Hitman Blood Money Demo


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-30 18:37 294713 --a------ C:\Program Files\SolidWorks2005swxJRNL.BAK
    2006-10-26 17:10 -------- d-------- C:\Documents and Settings\Sis„„n\Application Data\SolidWorks
    2006-10-26 16:57 -------- d-------- C:\Program Files\Common Files\eDrawings2005
    2006-10-26 16:53 -------- d-------- C:\Program Files\Microsoft Office
    2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\SolidWorks Shared
    2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\Designer
    2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\Bluebeam Software
    2006-10-26 16:49 -------- d-------- C:\Program Files\SolidWorks2005
    2006-10-26 16:49 -------- d-------- C:\Program Files\Bluebeam Software
    2006-10-21 22:58 -------- d-------- C:\Program Files\Futuremark
    2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-09-13 08:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"=""
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
    @=""
    "Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 0"
    "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
    "Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "SkyTel"="SkyTel.EXE"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "anysee_TR"="C:\\Program Files\\anysee\\anysee-E30\\anysee_TR.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-06 0:26:03.53
    C:\ComboFix3.txt ... 06-12-04 20:38
    C:\ComboFix2.txt ... 06-12-04 23:10
    C:\ComboFix.txt ... 06-12-06 00:26
     
  19. Hujo

    Hujo Guest

    Escan

    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm

    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe

    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:

    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.


    ----------
    aja ton escanin jälkeen

    Ccleaner

    lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja puhistaja > tutki > putsaa oikea alakulma
    aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.

    Avg Anti-Spyware 7,5 ei näämä pysty päivittämään.
     
    Moderaattorin viimeksi muokkaama: 05.12.2006
  20. mik4k

    mik4k Member

    Liittynyt:
    04.12.2006
    Viestejä:
    25
    Kiitokset:
    0
    Pisteet:
    11
    File C:\Documents and Settings\Sisään\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\Documents and Settings\Sisään\Application Data\SecuROM\UserData\???????????p???????? infected by "BkCln.Unknown" Virus. Action Taken:
    File Renamed.
    File C:\Documents and Settings\Sisään\Application Data\SecuROM\UserData\???????????p??????????? infected by "BkCln.Unknown" Virus. Action Taken:
    File Renamed.
    File C:\System Volume Information\_restore{7BAA7848-8772-4E7B-9DC6-EB305C304C3B}\RP69\A0014478.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.


    Escanin aikana AVG Anti-Virus ilmoitti 8 kertaa "Trojan horse Downloader.Zlob":sta ja siirsi ne virus vaultiin..
     
  21. Hujo

    Hujo Guest

    Lataa NoLoptyöpöydällesi yhdestä seuraavista linkeistä...
    http://www.spywareedge.net/nolop/NoLop.exe

    1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    2.Tuplaklikkaa NoLop.exe ajaaksesi sen
    3.Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    5. Klikkaa "REBOOT"-painiketta.
    6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
     
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu