hjt logi. valkoset ikkunat jatkuvasti kone jumittaa taas.

nikozjr · Jul 13, 2008

kone o ruvennu tuppaamaan valkosta ruutu joka kerta esim kun käynistää mozilla,mese tai mitä tahansa. mitään vistaa ei ole vaan xp. teema on kyllä ollut vistasta. jotain vista härpäkkeitä näky olevan logissa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:20, on 13.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208015571687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8612 bytes

nikozjr · Jul 14, 2008

jaa-a

yaht · Jul 15, 2008

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

nikozjr · Jul 15, 2008

vastailkaan kuka kerkiää!

nikozjr · Jul 15, 2008

ComboFix 08-07-14.2 - HP_Omistaja 2008-07-15 14:05:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.675 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-15 to 2008-07-15 )))))))))))))))))
.

2008-07-13 14:20 . 2008-07-13 14:20 <KANSIO> d-------- C:\WINDOWS\system32\VIRepair
2008-07-12 21:03 . 2008-07-12 21:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 21:03 . 2008-07-12 21:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-07 19:36 . 2008-07-07 19:36 0 --a------ C:\WINDOWS\WB.ini
2008-07-07 19:34 . 2008-07-07 19:34 <KANSIO> d-------- C:\Program Files\Stardock
2008-07-06 08:55 . 2008-07-06 08:55 <KANSIO> d-------- C:\Program Files\TrueTransparency
2008-07-06 08:52 . 2008-07-06 08:52 78,942 --a------ C:\WINDOWS\Icon_2.ico
2008-07-01 21:12 . 2008-07-15 13:56 23 --a------ C:\Documents and Settings\HP_Omistaja\jagex_runescape_preferences.dat
2008-06-30 13:52 . 2008-06-30 13:52 <KANSIO> d-------- C:\Program Files\Logitech
2008-06-30 13:52 . 2008-06-30 13:52 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-06-30 12:09 . 2008-04-13 21:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-06-30 12:08 . 2008-04-14 19:12 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-30 12:08 . 2008-04-14 19:12 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-06-30 12:08 . 2008-04-14 19:12 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-06-30 12:08 . 2008-04-14 19:12 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-06-30 12:08 . 2008-04-14 19:11 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-30 12:08 . 2008-04-14 19:11 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-30 12:08 . 2008-04-14 19:12 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-06-30 12:08 . 2008-04-14 19:12 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-06-29 20:45 . 2008-06-29 20:46 7,279 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-29 20:44 . 2008-07-07 22:33 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-06-26 21:07 . 2008-06-26 21:07 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Ubisoft
2008-06-26 20:48 . 2008-06-26 20:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-26 20:47 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-26 20:47 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-26 20:47 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-26 20:47 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-26 20:47 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-26 20:34 . 2008-06-26 20:34 <KANSIO> d-------- C:\Program Files\Ubisoft
2008-06-26 20:34 . 2008-06-26 20:34 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\InstallShield
2008-06-26 20:31 . 2008-06-26 20:31 <KANSIO> d-------- C:\Program Files\MagicDisc
2008-06-26 20:31 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-26 20:23 . 2008-06-26 20:23 <KANSIO> d-------- C:\Program Files\MagicISO
2008-06-26 20:12 . 2008-06-26 20:12 <KANSIO> d-------- C:\Program Files\WinISO
2008-06-25 14:39 . 2008-07-14 16:40 <KANSIO> d-------- C:\Program Files\SwiftKit
2008-06-25 14:39 . 2008-06-25 14:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-06-24 17:04 . 2008-04-28 21:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2008-06-22 01:48 . 2008-06-22 01:48 1,136 --a------ C:\WINDOWS\system32\history.aaw
2008-06-21 23:45 . 2008-06-22 00:45 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-20 20:47 . 2008-06-20 20:47 246,784 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 20:47 . 2008-06-20 20:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-18 22:38 . 2008-07-13 14:48 <KANSIO> d-------- C:\Program Files\Teemat
2008-06-18 12:08 . 2008-07-14 20:06 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-18 00:01 . 2008-06-18 00:01 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Thunderbird
2008-06-18 00:01 . 2008-06-18 00:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-15 22:46 . 2006-04-21 18:48 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-06-15 22:46 . 2006-04-21 18:48 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-06-15 22:46 . 2004-12-15 03:30 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-15 22:46 . 2004-12-15 03:30 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-15 22:46 . 2006-04-21 18:51 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-15 22:46 . 2006-04-21 18:51 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-15 22:46 . 2004-12-15 03:30 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-15 22:46 . 2004-12-15 03:30 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-15 22:46 . 2008-04-13 04:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-15 22:46 . 2008-04-13 04:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-15 22:46 . 2008-04-13 04:21 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-15 22:46 . 2006-04-21 19:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2008-06-15 22:46 . 2006-04-21 18:55 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\SampleView
2008-06-15 22:46 . 2006-04-21 18:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Apple Computer
2008-06-15 22:46 . 2008-06-15 22:46 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-15 11:39 . 2008-06-15 11:39 <KANSIO> d-------- C:\Program Files\Avira

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 11:52 --------- d-----w C:\Program Files\Samurize
2008-07-13 11:43 --------- d-----w C:\Program Files\VentriloMIX
2008-07-13 09:57 --------- d-----w C:\Program Files\SpeedFan
2008-07-13 09:46 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\mIRC
2008-07-13 09:35 --------- d-----w C:\Program Files\mIRC
2008-07-12 22:54 --------- d-----w C:\Program Files\DC++
2008-07-12 18:02 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\PC Suite
2008-07-10 19:37 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\NoNameScript
2008-07-10 15:38 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Skype
2008-07-10 10:16 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\skypePM
2008-07-06 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 10:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 17:46 65,798 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-29 17:46 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-26 19:10 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\BitTorrent
2008-06-26 17:16 --------- d-----w C:\Program Files\CrossLoop
2008-06-21 20:23 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-06-21 14:40 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 20:14 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 19:36 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com
2008-06-15 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-14 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 19:53 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Nokia
2008-06-12 18:14 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Nokia Multimedia Player
2008-06-12 18:04 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-12 18:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-12 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-12 18:01 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-12 18:01 --------- d-----w C:\Program Files\Nokia
2008-06-12 18:01 --------- d-----w C:\Program Files\DIFX
2008-06-12 18:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-06-12 18:01 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-12 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-12 17:27 --------- d-----w C:\Program Files\Ahead
2008-06-12 17:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-12 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-11 12:20 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Ventrilo
2008-06-11 12:20 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\teamspeak2
2008-06-11 11:49 1,645,320 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-06-08 11:07 --------- d-----w C:\Program Files\Auslogics
2008-06-08 11:07 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Auslogics
2008-06-06 15:50 2,287,616 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-06-02 17:17 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\ViStart
2008-06-02 17:09 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Styler
2008-06-02 16:37 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\TuneUp Software
2008-06-01 19:21 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-01 19:12 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-01 17:30 --------- d-----w C:\Program Files\Sun
2008-06-01 17:29 --------- d-----w C:\Program Files\Java
2008-06-01 17:24 --------- d-----w C:\Program Files\Common Files\Java
2008-06-01 14:46 --------- d-----w C:\Program Files\Lavasoft
2008-06-01 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 08:43 54,809 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_31_11_41_29_small.dmp.zip
2008-05-31 08:43 54,468 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_31_11_41_20_small.dmp.zip
2008-05-30 13:12 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Grisoft
2008-05-30 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-29 19:32 --------- d-----w C:\Program Files\Windows Live
2008-05-29 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-29 19:16 --------- d-----w C:\Program Files\Steam
2008-05-29 15:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-29 14:25 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\IObit
2008-05-29 09:18 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-28 13:19 --------- d-----w C:\Program Files\Trend Micro
2008-05-27 16:03 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\DivX
2008-05-25 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-24 19:59 --------- d-----w C:\Program Files\DivX
2008-05-22 06:49 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-22 06:49 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\SystemRequirementsLab
2008-05-21 12:40 --------- d-----w C:\Program Files\Winamp
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 18:29 992 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\wklnhst.dat
2008-05-15 15:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 15:26 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 15:22 22,328 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\PnkBstrK.sys
2008-05-09 12:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-09 12:39 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-09 10:55 90,112 -c--a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:55 430,080 -c--a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:55 180,224 -c--a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:55 172,032 -c--a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 -c--a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,704 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 14:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-26 13:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 02:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 08:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 06:43 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 06:54 253952]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 07:17 90112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 03:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\Alcxmntr.exe]

C:\Documents and Settings\J„rjestelm„nvalvoja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoTBar.exe [2003-09-30 22:30:04 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-04-29 21:58 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Age of Empires II\\Age2_x1\\age2_x1.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\moope17\\counter-strike\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys [2005-01-07 10:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a981a38-e9bc-11d9-82c2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-07-15 11:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 14:07:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-15 14:07:53
ComboFix-quarantined-files.txt 2008-07-15 11:07:50

Pre-Run: 142,454,169,600 tavua vapaana
Post-Run: 142,448,644,096 tavua vapaana

285 --- E O F --- 2008-07-09 10:13:47

nikozjr · Jul 15, 2008

hjt logi uudestaan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:06, on 15.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208015571687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7295 bytes

yaht · Jul 15, 2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

nikozjr · Jul 15, 2008

Malwarebytes' Anti-Malware 1.20
Tietokantaversio: 957
Windows 5.1.2600 Service Pack 3

23:36:14 15.7.2008
mbam-log-7-15-2008 (23-36-14).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 108108
Kulunut aika: 23 minute(s), 50 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:42, on 15.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208015571687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7524 bytes

nikozjr · Jul 16, 2008

up

nikozjr · Jul 21, 2008

En oikeen ollut tyytyväinen tohon Malwarebytes scanneriin ei löytänyt mitään mut joku ihme scanneri löyti het 6 tuholaista...

(kuva vaan et uskotte)

tuli semmonen ongelma että en voi poistaa enää näitä ohjelmia:
Auslogics disk
Auslogics registry.
koska ne viirukset oli noissa ohjelmmissa tuo scanneri laitto quarantineen ne uninstal tiedostot koitin lisää poista sovelluksesta ne hävis sieltä valittaen tämmöstä "ohjelmaa ei ehkä ole poistettu"..
mil ilveellä saisin noi kyseiset ohjelmat pois. ne toimii edelleen.. mut ei innosta käyttää..

nikozjr · Jul 22, 2008

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:11, on 22.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eEye Digital Security\Blink\blinksvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eEye Digital Security\Blink\BLINK.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\L2007tmp\Install.exe" /SETUP:"/l0x000b"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: Blink.lnk = C:\Program Files\eEye Digital Security\Blink\BLINK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208015571687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {72D50253-BE71-4c85-9B38-6331E5AD1499} - C:\Program Files\eEye Digital Security\Blink\IEMimeFilter.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eEye Blink Engine (blinksvc) - eEye Digital Security - C:\Program Files\eEye Digital Security\Blink\blinksvc.exe
O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8092 bytes

kaipaan pikaista apua avira ilmottelee kokoajan trojjailaista ja muista tänään tullu 8ilmotusta.

nikozjr · Jul 22, 2008

Sain poistettua 6 troijjaa luulen niin.. tarkistetaan viellä!

hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:35, on 22.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208015571687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7671 bytes

nikozjr · Jul 23, 2008

Edelleen jumittaa. aijoin spybotin läpi pari kertaa se löysi 3troijjaa ja poistin ne.

onko muuten missään semmosta aihetta jossa neuvvotaan käyttämään hijacthis ohjelmaa? olis kiva itekkin oppia!

Log in or Sign up

hjt logi. valkoset ikkunat jatkuvasti kone jumittaa taas.

nikozjr Guest

nikozjr Guest

yaht Regular member

nikozjr Guest

nikozjr Guest

nikozjr Guest

yaht Regular member

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

Share This Page

Log in or Sign up

hjt logi. valkoset ikkunat jatkuvasti kone jumittaa taas.

nikozjr Guest

nikozjr Guest

yaht Regular member

nikozjr Guest

nikozjr Guest

nikozjr Guest

yaht Regular member

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

nikozjr Guest

Share This Page

Useful Searches