Avast varottelee kovasti - HJT logi

Nyt kaivataan apua kannettavan siivoamiseen.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:50, on 25.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Apps\Avast4\aswUpdSv.exe
E:\Apps\Avast4\ashServ.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\O2Micro Oz128 Driver\o2flash.exe
E:\Apps\Avast4\ashMaiSv.exe
E:\Apps\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\Apps\Avast4\ashDisp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\TEMP\2CF6.tmp
E:\Apps\LAUNCH~1\LManager.exe
E:\Apps\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\TEMP\BN2.tmp
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\DOCUME~1\Osmo\LOCALS~1\Temp\RtkBtMnt.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Apps\Opera\Opera.exe
E:\WINDOWS\system32\wuauclt.exe
E:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {bd962bab-f429-460f-805b-b137087ab623} - E:\WINDOWS\system32\ddcCTMFU.dll
O4 - HKLM\..\Run: [avast!] E:\Apps\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] E:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [amd_dc_opt] E:\Apps\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LManager] E:\Apps\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPStart] E:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Apps\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210376111826
O17 - HKLM\System\CCS\Services\Tcpip\..\{A42E37FF-83EF-40F6-8C8A-657F47DB8233}: NameServer = 193.229.0.40,193.229.0.42
O20 - Winlogon Notify: crypt - E:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: ddcCTMFU - E:\WINDOWS\SYSTEM32\ddcCTMFU.dll
O20 - Winlogon Notify: winctrl32 - E:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Apps\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Apps\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Apps\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Apps\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - E:\Program Files\O2Micro Oz128 Driver\o2flash.exe

--
End of file - 4923 bytes

 

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

============

E:\HiJackThis\HijackThis.exe

Uudelleen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe