Hjt -loki

Nämä vundon dll:t olis varmaan ihan jees poistaa...

C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\nhmitnl.dll
C:\WINDOWS\system32\khfefdc.dll.vir

Sitä ennen piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

 

avaa Killbox ja täppi kohtaan Delete on Reboot
Sitte kopioi rivi tosta alapuolelta yhellä kertaa

C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\nhmitnl.dll
C:\WINDOWS\system32\khfefdc.dll.vir

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.


Kova homma yksitellen poistaa.

 

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Sisään\Työpöytä
[6.12.2006]
[13:58:16]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Ati
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Bluebeam Software
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Sisään\Application Data\Identities
C:\Documents and Settings\Sisään\Application Data\Ati
C:\Documents and Settings\Sisään\Application Data\Adobe
C:\Documents and Settings\Sisään\Application Data\Microsoft
C:\Documents and Settings\Sisään\Application Data\Macromedia
C:\Documents and Settings\Sisään\Application Data\Cyberlink
C:\Documents and Settings\Sisään\Application Data\Openoffice.org2
C:\Documents and Settings\Sisään\Application Data\Lavasoft
C:\Documents and Settings\Sisään\Application Data\Media Player Classic
C:\Documents and Settings\Sisään\Application Data\Mozilla
C:\Documents and Settings\Sisään\Application Data\Adobeum
C:\Documents and Settings\Sisään\Application Data\Thunderbird
C:\Documents and Settings\Sisään\Application Data\Sun
C:\Documents and Settings\Sisään\Application Data\Apple Computer
C:\Documents and Settings\Sisään\Application Data\Vlc
C:\Documents and Settings\Sisään\Application Data\Dwgeditor
C:\Documents and Settings\Sisään\Application Data\Solidworks
C:\Documents and Settings\Sisään\Application Data\Installshield
C:\Documents and Settings\Sisään\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Sisään\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Sisään\Application Data\Securom


Logfile of HijackThis v1.99.1
Scan saved at 14:07:12, on 6.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

Mites ootkos tehnyt tuolle -kemistin- pitkälle listalle mitään?

 

Jep Killboxilla laitoin menemään, ja kyllä ne kai pois on lähtenyt? Mitään virheitä Killbox ei ainakaan ilmoittanut..

 

Ota combofix loki uusi

 

Sis„„n - 06-12-06 14:20:35,75 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Sis„„n\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


2006-12-06 13:57 212 --a------ C:\delete.bat
2006-12-06 02:41 <KANSIO> dr-h----- C:\Documents and Settings\Sis„„n\Recent
2006-12-06 02:37 <KANSIO> d-------- C:\Program Files\CCleaner
2006-12-06 01:14 <KANSIO> d-------- C:\Downloads
2006-12-06 01:14 <KANSIO> d-------- C:\Bases
2006-12-06 01:12 <KANSIO> d-------- C:\Kaspersky
2006-12-05 22:53 <KANSIO> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-05 20:23 <KANSIO> d-------- C:\!KillBox
2006-12-04 23:07 <KANSIO> d-------- C:\rename_this_folder_back_to_sUBs_
2006-12-04 20:07 <KANSIO> d-------- C:\VundoFix Backups
2006-12-01 00:47 <KANSIO> dr-h----- C:\Documents and Settings\Sis„„n\Application Data\SecuROM
2006-11-30 21:33 <KANSIO> d-------- C:\HijackThis
2006-11-30 18:21 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-29 23:28 4,290 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-29 22:06 <KANSIO> dr-h----- C:\$VAULT$.AVG
2006-11-20 02:53 <KANSIO> d-------- C:\WINDOWS\Minidump
2006-11-18 20:41 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2006-11-18 20:37 96,256 --a------ C:\WINDOWS\system32\drivers\sptddrv1.sys
2006-11-18 20:37 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-17 22:49 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-17 12:49 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\Help
2006-11-17 12:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-17 12:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-17 12:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-17 12:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-17 12:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-17 12:08 <KANSIO> d-------- C:\Program Files\Grisoft
2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\AVG7
2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-17 12:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-14 14:22 <KANSIO> d-------- C:\Program Files\Medieval II Total War Demo SE
2006-11-14 14:22 <KANSIO> d-------- C:\Documents and Settings\Sis„„n\Application Data\InstallShield
2006-11-12 16:03 <KANSIO> d-------- C:\Program Files\Ubisoft
2006-11-12 15:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-12 14:25 <KANSIO> d-------- C:\Program Files\Hitman Blood Money Demo


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-30 18:37 294713 --a------ C:\Program Files\SolidWorks2005swxJRNL.BAK
2006-10-26 17:10 -------- d-------- C:\Documents and Settings\Sis„„n\Application Data\SolidWorks
2006-10-26 16:57 -------- d-------- C:\Program Files\Common Files\eDrawings2005
2006-10-26 16:53 -------- d-------- C:\Program Files\Microsoft Office
2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\SolidWorks Shared
2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-26 16:53 -------- d-------- C:\Program Files\Common Files\Bluebeam Software
2006-10-26 16:49 -------- d-------- C:\Program Files\SolidWorks2005
2006-10-26 16:49 -------- d-------- C:\Program Files\Bluebeam Software
2006-10-21 22:58 -------- d-------- C:\Program Files\Futuremark
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 08:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 0"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"anysee_TR"="C:\\Program Files\\anysee\\anysee-E30\\anysee_TR.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-06 14:23:32.60
C:\ComboFix3.txt ... 06-12-04 23:10
C:\ComboFix2.txt ... 06-12-06 00:26
C:\ComboFix.txt ... 06-12-06 14:23

 

Onko mun osalta jo homma ok? Tuossa vielä Hjt loki..

Logfile of HijackThis v1.99.1
Scan saved at 16:56:33, on 6.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HijackThis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F49040-255E-46B5-AF83-6D9012E661F2}: NameServer = 193.166.234.15,193.166.80.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.tut.fi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.tut.fi
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

Poista tuo java lisää poista sovelutuksesta ja lataa uusi linkistä.
Linkki
Rullaa alas kohteeseen Java Runtime Environment (JRE) 5.0 Update 10

Lokista ei näy mitään.