selain aukoo mainoksia (sis. hjt-login)

apj · 12.09.2006

Eli selain (Firefox) aukoo itsekseen mainos sivuja, välillä myös Internet Explorer selaimeen avautuu mainoksia. Ajoin Ad-awaren läpi jolloin löytyi jotain, mutta ongelma ei poistunut.
Jospa joku viitisisi vähän vilkasta mistä kiikastaa, kiitos.

Logfile of HijackThis v1.99.1
Scan saved at 20:57:55, on 12.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Norman\Nvc\BIN\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\rlvknlg.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\kozm\kozmm.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\kozm\kozma.exe
C:\Program Files\mIRC\mirc.exe
C:\Winamp\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ari-Pekka\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Uusi kansio\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_17.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [fnk260c3] RUNDLL32.EXE w04d01ed.dll,n 004260bf0000000a04d01ed
O4 - HKLM\..\Run: [newname] C:\\nwnmff_17.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kozm] C:\PROGRA~1\COMMON~1\kozm\kozmm.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\i4nm0e51eh.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

AfterDawn

-kemisti- · 13.09.2006

Poista ohjauspaneelista (lisää/poista sovellus):

Deskbar
Relevant Knowledge

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä uusi HjT-loki ja combofixin raportti.

Sebu92 · 13.09.2006

Ei se ole firefox, joka ne popupit avaa, vaan joku adware. Ikävä kyllä, en osaa tulkata hjt-logeja ainakaan riittävän hyvin.

Edit: Jaa, onneksi kemisti ehti apuun.

apj · 13.09.2006

Noniin, Relevant Knowledgen onnistuin poistamaan, mutta Deskbaria ei näkynyt listassa.

combofix raportti:

Ari-Pekka - 06-09-13 16:09:39,98
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Ari-Pekka\Ty”p”yt„

Microsoft Windows XP [versio 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{CF543371-0D05-42C8-949D-80DC7A56CCB3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF543371-0D05-42C8-949D-80DC7A56CCB3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF543371-0D05-42C8-949D-80DC7A56CCB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF543371-0D05-42C8-949D-80DC7A56CCB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2E2C9CB0-F3D1-4281-9FCD-962524B4B75D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E2C9CB0-F3D1-4281-9FCD-962524B4B75D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E2C9CB0-F3D1-4281-9FCD-962524B4B75D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E2C9CB0-F3D1-4281-9FCD-962524B4B75D}\InprocServer32]
@="C:\\WINDOWS\\system32\\pelstore.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BA8808BE-7DC7-4170-8FCE-F56D22155628}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA8808BE-7DC7-4170-8FCE-F56D22155628}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA8808BE-7DC7-4170-8FCE-F56D22155628}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA8808BE-7DC7-4170-8FCE-F56D22155628}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E645E07E-C7B0-411D-BE50-F3642A607777}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E645E07E-C7B0-411D-BE50-F3642A607777}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E645E07E-C7B0-411D-BE50-F3642A607777}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E645E07E-C7B0-411D-BE50-F3642A607777}\InprocServer32]
@="C:\\WINDOWS\\system32\\sxi.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{FC8FB38F-5600-416E-9891-95DFB96D57FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC8FB38F-5600-416E-9891-95DFB96D57FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC8FB38F-5600-416E-9891-95DFB96D57FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC8FB38F-5600-416E-9891-95DFB96D57FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\gndef.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2F7524A7-DCE9-4942-B2DC-74D0F00A4A0A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F7524A7-DCE9-4942-B2DC-74D0F00A4A0A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F7524A7-DCE9-4942-B2DC-74D0F00A4A0A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F7524A7-DCE9-4942-B2DC-74D0F00A4A0A}\InprocServer32]
@="C:\\WINDOWS\\system32\\VP6STKIT.DLL"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

FILES REMOVED:

C:\WINDOWS\system32\gp20l3fm1.dll
C:\WINDOWS\system32\ir0ml5d11.dll
C:\WINDOWS\system32\jt8807lue.dll
C:\WINDOWS\system32\VP6STKIT.DLL

Granting sedebugprivilege to Järjestelmänvalvojat ... successful

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\UDG50QA2\dfndrff_16[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\01230563\drsmartload46a[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\8DEVSTY3\drsmartload849a[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\UDG50QA2\drsmartload45a[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\UDG50QA2\kybrdff_15[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\UDG50QA2\kybrdff_16[1].exe
C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\UDG50QA2\nwnmff_16[1].exe
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\w002621b.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar

((((((((((((((((((((((((((((((( Files Created from 2006-08-13 to 2006-09-13 ))))))))))))))))))))))))))))))))))

2006-09-07 18:01 61,952 --a------ C:\WINDOWS\system32\fnk260c3.dll
2006-09-07 18:01 29,696 --a------ C:\WINDOWS\system32\w04d01ed.dll
2006-09-07 18:01 1,233 --a------ C:\WINDOWS\system32\fnk260c3.sys
2006-08-25 12:38 8 --a------ C:\WINDOWS\system32\CtSACKey.sys
2006-08-24 17:19 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-08-24 17:14 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-08-24 17:14 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-08-24 17:11 49,152 --a------ C:\WINDOWS\system32\ctpde.dll
2006-08-24 17:11 385,109 --a------ C:\WINDOWS\system32\ctjb2sp.dll
2006-08-24 17:11 32,768 --a------ C:\WINDOWS\system32\PdePgHlp.dll
2006-08-24 17:11 28,672 --a------ C:\WINDOWS\system32\PdeSrvps.dll
2006-08-24 17:11 28,672 --a------ C:\WINDOWS\system32\Jb4Inst.dll
2006-08-24 17:11 233,472 --a------ C:\WINDOWS\system32\CTPmsMan.dll
2006-08-24 17:11 200,704 --a------ C:\WINDOWS\system32\CTPdeSrv.exe
2006-08-24 17:11 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2006-08-24 17:11 143,360 --a------ C:\WINDOWS\system32\CTPmsWma.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-13 16:09 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-12 22:09 -------- d-------- C:\Program Files\mIRC
2006-09-12 16:59 -------- d-------- C:\Program Files\Lavasoft
2006-09-12 16:59 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Lavasoft
2006-09-11 18:37 -------- d-------- C:\Program Files\DC++
2006-09-10 21:36 -------- d-------- C:\Program Files\Common Files\kozm
2006-09-07 18:12 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Azureus
2006-09-07 18:00 -------- d-------- C:\Program Files\Common Files
2006-09-04 22:37 -------- d-------- C:\Program Files\Soulseek
2006-08-24 17:19 -------- d-------- C:\Program Files\Creative
2006-08-24 17:17 -------- d-------- C:\Program Files\Adobe
2006-08-24 17:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-18 22:29 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\LimeWire
2006-08-18 20:11 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Ahead
2006-08-18 20:02 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-18 19:58 -------- d-------- C:\Program Files\Nero
2006-08-18 19:52 -------- d-------- C:\Program Files\Ahead
2006-08-18 16:35 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\PC Suite
2006-08-17 18:32 -------- d-------- C:\Program Files\Nokia
2006-08-17 18:31 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-08-17 18:31 -------- d-------- C:\Program Files\Common Files\Nokia
2006-08-17 13:55 -------- d-------- C:\Program Files\Internet Explorer
2006-08-02 15:15 -------- d-------- C:\Program Files\Canon
2006-08-01 17:25 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\AdobeUM
2006-08-01 16:31 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Adobe
2006-07-29 21:57 -------- d-------- C:\Program Files\XviD
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"kozm"="C:\\PROGRA~1\\COMMON~1\\kozm\\kozmm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Norman ZANDA"="C:\\Norman\\Nvc\\BIN\\ZLH.EXE /LOAD /SPLASH"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinampAgent"="C:\\Uusi kansio\\Winamp\\winampa.exe"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.0002.1001\\fi\\msnappau.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"Adobe Photo Downloader"="\"C:\\Documents and Settings\\Ari-Pekka\\Omat tiedostot\\blaah\\phto\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"fnk260c3"="RUNDLL32.EXE w04d01ed.dll,n 004260bf0000000a04d01ed"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: Wed 13.09.2006 16:14:55.21
ComboFix.txt

Uusi HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 16:17:14, on 13.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Norman\Nvc\BIN\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\kozm\kozmm.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\kozm\kozma.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Ari-Pekka\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Uusi kansio\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fnk260c3] RUNDLL32.EXE w04d01ed.dll,n 004260bf0000000a04d01ed
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kozm] C:\PROGRA~1\COMMON~1\kozm\kozmm.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-kemisti- · 13.09.2006

Fixaa HjT:llä:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [fnk260c3] RUNDLL32.EXE w04d01ed.dll,n 004260bf0000000a04d01ed
O4 - HKCU\..\Run: [kozm] C:\PROGRA~1\COMMON~1\kozm\kozmm.exe

Käynnistä vikasietotilaan

Poista:

C:\Program Files\Common Files\kozm
C:\WINDOWS\system32\fnk260c3.dll
C:\WINDOWS\system32\w04d01ed.dll
C:\WINDOWS\system32\fnk260c3.sys

Käynnistä uudelleen.

