Koneella joku System Integrity Scan Wizard haittaohjelma??? HJT-logi

Mikaatm · 26.11.2006

Tuollainen ohjelma yrittää alkaa ehdottaa asennusta? Ilmeisesti joku haittaohjelma. Ad-Awarella ja SpyBot:lla yrittetty poistaa tuloksetta ja myös F-secure ei löydä mitaan.

Tässä HJT-logi jos joku osaisi auttaa mitä tuolla pitää poistaa?

Logfile of HijackThis v1.99.1
Scan saved at 10:10:50, on 26.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Common Files\{29EF520F-088C-1035-0324-060507190166}\Update.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvham.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [DeleteDLL] cmd.exe /c del C:\PROGRA~1\COMMON~1\{39EF5~1\888Bar.dll > nul
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Kiitos jos joku viitsisi nähdä vaivaa ja auttaa avutonta.

AfterDawn

Mikaatm · 26.11.2006

Kertokaa joku onko tuossa listassa mitään ylimääräistä???

kelari · 26.11.2006

Nimeä C:\HJT\HijackThis.exe uudelleen näin C:\HJT\skanneri.exe ja lähetä uusi hjt logi

Mikaatm · 26.11.2006

Nimi muutettu ja tälläinen nyt:

Logfile of HijackThis v1.99.1
Scan saved at 15:48:21, on 26.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{29EF520F-088C-1035-0324-060507190166}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HJT\skanneri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\WINDOWS\system32\vorenbj.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D4FAE274-4AB4-43E4-AD48-0CEA6D6C4F65} - C:\WINDOWS\system32\nnnnmmj.dll
O2 - BHO: (no name) - {E817176D-6AC0-41BD-BABF-823A01085C90} - C:\WINDOWS\system32\awvvu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlad.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll
O20 - Winlogon Notify: nnnnmmj - C:\WINDOWS\SYSTEM32\nnnnmmj.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Mikaatm · 26.11.2006

Kuka ymmärtää mikä tuossa logissa on metsässä?

Hujo · 26.11.2006

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

• Tupla-klikkaa VundoFix.exe ajaaksesi sen.
• Klikkaa Scan for Vundo valintaa.
• Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
• Sinulta kysytään haluatko poistaa filut - klikkaa YES.
• Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
• Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
• Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

Lähetä:
C:\vundofix.txt loki
uusi hjt-loki

Mikaatm · 27.11.2006

Kiitoh neuvoista. Tein tuon ja nyt näyttää tältä:

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 7:10:54 27.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 11:20:17 27.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 17:40:13 27.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 17:57:54 27.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 18:20:09, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\HJT\skanneri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\xdbwtjtx.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CB06B9DA-1FA4-474A-A59E-4656FFF789DD} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {D4FAE274-4AB4-43E4-AD48-0CEA6D6C4F65} - C:\WINDOWS\system32\nnnnmmj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlad.dll,startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: nnnnmmj - C:\WINDOWS\SYSTEM32\nnnnmmj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Mikaatm · 27.11.2006

No noiden logien jälkeen kone näytti jo hyvältä, mutta seuraan uudelleen käynnistyksen jälkeen ei.

Eli koneen oikeassa alakulmassa on edelleen punainen pallo jonka sisällä on huutomerkki ja se on joku Spyware Detection alert...

Sitten välillä Internet Explorer ohjelma sammuu itsestään???

Tässä vielä uusi hjl logi:

Logfile of HijackThis v1.99.1
Scan saved at 19:50:05, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\skanneri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {411CCFC0-A7E7-44F4-B146-2739FF2A2501} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlad.dll,startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Mikaatm · 27.11.2006

Lisäksi http://a.as-eu.falkag.net/dat/dlv/aslframe.html?dat=659712&kid=321583&xl=0&yl=0&mod=111 tälläinen sivu aukee silloin tällöin

Hujo · 27.11.2006

aja vundofix uudestaan.

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

Aja escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm

lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe

päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:

Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

Lähetä
Vundofix raportti
Combofix rapotti
Smitfraudfi raportti
Escan loki virukset luukusta
Hjt-loki

Mikaatm · 28.11.2006

Kiitos neuvoista, tässä tulee rapotteja sitä mukaan kun kerkee käymään läpi.

