xinstall.exe? +hjt-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi JooE 22.09.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Koneelle pääsi paljon viruksia ja haitta ohjelmia pari päivää sitten..
    Tarkastuksen jälkeen otettu HJT-logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:08:21, on 22.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    D:\Stardock\TrayServer.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    D:\Avast\ashDisp.exe
    D:\DVD Solution\PowerDVD\PDVDServ.exe
    D:\Daemon tools\daemon.exe
    D:\Labtec\Webcam\LogiTray.exe
    D:\QuickTime\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\InstallShield\UpdateService\issch.exe
    D:\Winamp\winampa.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    D:\anysee\anysee_TR.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOUSE32A.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Avast\aswUpdSv.exe
    D:\Avast\ashServ.exe
    D:\Samurize\Client.exe
    C:\WINDOWS\system32\LVComS.exe
    D:\Delphi7\IB65\bin\ibguard.exe
    D:\Kerio\Personal Firewall 4\kpf4ss.exe
    D:\Rainlendar\Rainlendar.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Delphi7\IB65\bin\ibserver.exe
    D:\Avast\ashMaiSv.exe
    D:\Avast\ashWebSv.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    D:\Winamp\winamp.exe
    D:\FIREFOX\FIREFOX.EXE
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "D:\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [RemoteControl] "D:\DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Labtec\Webcam\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\QuickTime\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] D:\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "D:\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    O4 - HKLM\..\Run: [anysee_TR] D:\anysee\anysee_TR.exe
    [bold]O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Henryy\Työpöytä\Xinstall.exe[/bold]
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Adobe Gamma.lnk = D:\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Client Default.lnk = D:\Samurize\Client.exe
    O4 - Startup: CPUT1.lnk = ?
    O4 - Startup: Rainlendar.lnk = D:\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibserver.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL5 - Unknown owner - D:\MySQL\bin\mysqld-nt".exe (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    Huomasin ainakin yhden ohjelman mikä ei kuuluisi olla..
    Onko Xinstall.exe joku haittaohjelma?
     
  2.  
  3. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    hijackthis omaan kansioon C:\HJT\HijackThis.exe

    1. Lataa combofix.exe tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
  4. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Henryy - 06-09-23 13:34:51,18 Service Pack 2
    ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\Henryy\Ty”p”yt„"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Deskbar


    ((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


    2006-09-22 16:19 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-13 21:38 29,184 --a------ C:\WINDOWS\ActivIcon$$$.EXE
    2006-09-11 16:25 111,104 --a------ C:\WINDOWS\system32\uharc.exe
    2006-09-01 08:48 2,560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2006-08-23 04:27 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
    2006-08-23 04:21 221,184 --a------ C:\WINDOWS\system32\atikvmag.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-23 13:35 932 --a------ C:\ComboFix.txt
    2006-09-23 13:35 932 --a------ C:\ComboFix.txt
    2006-09-23 13:35 -------- dr------- C:\Program Files
    2006-09-23 13:35 -------- dr------- C:\Program Files
    2006-09-23 13:35 -------- d-------- C:\sUBs
    2006-09-23 13:35 -------- d-------- C:\sUBs
    2006-09-23 13:35 -------- d-------- C:\QooBox
    2006-09-23 13:35 -------- d-------- C:\QooBox
    2006-09-23 12:42 -------- d-------- C:\WINDOWS
    2006-09-23 12:42 -------- d-------- C:\WINDOWS
    2006-09-22 18:58 -------- d-------- C:\Documents and Settings\Henryy\Application Data\ATI
    2006-09-22 17:11 -------- d-------- C:\HJT
    2006-09-22 17:11 -------- d-------- C:\HJT
    2006-09-22 16:21 45 --a------ C:\TEST.XML
    2006-09-22 16:21 45 --a------ C:\TEST.XML
    2006-09-22 16:19 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-22 16:17 -------- d--hs---- C:\System Volume Information
    2006-09-22 16:17 -------- d--hs---- C:\System Volume Information
    2006-09-21 21:47 268 --ah----- C:\sqmdata00.sqm
    2006-09-21 21:47 268 --ah----- C:\sqmdata00.sqm
    2006-09-21 21:47 244 --ah----- C:\sqmnoopt00.sqm
    2006-09-21 21:47 244 --ah----- C:\sqmnoopt00.sqm
    2006-09-21 21:40 -------- d--hs---- C:\RECYCLER
    2006-09-21 21:40 -------- d--hs---- C:\RECYCLER
    2006-09-18 12:53 -------- d-------- C:\Documents and Settings\Henryy\Application Data\Rainlendar
    2006-09-08 13:13 62592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
    2006-09-05 19:47 -------- d-------- C:\Documents and Settings
    2006-09-05 19:47 -------- d-------- C:\Documents and Settings
    2006-09-05 18:59 -------- d-------- C:\Documents and Settings\Henryy\Application Data\.bittorrent
    2006-09-05 13:00 -------- d---s---- C:\Documents and Settings\Henryy\Application Data\Microsoft
    2006-09-01 18:14 -------- d-------- C:\Documents and Settings\Henryy\Application Data\MSN6
    2006-08-23 05:11 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
    2006-08-23 04:53 260096 --a------ C:\WINDOWS\system32\ati2dvag.dll
    2006-08-23 04:53 1723904 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
    2006-08-23 04:47 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2006-08-23 04:46 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
    2006-08-23 04:46 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
    2006-08-23 04:46 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
    2006-08-23 04:46 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
    2006-08-23 04:45 413696 --a------ C:\WINDOWS\system32\ati2evxx.exe
    2006-08-23 04:44 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
    2006-08-23 04:38 2401984 --a------ C:\WINDOWS\system32\ati3duag.dll
    2006-08-23 04:33 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
    2006-08-23 04:33 2510752 --a------ C:\WINDOWS\system32\ativvaxx.dll
    2006-08-23 04:24 5140480 --a------ C:\WINDOWS\system32\atioglxx.dll
    2006-08-23 04:19 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
    2006-08-23 04:14 290816 --a------ C:\WINDOWS\system32\ati2cqag.dll
    2006-08-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-21 12:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-16 20:01 4 --a------ C:\timestmp.tmp
    2006-08-16 20:01 4 --a------ C:\timestmp.tmp
    2006-08-08 19:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-08-06 13:08 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
    2006-08-05 18:25 85952 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
    2006-08-05 18:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-08-05 18:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-08-05 18:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-08-05 09:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-06-26 14:27 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "avast!"="D:\\Avast\\ashDisp.exe"
    "RemoteControl"="\"D:\\DVD Solution\\PowerDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "DAEMON Tools"="\"D:\\Daemon tools\\daemon.exe\" -lang 1033"
    "LogitechVideoRepair"="D:\\Labtec\\Webcam\\ISStart.exe"
    "LogitechVideoTray"="D:\\Labtec\\Webcam\\LogiTray.exe"
    "LogitechGalleryRepair"="D:\\Labtec\\Webcam\\ISStart.exe"
    "iTunesHelper"="\"D:\\QuickTime\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "ISUSPM Startup"="D:\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "ISUSScheduler"="\"D:\\InstallShield\\UpdateService\\issch.exe\" -start"
    "WinampAgent"="D:\\Winamp\\winampa.exe"
    "FLMOFFICE4DMOUSE"="C:\\Program Files\\ViewMate Wireless Mouse MW407\\MOffice.exe"
    "anysee_TR"="D:\\anysee\\anysee_TR.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
    "{0841F9D1-07C9-1035-1007-040810040166}"="\"D:\\{0841F9D1-07C9-1035-1007-040810040166}\\Update.exe\" mc-110-12-0000904"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20060922-171154-929
    R3 - URLSearchHook: (no name) - <default> - (no file)
    backup-20060922-171154-846
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

    Completion time: Sat 23.09.2006 13:36:49.65
    ComboFix.txt
     
  5. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Henryy\Työpöytä\Xinstall.exe

    laita tarvittaessa piilotiedostot näkyviin. ohje==> http://keskustelu.afterdawn.com/thread_view.cfm/248944
    mene vikasietotilaan. ohje==>
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    poista seuraavat:
    C:\Documents and Settings\Henryy\Työpöytä\==>Xinstall.exe <==


    Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

    Lähetä myös uus Hijack-logi.
     
  6. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Sori. Unohdin laittaa viestiä tänne, kun koneessa ei ole ilmennyt mitään ongelmia.
    Tässä kumminkin HJT-logi, jos sinne on jotain jo tullut lisää. :)

    Logfile of HijackThis v1.99.1
    Scan saved at 15:36:14, on 28.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    D:\Avast\ashDisp.exe
    D:\DVD Solution\PowerDVD\PDVDServ.exe
    D:\Daemon tools\daemon.exe
    D:\Labtec\Webcam\LogiTray.exe
    D:\QuickTime\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\InstallShield\UpdateService\issch.exe
    D:\Winamp\winampa.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    D:\anysee\anysee_TR.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOUSE32A.EXE
    D:\Samurize\Client.exe
    D:\Avast\aswUpdSv.exe
    D:\Avast\ashServ.exe
    D:\Rainlendar\Rainlendar.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\DOCUME~1\Henryy\LOCALS~1\Temp\{5C79F1DA-8A26-4135-B8C7-614F48728FF9}\CPUT1_101.exe
    D:\Delphi7\IB65\bin\ibguard.exe
    D:\Kerio\Personal Firewall 4\kpf4ss.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Delphi7\IB65\bin\ibserver.exe
    D:\Avast\ashMaiSv.exe
    D:\Avast\ashWebSv.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Winamp\winamp.exe
    D:\FIREFOX\FIREFOX.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [RemoteControl] "D:\DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Labtec\Webcam\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\QuickTime\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] D:\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "D:\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [anysee_TR] D:\anysee\anysee_TR.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Adobe Gamma.lnk = D:\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Client Default.lnk = D:\Samurize\Client.exe
    O4 - Startup: CPUT1.lnk = E:\Ohjelmia\CPUT1_101.exe
    O4 - Startup: Rainlendar.lnk = D:\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibserver.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL5 - Unknown owner - D:\MySQL\bin\mysqld-nt".exe (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  7. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    Javan päivitys ja välimuistin tyhjennys

    1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
    2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
    Niissä pitäisi olla seuraava kuva vieressä:
    3. Valitse kaikki entiset Java versiosi ja valitse Poista.
    4. Asenna uusin Java päivitys seuraavasta linkistä..
    5. Käynnistä kone uudelleen asennuksen jälkeen:

    http://java.sun.com/javase/downloads/index.jsp

    6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
    7. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
    8. Varmista että kaikki kolme valintaa ovat rastitettuja:

    Downloaded Applets
    Downloaded Applications
    Other Files

    9. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
    10. Klikkaa OK jättääksesi Java asetusikkunasi.

    Tiedätkö mikä tuo on? [bold]CPUT1_10 1.exe[/bold] jos et niin skannaa se jossain seuraavissa: HUOM! Löytyy näistä molemmista poluista:
    C:\DOCUME~1\Henryy\LOCALS~1\Temp\{5C79F1DA-8A26-4135-B8C7-614F48728FF9}\CPUT1_101.exe
    E:\Ohjelmia\CPUT1_101.exe
    elikkä tarkista molemmat.

    http://www.virustotal.com/flash/index_en.html
    http://virusscan.jotti.org/
    http://scanner.virus.org/
    Ja kerro tulos

    Ajoitko tuon:Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti). Sillä en ainakaan raporttia en ole saanut


    lähetä uusi hjt-loki
     
    Viimeksi muokattu: 30.09.2006
  8. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Tuo CPUT1_10 1.exe on työpöydällä oleva mittari.
    Tein päivitykset ja muut jutut.

    HJT-logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:32:05, on 4.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    D:\Avast\ashDisp.exe
    D:\DVD Solution\PowerDVD\PDVDServ.exe
    D:\Daemon tools\daemon.exe
    D:\Labtec\Webcam\LogiTray.exe
    D:\QuickTime\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\InstallShield\UpdateService\issch.exe
    D:\Winamp\winampa.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\ViewMate Wireless Mouse MW407\MOUSE32A.EXE
    D:\anysee\anysee_TR.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Avast\aswUpdSv.exe
    D:\Samurize\Client.exe
    D:\Avast\ashServ.exe
    C:\WINDOWS\system32\LVComS.exe
    D:\Rainlendar\Rainlendar.exe
    D:\Delphi7\IB65\bin\ibguard.exe
    D:\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\DOCUME~1\Henryy\LOCALS~1\Temp\{A3696E60-E7DA-4892-828D-EBD41E414739}\CPUT1_101.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Kerio\Personal Firewall 4\kpf4gui.exe
    D:\Delphi7\IB65\bin\ibserver.exe
    D:\Avast\ashMaiSv.exe
    D:\Avast\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\FIREFOX\FIREFOX.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [RemoteControl] "D:\DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Labtec\Webcam\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Labtec\Webcam\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\QuickTime\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] D:\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "D:\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [anysee_TR] D:\anysee\anysee_TR.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: Adobe Gamma.lnk = D:\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Client Default.lnk = D:\Samurize\Client.exe
    O4 - Startup: CPUT1.lnk = E:\Ohjelmia\CPUT1_101.exe
    O4 - Startup: Rainlendar.lnk = D:\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Delphi7\IB65\bin\ibserver.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL5 - Unknown owner - D:\MySQL\bin\mysqld-nt".exe (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


    Minulla on toinenkin kone, joka on vähän enemmän sekaisin. Voinko laittaa senkin HJt-login samaan ketjuun?

    Kiitos jo nyt tulleista ohjeista!
     
  9. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    loki näyttäis olevan ok.

    laita sen toisen koneen hjt-loki uuteen viestiketjuun, niin on sitten vapaata riistaa
     
  10. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Vieläkö sulla on se toinen kone? Pistä tähän ketjuun vaan tulemaan.
     
    Viimeksi muokattu: 06.10.2006
  11. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Juu on kone vielä, mutta se on n.20km päässä..
    Lähetän sen koneen login nyt viikonloppuna kunhan kerkiän.
     
  12. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Tässä olisi nyt sen toisen koneen HJT-logi. Kaikki turhat jutut voisi myös poistaa vaikka niistä ei olisikaan suurempaa haittaa, koska porukat käyttää tätä konetta enemmän kuin minä. Kattoo sitten jos jotain niistä tarviin.


    Logfile of HijackThis v1.99.1
    Scan saved at 16:38:27, on 7.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Avast\ashDisp.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\Java\jre1.5.0_06\bin\jusched.exe
    E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    E:\Avast\aswUpdSv.exe
    E:\Daemon Tools\daemon.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    E:\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    E:\Avast\ashServ.exe
    E:\Metacafe\MetacafeAgent.exe
    E:\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\oodag.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    E:\Avast\ashMaiSv.exe
    E:\Avast\ashWebSv.exe
    E:\Microsoft Office\Office\EXCEL.EXE
    E:\FIREFOX\FIREFOX.EXE
    C:\Program Files\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ATIPTA] E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148151661327
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148309592546
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NBService - Nero AG - E:\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

     
  13. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    uudelleen nimeä tuo C:\Program Files\HJT\HijackThis.exe vaikka scanneri.exe:ksi.
    Aja hijackthis uudestaan

    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    fixaa tämäkin, jos et ite ole sitä asettanut luotettuun alueseen.
    O15 - Trusted Zone: http://locator.cdn.imageservr.com

    näitä voit googlata ja poistaa tarpeettomat. mieleellään tuota kautta. käynnistä->suorita->kirjoita kenttään. msconfig ja siellä käynnistys välilehti. raksit pois tarpeettomien edestä
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"


    Javan päivitys ja välimuistin tyhjennys

    Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
    Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
    Niissä pitäisi olla seuraava kuva vieressä:
    Valitse kaikki entiset Java versiosi ja valitse Poista.
    Asenna uusin Java päivitys seuraavasta linkistä..

    http://java.sun.com/javase/downloads/index.jsp

    Rullaa alas kohteeseen Java Runtime Environment (JRE) 5.0 Update 9
    ja asenna se

    Käynnistä tietokoneesi uudelleen

    Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
    Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
    Varmista että kaikki kolme valintaa ovat rastitettuja:

    Downloaded Applets
    Downloaded Applications
    Other Files

    Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
    Klikkaa OK jättääksesi Java asetusikkunasi.


    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    • Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    • Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    • Käynnistä AVG Anti-Spyware.
    • Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
      • Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    • Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    • Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    • Sitten "Reports" valikon alta:
      • Laita täppi kohtaan "Automatically generate report after every scan"
      • Ota täppi pois kohdasta"Only if threats were found"
    • Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    • "Resident shield is", muuta tila active:sta inactive:ksi
    • Sulje ohjelma, ÄLÄ skannaa vielä.
    Käynnistä koneesi vikasietotilaan, http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    • Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    • Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    • Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

      Kun skannaus on valmis:
      TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    • Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    • Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
      [​IMG]
    • Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    • Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    • Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

    lähetä:
    uusi hjt- loki
    ewidon loki
     
    Viimeksi muokattu: 07.10.2006
  14. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    [bold]AVG:[/bold]

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 14:50:55 8.10.2006



    + Scan result:



    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036951.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036952.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036953.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036954.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036955.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036956.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036957.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{BA26FCEA-70BE-4C58-9F60-7B0C7B313047}\RP197\A0036958.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


    ::Report end

    [bold]HJT-logi:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 14:58:23, on 8.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Avast\ashDisp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    E:\Daemon Tools\daemon.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    E:\Java\jre1.5.0_09\bin\jusched.exe
    E:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    E:\Avast\aswUpdSv.exe
    E:\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    E:\Avast\ashServ.exe
    E:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    E:\Metacafe\MetacafeAgent.exe
    E:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\oodag.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Avast\ashMaiSv.exe
    E:\Avast\ashWebSv.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\FIREFOX\FIREFOX.EXE
    C:\Program Files\HJT\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08632FFD-6BFB-44B2-A8A6-94A8B1648AEC} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7FC265F7-7EE1-4F84-BBC1-CEB35CA28494} - C:\WINDOWS\addins\migact.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lfmyrfyn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ATIPTA] E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148151661327
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148309592546
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: migact - C:\WINDOWS\addins\migact.dll
    O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NBService - Nero AG - E:\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    Minkä takia käynnistyksessä ennen windowsin bootscreeniä(?) kone jää miettimään tai latailemaan jotain n.30 sekunniksi ja vasemmassa yläkulmassa vilkkuu viiva? Se on ollut jo jonkin aikaa enkä oo löytänyt vastausta siihen.

    Mikä voisi olla kun Firefox avaa itsekseen välilehteen aina silloin tällöin jonkun antiviruspro.com tyylisen sivun? Spybot eikä Ad-Aware löytänyt mitään.
     