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

Aja combofix uudestaan

Lähetä:

- uusi HjT-loki
- escanin tulokset
- combofixin raportti

apj · 13.09.2006

Jep.

eScan tulokset:

File C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\8DEVSTY3\ac3[1].txt infected by "Trojan-Downloader.Win32.Agent.awb" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari-Pekka\Local Settings\Temporary Internet Files\Content.IE5\8DEVSTY3\al3[1].txt infected by "Trojan-Downloader.Win32.Agent.aol" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari-Pekka\Omat tiedostot\Omat musiikkitiedostot\Skyforger\Zobena Dziesma\01 Sen dzirdeju, nu ieraugu.wma infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Ari-Pekka\Omat tiedostot\Omat musiikkitiedostot\Skyforger\Zobena Dziesma\07 Aiziedams perkons grauda.wma infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Ari-Pekka\Työpöytä\2006-02-02-2310-07\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Documents and Settings\Arttu\Local Settings\Temporary Internet Files\Content.IE5\QRIBEDCZ\mirc616[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PQN4XMN\ac3[1].txt infected by "Trojan-Downloader.Win32.Agent.awb" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PQN4XMN\drsmartload849a[1].exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PQN4XMN\kybrdff_17[1].exe infected by "Trojan-Downloader.Win32.VB.alg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LT80751\al3[1].txt infected by "Trojan-Downloader.Win32.Agent.aol" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LT80751\drsmartload45a[1].exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LT80751\loader[2].exe infected by "Trojan-Downloader.Win32.VB.agk" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\97BLGHI7\drsmartload46a[1].exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\PJXDC7Q1\deskbar[1].exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\PJXDC7Q1\loader[1].exe infected by "Trojan-Downloader.Win32.VB.agk" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Seppo\Local Settings\Temp\Temporary Internet Files\Content.IE5\PJXDC7Q1\nwnmff_17[1].exe infected by "Trojan-Downloader.Win32.Adload.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tuomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\2sqy42pt.default\Cache\71AA8828d01 infected by "Trojan-Downloader.Win32.Agent.alr" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tuomas\Työpöytä\Jotain saissee\Cdvd.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086942.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086943.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086944.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086950.exe infected by "Trojan-Downloader.Win32.Adload.ds" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086952.exe infected by "Trojan-Downloader.Win32.VB.agk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086969.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086977.exe infected by "Trojan-Downloader.Win32.VB.alg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0086995.exe infected by "Trojan-Downloader.Win32.Adload.fg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087014.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087032.exe tagged as not-a-virus:AdWare.Win32.RK.j. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087115.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087149.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087151.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087152.exe infected by "Trojan-Downloader.Win32.Adload.fg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087153.exe infected by "Trojan-Downloader.Win32.VB.alg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087155.exe infected by "Trojan-Downloader.Win32.Adload.fg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087156.exe infected by "Trojan-Downloader.Win32.VB.amb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087157.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087163.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087164.exe infected by "Trojan-Downloader.Win32.VB.agk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087165.exe infected by "Trojan-Downloader.Win32.Adload.ff" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087170.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087171.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087410.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087411.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087425.exe infected by "Trojan-Downloader.Win32.Agent.alr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087661.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087677.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087681.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087688.dll infected by "Trojan-Downloader.Win32.Agent.awb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087693.dll infected by "Trojan-Downloader.Win32.Agent.aol" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087694.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087717.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087718.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087719.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087720.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087787.dll infected by "Trojan-Downloader.Win32.Agent.awb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087789.dll infected by "Trojan-Downloader.Win32.Agent.aol" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087790.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087792.exe infected by "Trojan-Downloader.Win32.TSUpdate.r" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087794.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{8BCB98DD-3528-425A-9FC7-C6E37023EC2C}\RP219\A0087796.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

Uusi HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 0:25:23, on 14.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Norman\Nvc\BIN\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Nvc\BIN\ZLH.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\NORMAN\Nvc\Bin\niu.exe
C:\Documents and Settings\Ari-Pekka\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Documents and Settings\Ari-Pekka\Omat tiedostot\blaah\phto\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Combofix-raportti:

Ari-Pekka - 06-09-14 0:26:58,95
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Ari-Pekka\Ty”p”yt„

Microsoft Windows XP [versio 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-14 to 2006-09-14 ))))))))))))))))))))))))))))))))))

2006-08-25 12:38 8 --a------ C:\WINDOWS\system32\CtSACKey.sys
2006-08-24 17:19 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-08-24 17:14 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-08-24 17:14 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-08-24 17:11 49,152 --a------ C:\WINDOWS\system32\ctpde.dll
2006-08-24 17:11 385,109 --a------ C:\WINDOWS\system32\ctjb2sp.dll
2006-08-24 17:11 32,768 --a------ C:\WINDOWS\system32\PdePgHlp.dll
2006-08-24 17:11 28,672 --a------ C:\WINDOWS\system32\PdeSrvps.dll
2006-08-24 17:11 28,672 --a------ C:\WINDOWS\system32\Jb4Inst.dll
2006-08-24 17:11 233,472 --a------ C:\WINDOWS\system32\CTPmsMan.dll
2006-08-24 17:11 200,704 --a------ C:\WINDOWS\system32\CTPdeSrv.exe
2006-08-24 17:11 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2006-08-24 17:11 143,360 --a------ C:\WINDOWS\system32\CTPmsWma.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-13 23:33 -------- d-------- C:\Program Files\mIRC
2006-09-13 21:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-13 20:36 -------- d-------- C:\Program Files\Common Files
2006-09-12 16:59 -------- d-------- C:\Program Files\Lavasoft
2006-09-12 16:59 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Lavasoft
2006-09-11 18:37 -------- d-------- C:\Program Files\DC++
2006-09-07 18:12 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Azureus
2006-09-04 22:37 -------- d-------- C:\Program Files\Soulseek
2006-08-24 17:19 -------- d-------- C:\Program Files\Creative
2006-08-24 17:17 -------- d-------- C:\Program Files\Adobe
2006-08-24 17:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-18 22:29 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\LimeWire
2006-08-18 20:11 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Ahead
2006-08-18 20:02 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-18 19:58 -------- d-------- C:\Program Files\Nero
2006-08-18 19:52 -------- d-------- C:\Program Files\Ahead
2006-08-18 16:35 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\PC Suite
2006-08-17 18:32 -------- d-------- C:\Program Files\Nokia
2006-08-17 18:31 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-08-17 18:31 -------- d-------- C:\Program Files\Common Files\Nokia
2006-08-17 13:55 -------- d-------- C:\Program Files\Internet Explorer
2006-08-02 15:15 -------- d-------- C:\Program Files\Canon
2006-08-01 17:25 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\AdobeUM
2006-08-01 16:31 -------- d-------- C:\Documents and Settings\Ari-Pekka\Application Data\Adobe
2006-07-29 21:57 -------- d-------- C:\Program Files\XviD
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Norman ZANDA"="C:\\Norman\\Nvc\\BIN\\ZLH.EXE /LOAD /SPLASH"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.0002.1001\\fi\\msnappau.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: Thu 14.09.2006 0:29:18.59
ComboFix.txt
ComboFix2.txt

-kemisti- · 14.09.2006

Poista:

C:\Documents and Settings\Tuomas\Työpöytä\Jotain saissee\Cdvd.exe

Tyhjennä roskakori ja IE:n väliaikaistiedostot.

Putsaa järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Vielä ongelmia?

apj · 14.09.2006

Juu, ongelmat näyttäisivät kadonneen. Kiitokset.

-kemisti- · 14.09.2006

Hyvä homma ja ole hyvä

Kirjaudu tai liity jäseneksi

selain aukoo mainoksia (sis. hjt-login)

apj Member

-kemisti- Active member

Sebu92 Active member

apj Member

-kemisti- Active member

apj Member

-kemisti- Active member

apj Member

-kemisti- Active member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

selain aukoo mainoksia (sis. hjt-login)

apj Member

-kemisti- Active member

Sebu92 Active member

apj Member

-kemisti- Active member

apj Member

-kemisti- Active member

apj Member

-kemisti- Active member

Jaa tämä sivu

Hyödyllisiä hakuja