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 17:53:35 28.11.2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

Mikaatm · 28.11.2006

Compaq_Omistaja - 06-11-28 18:08:16,60 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\components
C:\Program Files\Common Files\{29EF520F-088C-1035-0324-060507190166}
C:\Program Files\Common Files\{39EF520F-088C-1035-0324-060507190166}

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))

2006-11-28 17:50 <KANSIO> d-------- C:\Kaspersky
2006-11-27 23:15 <KANSIO> d--h-c--- C:\WINDOWS\ie7
2006-11-27 22:12 <KANSIO> d-------- C:\Program Files\Ultimate Defender
2006-11-27 21:59 <KANSIO> dr------- C:\Suosikit
2006-11-27 21:03 <KANSIO> d-------- C:\!KillBox
2006-11-27 18:31 88,340 --a------ C:\WINDOWS\system32\gvtusrvy.exe
2006-11-27 18:31 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\SearchToolbarCorp
2006-11-27 15:38 38,420 --a------ C:\WINDOWS\system32\xdbwtjtx.dll
2006-11-27 07:10 <KANSIO> d-------- C:\VundoFix Backups
2006-11-26 21:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2006-11-26 20:58 50,080 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-11-26 20:58 29,472 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-11-26 20:58 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2006-11-26 20:58 1,236,992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2006-11-26 20:58 1,187,840 --a------ C:\WINDOWS\system32\winsflt.dll
2006-11-26 20:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2006-11-26 20:03 <KANSIO> d-------- C:\Program Files\Common Files\Cisco Systems
2006-11-26 20:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2006-11-26 20:01 <KANSIO> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2006-11-26 20:01 <KANSIO> d-------- C:\Program Files\Network Associates
2006-11-26 20:01 <KANSIO> d-------- C:\Program Files\Common Files\Network Associates
2006-11-26 19:01 <KANSIO> d-------- C:\Security Task Manager
2006-11-26 19:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-11-26 15:48 40,973 ---hs---- C:\WINDOWS\system32\mljhifc.dll
2006-11-26 15:33 40,973 ---hs---- C:\WINDOWS\system32\byxxyaw.dll
2006-11-26 12:06 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-11-26 12:06 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2006-11-26 12:03 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 12:03 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2006-11-26 11:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 11:45 71,168 --a------ C:\WINDOWS\system32\drvlad.dll
2006-11-26 11:45 40,973 ---hs---- C:\WINDOWS\system32\khfgeda.dll
2006-11-26 08:07 40,973 ---hs---- C:\WINDOWS\system32\vtuuust.dll
2006-11-25 21:51 40,973 ---hs---- C:\WINDOWS\system32\nnnnmmj.dll
2006-11-25 21:34 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-25 21:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 20:39 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2006-11-25 20:12 <KANSIO> d-------- C:\HJT
2006-11-25 13:54 93,696 --a------ C:\WINDOWS\system32\vvdkkpe.dll
2006-11-25 13:54 71,680 --a------ C:\WINDOWS\system32\vorenbj.dll
2006-11-25 13:54 40,973 ---hs---- C:\WINDOWS\system32\rqrstur.dll
2006-11-15 07:30 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-15 07:29 <KANSIO> d-------- C:\d9d468335dedc8f79025
2006-11-10 19:28 19,537 --------- C:\WINDOWS\system32\drivers\BRPAR.SYS
2006-11-10 19:28 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2006-11-10 18:15 <KANSIO> dr------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Brother
2006-11-10 17:39 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-29 16:36 <KANSIO> d-------- C:\LVI

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-28 18:08 -------- d-------- C:\Program Files\Common Files
2006-11-27 23:19 -------- d-------- C:\Program Files\Internet Explorer
2006-11-27 22:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-26 21:41 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\F-Secure
2006-11-26 21:35 -------- d-------- C:\Program Files\F-Secure Internet Security
2006-11-26 20:47 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Lavasoft
2006-11-26 20:25 -------- d-------- C:\Program Files\F-Secure
2006-11-25 13:53 -------- d-------- C:\Program Files\DC++
2006-11-10 21:49 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-10 19:28 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-27 17:31 -------- d-------- C:\Program Files\Ifi
2006-10-27 17:31 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Ifi
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-01 20:11 24576 --a------ C:\WINDOWS\TEMPIadHide3.dll
2006-10-01 20:08 -------- d-------- C:\Program Files\Symantec
2006-10-01 20:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-01 07:48 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\PEX
2006-10-01 07:46 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\ispnews
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-05 19:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-05 19:29 249856 --------- C:\WINDOWS\Setup1.exe
2006-08-12 17:00 14702 --a------ C:\Documents and Settings\Compaq_Omistaja\Application Data\NMM-MetaData.db

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Ultimate Defender.install]
@="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\tinst3.exe\" continue"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"anysee_TR"="C:\\Program Files\\anysee\\anysee-E30\\anysee_TR.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"vvdkkpe.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Compaq_Omistaja\\Local Settings\\Application Data\\vvdkkpe.dll\",agkxvbc"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"News Service"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061127-191945-234
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
backup-20061127-191945-205
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\xdbwtjtx.dll
backup-20061127-191922-934
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
backup-20061127-191739-795
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
backup-20061127-191739-560
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061127-191617-198
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20061127-191606-662
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20061127-191530-212
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061127-191530-461
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
backup-20061127-191530-170
O2 - BHO: (no name) - {CB06B9DA-1FA4-474A-A59E-4656FFF789DD} - C:\WINDOWS\system32\awvvu.dll (file missing)
backup-20061127-003204-287
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
backup-20061127-003204-490
O20 - Winlogon Notify: nnnnmmj - C:\WINDOWS\SYSTEM32\nnnnmmj.dll
backup-20061127-003204-923
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-11-28 18:08:57.76
C:\ComboFix.txt ... 06-11-28 18:08

Mikaatm · 28.11.2006

SmitFraudFix v2.125

Scan done at 18:11:44,31, ti 28.11.2006
Run from C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Omistaja

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Omistaja\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Mikaatm · 28.11.2006

Tälläiset tuli siihen Virus Log Information kohtaan:

File C:\WINDOWS\system32\ishost.exe_tobedeleted infected by "Trojan-Downloader.Win32.Zlob.bat" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Compaq_Omistaja\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Ladatut Ohjelmat\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP140\A0016327.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP144\A0016785.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP150\A0020235.0ll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.

Ja tälläinen on nyt HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:42:55, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\kaspersky\mwavscan.com
c:\kaspersky\kavss.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\skanneri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Samaanaikaan kun escan pyöri niin F-secure 2007 ilmoitti muutamista viruksista/vakoiluohjelmista. Eristin/poistin niitä samaanaikaan.

Hujo · 28.11.2006

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)

käynnistä suorita kirjoita alla olevat ja jokaisen rivin jälkeen paina ok

sc stop McAfeeFramework
sc delete McAfeeFramework

Niin meinas jäädä

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella napi
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

Lähetä
hjt-loki

Onkos vielä Ongelmia?

Mikaatm · 28.11.2006

Kiitos neuvoista. Tässä uusin HJL-logi

Logfile of HijackThis v1.99.1
Scan saved at 22:39:19, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\skanneri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Muuten näyttää hyvältä, mutta ei välttämättä liity näihin asioihin, mutta Internet Explorer 7 selaimen kun käynnistää, niin voi joutua käynnistää useita kertoja ennenkuin käynnistyy... Sammuu itsestään ja kysyy lähetetäänkö virhe raportti. Onkohan joku buki ohjelmassa??? Mozilla Firefox toimii taas moitteitta.

Hujo · 28.11.2006

Niin löyty lokista lisää.

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

Poista vikasiedossa kansio

C:\Program Files\--> Network Associates <--

Tiedä nyt tuohon sanoa. Mutta poista seiska ja lataa uudestaan jos nuo örkit on sen haavoitanut.

Mikaatm · 29.11.2006

Miltäs nyt näyttää

Logfile of HijackThis v1.99.1
Scan saved at 7:19:38, on 29.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Poiston 7 version ja testaillaan nyt vanhalla 6 versiolla ja ladataan 7 uudestaan myöhemmin.

Hujo · 29.11.2006

aja combofix uudestaan

Mikaatm · 29.11.2006

Luulin jo päässen kans pöpöistä eroon mutta nyt tuli tälläinen ohjelma kuin Spyware Removal Wizard mikä ehdotti asennusta.

Ajoin combofix uudestaan tässä raportti. F-secure ilmoitti vaan kokoajan et järjestelmää yritettiin muuttaa jne...

Compaq_Omistaja - ke 29.11.2006 17:25:48,93 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2029-10-06 to 2029.11.2006 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Ultimate Defender.install]
@="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\tinst3.exe\" continue"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"anysee_TR"="C:\\Program Files\\anysee\\anysee-E30\\anysee_TR.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"vvdkkpe.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Compaq_Omistaja\\Local Settings\\Application Data\\vvdkkpe.dll\",agkxvbc"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"News Service"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: ke 29.11.2006 17:28:03,59
C:\ComboFix.txt ... 29.11.2006 17:28
C:\ComboFix2.txt ... 28.11.2006 18:08

Sitten postin F-securen hetkeksi pois käytöstä ja tässä toinen raportti.

Compaq_Omistaja - 06-11-29 17:30:15,37 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))

2006-11-28 18:16 <KANSIO> d-------- C:\Downloads
2006-11-28 18:16 <KANSIO> d-------- C:\Bases
2006-11-28 18:11 4,362 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-28 17:50 <KANSIO> d-------- C:\Kaspersky
2006-11-27 22:12 <KANSIO> d-------- C:\Program Files\Ultimate Defender
2006-11-27 21:59 <KANSIO> dr------- C:\Suosikit
2006-11-27 21:03 <KANSIO> d-------- C:\!KillBox
2006-11-27 18:31 88,340 --a------ C:\WINDOWS\system32\gvtusrvy.exe
2006-11-27 18:31 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\SearchToolbarCorp
2006-11-27 15:38 38,420 --a------ C:\WINDOWS\system32\xdbwtjtx.dll
2006-11-27 07:10 <KANSIO> d-------- C:\VundoFix Backups
2006-11-26 21:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2006-11-26 20:58 50,080 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-11-26 20:58 29,472 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-11-26 20:58 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2006-11-26 20:58 1,236,992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2006-11-26 20:58 1,187,840 --a------ C:\WINDOWS\system32\winsflt.dll
2006-11-26 20:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2006-11-26 20:03 <KANSIO> d-------- C:\Program Files\Common Files\Cisco Systems
2006-11-26 20:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2006-11-26 20:01 <KANSIO> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2006-11-26 20:01 <KANSIO> d-------- C:\Program Files\Common Files\Network Associates
2006-11-26 19:01 <KANSIO> d-------- C:\Security Task Manager
2006-11-26 19:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-11-26 15:48 40,973 ---hs---- C:\WINDOWS\system32\mljhifc.dll
2006-11-26 15:33 40,973 ---hs---- C:\WINDOWS\system32\byxxyaw.dll
2006-11-26 12:06 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-11-26 12:06 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2006-11-26 12:03 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 12:03 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2006-11-26 11:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 11:45 71,168 --a------ C:\WINDOWS\system32\drvlad.dll
2006-11-26 11:45 40,973 ---hs---- C:\WINDOWS\system32\khfgeda.dll
2006-11-26 08:07 40,973 ---hs---- C:\WINDOWS\system32\vtuuust.dll
2006-11-25 21:51 40,973 ---hs---- C:\WINDOWS\system32\nnnnmmj.dll
2006-11-25 21:34 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-25 21:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-25 20:39 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2006-11-25 20:12 <KANSIO> d-------- C:\HJT
2006-11-25 13:54 93,696 --a------ C:\WINDOWS\system32\vvdkkpe.dll
2006-11-25 13:54 71,680 --a------ C:\WINDOWS\system32\vorenbj.dll
2006-11-25 13:54 40,973 ---hs---- C:\WINDOWS\system32\rqrstur.dll
2006-11-15 07:30 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-15 07:29 <KANSIO> d-------- C:\d9d468335dedc8f79025
2006-11-10 19:28 19,537 --------- C:\WINDOWS\system32\drivers\BRPAR.SYS
2006-11-10 19:28 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2006-11-10 18:15 <KANSIO> dr------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Brother
2006-11-10 17:39 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-29 16:36 <KANSIO> d-------- C:\LVI

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-29 07:16 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 21:24 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-28 18:08 -------- d-------- C:\Program Files\Common Files
2006-11-26 21:41 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\F-Secure
2006-11-26 21:35 -------- d-------- C:\Program Files\F-Secure Internet Security
2006-11-26 20:47 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Lavasoft
2006-11-26 20:25 -------- d-------- C:\Program Files\F-Secure
2006-11-25 13:53 -------- d-------- C:\Program Files\DC++
2006-11-10 21:49 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-10 19:28 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-27 17:31 -------- d-------- C:\Program Files\Ifi
2006-10-27 17:31 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Ifi
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-01 20:11 24576 --a------ C:\WINDOWS\TEMPIadHide3.dll
2006-10-01 20:08 -------- d-------- C:\Program Files\Symantec
2006-10-01 20:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-01 07:48 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\PEX
2006-10-01 07:46 -------- d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\ispnews
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-05 19:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-05 19:29 249856 --------- C:\WINDOWS\Setup1.exe
2006-08-12 17:00 14702 --a------ C:\Documents and Settings\Compaq_Omistaja\Application Data\NMM-MetaData.db

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Ultimate Defender.install]
@="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\tinst3.exe\" continue"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"anysee_TR"="C:\\Program Files\\anysee\\anysee-E30\\anysee_TR.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"vvdkkpe.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Compaq_Omistaja\\Local Settings\\Application Data\\vvdkkpe.dll\",agkxvbc"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"News Service"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-11-29 17:31:05.57
C:\ComboFix.txt ... 06-11-29 17:31
C:\ComboFix2.txt ... 06-11-29 17:28
C:\ComboFix3.txt ... 06-11-28 18:08

Kirjaudu tai liity jäseneksi

Koneella joku System Integrity Scan Wizard haittaohjelma??? HJT-logi

Mikaatm Member

Mikaatm Member

kelari Regular member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Mikaatm Member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Hujo Guest

Mikaatm Member

Hujo Guest

Mikaatm Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Koneella joku System Integrity Scan Wizard haittaohjelma??? HJT-logi

Mikaatm Member

Mikaatm Member

kelari Regular member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Mikaatm Member

Mikaatm Member

Mikaatm Member

Hujo Guest

Mikaatm Member

Hujo Guest

Mikaatm Member

Hujo Guest

Mikaatm Member

Jaa tämä sivu

Hyödyllisiä hakuja