    Viimeksi muokattu: 08.10.2006
  15. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Lataa

    Lataa VundoFix.exe työpöydällesi.
    • Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    • Klikkaa Scan for Vundo valintaa.
    • Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    • Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    • Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    • Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    • Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
    Viimeksi muokattu: 08.10.2006
  16. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    [bold]VundoFix V6.2.0[/bold]

    Checking Java version...
    Sun Java not detected
    Scan started at 15:34:16 8.10.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\frhgular.dll
    C:\WINDOWS\system32\htycgpcy.dll
    C:\WINDOWS\system32\knjlhdmn.dll
    C:\WINDOWS\system32\ovlnvitl.dll
    C:\WINDOWS\system32\pvlwjlmn.dll
    C:\WINDOWS\system32\vsoaqsyx.dll
    C:\WINDOWS\system32\ypysawrr.exe
    C:\WINDOWS\addins\migact.dll
    C:\WINDOWS\addins\tcagim.ini
    C:\WINDOWS\addins\tcagim.bak1
    C:\WINDOWS\addins\tcagim.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\frhgular.dll
    C:\WINDOWS\system32\frhgular.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\htycgpcy.dll
    C:\WINDOWS\system32\htycgpcy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knjlhdmn.dll
    C:\WINDOWS\system32\knjlhdmn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ovlnvitl.dll
    C:\WINDOWS\system32\ovlnvitl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pvlwjlmn.dll
    C:\WINDOWS\system32\pvlwjlmn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vsoaqsyx.dll
    C:\WINDOWS\system32\vsoaqsyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ypysawrr.exe
    C:\WINDOWS\system32\ypysawrr.exe Has been deleted!

    Attempting to delete C:\WINDOWS\addins\migact.dll
    C:\WINDOWS\addins\migact.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\addins\tcagim.ini
    C:\WINDOWS\addins\tcagim.ini Has been deleted!

    Attempting to delete C:\WINDOWS\addins\tcagim.bak1
    C:\WINDOWS\addins\tcagim.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\addins\tcagim.bak2
    C:\WINDOWS\addins\tcagim.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\addins\migact.dll
    C:\WINDOWS\addins\migact.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    [bold]Logfile of HijackThis v1.99.1[/bold]
    Scan saved at 15:53:42, on 8.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    E:\Avast\ashDisp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    E:\Daemon Tools\daemon.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    E:\Java\jre1.5.0_09\bin\jusched.exe
    E:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    E:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    E:\Metacafe\MetacafeAgent.exe
    E:\Avast\aswUpdSv.exe
    E:\Avast\ashServ.exe
    E:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    E:\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\oodag.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    E:\Kerio\Personal Firewall 4\kpf4gui.exe
    E:\Avast\ashMaiSv.exe
    E:\Avast\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\FIREFOX\FIREFOX.EXE
    C:\Program Files\HJT\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08632FFD-6BFB-44B2-A8A6-94A8B1648AEC} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7FC265F7-7EE1-4F84-BBC1-CEB35CA28494} - C:\WINDOWS\addins\migact.dll (file missing)
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lfmyrfyn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ATIPTA] E:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: MetaCafe.lnk = E:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148151661327
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148309592546
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NBService - Nero AG - E:\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  17. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
    O2 - BHO: (no name) - {08632FFD-6BFB-44B2-A8A6-94A8B1648AEC} - (no file)
    O2 - BHO: (no name) - {7FC265F7-7EE1-4F84-BBC1-CEB35CA28494} - C:\WINDOWS\addins\migact.dll (file missing)
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\lfmyrfyn.dll (file missing)
    O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)

    nuo yllä olevat , kun vielä fixaat niin loki on ok.
    siihen käynnistys juttuun en tiedä vastausta, mutta toivottavasti nyt pelaa paremmin, kun saatiin vundo pois.
     
  18. JooE

    JooE Member

    Liittynyt:
    22.09.2006
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Kiitos paljon nopeasta avusta! Nyt toimii paremmin.
     
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu