HJT-log. Invader?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by jpukki, Oct 15, 2007.

  1. jpukki

    jpukki Member

    Joined:
    Oct 15, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Norton IS 2005:tä loppui käyttöaika ja kun sain asennettua kaspersky IS 7.0 oli koneelle ehtinyt jo livahtaa malwarea vai liekkö viruksia.. Kaspersky ilmoittaa jokaisen käynnistyksen yhteydessä seuraavista:

    adware not-a-virus:AdWare.Win32.Virtumonde.ks File: C:\WINDOWS\Config\is68333.exe
    detected: adware not-a-virus:AdWare.Win32.Virtumonde.ks URL: http://www.johndrobinson.com/bigal/updates/is68333.exe
    detected: riskware Invader Running process: C:\WINDOWS\Config\wr-1-312.exe
    detected: riskware Invader Running process: C:\WINDOWS\Config\load.exe
    detected: riskware Invader Running process: C:\WINDOWS\Config\RBvBm2291.exe
    detected: riskware Invader Running process: C:\Installer.exe

    Vaikka tiedostot poistaa niin bootin jälkeen ne ovat taas ilmestyneet. Kaskpersky kyllä sammuttaa kyseiset prosessit.

    Tässä HJT-Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:44:25, on 15.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Tools\Razer\razerhid.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Tools\Razer\razerofa.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Tools\DAEMON Tools\daemon.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Tools\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\oodag.exe
    E:\pelit\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    C:\Tools\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Tools\Mozilla Firefox\firefox.exe
    C:\Tools\Spybot - Search & Destroy\SpybotSD.exe
    C:\Tools\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tools\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Tools\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Tools\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [razer] C:\Tools\Razer\razerhid.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Tools\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Tools\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ClockGen FSB 262.lnk = C:\Tools\ClockGen\CG-NVNF4.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Tools\BlueSoleil\BTNtService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\pelit\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Tools\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 6591 bytes
     
    jpukki, Oct 15, 2007
    #1
  2. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    " Käynnistä tietokone
    " Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    " Seuraavaksi pitäisi ilmestyä valikko
    " Valitse valikosta vikasietotila.

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    Hujo, Oct 15, 2007
    #2
  3. jpukki

    jpukki Member

    Joined:
    Oct 15, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Kaspersky:

    deleted: Trojan program Trojan-Downloader.Win32.Agent.dve File: C:\WINDOWS\tsitra.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
    not found: adware not-a-virus:AdWare.Win32.Virtumonde.ks Running module: is68333.exe\vtutqno.dll
    not found: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\WINDOWS\system32\vtutqno.dll
    detected: riskware Invader Running process: C:\WINDOWS\Config\is68333.exe
    detected: riskware Invader Running process: C:\WINDOWS\system32\lasse.exe
    deleted: Trojan program Trojan-Downloader.Win32.Agent.dve File: C:\Documents and Settings\Käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\K16N09AF\tsitra[1].exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX

    Nämä tulee joka kerta bootissa.


    SDFix: Version 1.109

    Run by K„ytt„j„ on ti 16.10.2007 at 11:51

    Microsoft Windows XP [versio 5.1.2600]

    Running From: C:\DOCUME~1\KYTTJ~1\TYPYT~1\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\tmp45.tmp - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Tools\\uTorrent\\utorrent.exe"="C:\\Tools\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "E:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="E:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "E:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="E:\\Pelit\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "E:\\Pelit\\FEARCombat\\FEARMP.exe"="E:\\Pelit\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "E:\\Pelit\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\Pelit\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\KYTTJ~1\TYPYT~1\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 30 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 19 Sep 2007 9,818 ...HR --- "C:\Documents and Settings\K„ytt„j„\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:59:24, on 16.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Tools\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\oodag.exe
    E:\pelit\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    C:\Tools\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Tools\Razer\razerhid.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Tools\Razer\razerofa.exe
    C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Tools\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Tools\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Tools\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tools\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Tools\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Tools\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [razer] C:\Tools\Razer\razerhid.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Tools\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Tools\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ClockGen FSB 262.lnk = C:\Tools\ClockGen\CG-NVNF4.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Tools\BlueSoleil\BTNtService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\pelit\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Tools\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 6748 bytes
     
    jpukki, Oct 16, 2007
    #3
  4. jpukki

    jpukki Member

    Joined:
    Oct 15, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Voinko fiksata HJT:lla seuraavat:

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\pelit\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Tools\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Nortonia minulla ei enää ole, MOHAta en pelaa netissä, MS-mesen olen poistanut ja tuo starwindservice on alcohol 120 kuuluva prosessi jota ei vissiin tarvita itse ohjelman käyttöön.

    Poistaako HJT tiedostot vai ainoastaan jotkut rekisterimerkinnät?
     
    jpukki, Oct 17, 2007
    #4
  5. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
    Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
    työpöydällesi.

    @echo off
    sc stop ”Symantec Core LC”
    sc delete ”Symantec Core LC”

    Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.


    Poista vikasiedossa kansio

    C:\Program Files\Common Files\Symantec Shared
     
    Hujo, Oct 17, 2007
    #5

Share This Page