HjT loki tarjolla tarkasteltavaksi.

Vilema · Oct 8, 2005

Jotain ihme hommia tossa täytyy olla... Tiedä sit mitä.

Logfile of HijackThis v1.99.1
Scan saved at 15:22:19, on 8.10.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINNT\System32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\-\Työpöytä\DL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] winman32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ergrjwd] c:\winnt\ntiwaag.exe
O4 - HKCU\..\Run: [mpyjeco] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [saoqvkb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rcxnhlr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kwqaprq] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [expoakg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [elfvkli] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lhmulyf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [jnuupog] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gyhkajy] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [iytchrl] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mgidetc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dlrvuqp] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rfxpkdq] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ekwxttm] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rnyopqx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [iexxlyi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [srydale] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [qthqsts] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gojovtp] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhmfwcj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kkrlnwd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nbdvwjg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rlebkrg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [pspbwlf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ysywgtu] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [eofjqpy] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhbmtvk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fjobarg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [qmuomyw] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [pjnpprd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kohacdi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [scosbxj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yydelks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fcjfnju] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [defauwe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [wtsxrhd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xomvusf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [aedtvjj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ahqvohk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ydchyyr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fmyhqgx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [peoiwhy] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fjqwtbc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ugqfxly] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lyckack] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [jtrrkvl] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [hggcveo] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lfmales] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xqtbidj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [tpcjcgq] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yxaruks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [maclxgb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nkifunx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mucrbdo] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dkygnnv] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [vbmkcyg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [tjmmcfd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [tsdkmnw] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yuoysrb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [bmohcap] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhuuuge] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [avyhkkb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xfkkebe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kjpgfko] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dhoocxd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yfhkglc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [adjnrvi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [eupyctg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mvhxqoj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [oayjuwt] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yyswtqc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ymvvrqb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [laasfjf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fowfedk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ohckmya] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [bqihqgg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gfohswr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rsgikhm] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [attcflx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [vdthdto] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ychvwjc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [qdnvvdh] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ffxlwrt] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [iwutnkd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ithfmxa] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [pkxhxpo] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nxxyqgs] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dwjemqt] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [hwiboqf] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [oxcjgtu] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [wsicwlb] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [gncjjqv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jaibjgv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [bhurvtw] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [rdiwxrw] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [hrjlkje] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [cakhmoi] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [rdkimyb] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jmaecyp] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [ytfkrgg] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [xovjguk] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jnwtbmu] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [gheakcj] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [ysdcsxl] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [enwdjvv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [rxalwjc] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [vxydomr] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [byasglp] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [lwfdegi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [qohlxbs] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yklymvc] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [npjyqio] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [tvbidic] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [jsasiot] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [qdeviak] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [txjginj] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [nxqkrjv] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [whyhtqw] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ldwprig] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [slkjfwd] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wppvqhk] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [duyvsor] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [axbruyb] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [cuxmvow] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yifgkos] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ybviiem] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [pqbjidq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [sciurgj] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [isfuxaw] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ehrneew] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mahxaeg] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [cwxcbro] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [kixljua] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [qavtudr] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ceahwbm] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [gsqiwwk] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ikdpdwi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [vacdaqv] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mjpqphq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [nndupgi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [jkijnrp] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [aiqsfnj] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wfobkto] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [prjibde] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [plfqbta] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [permhlp] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [emdbfjr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [dvcadqd] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [pcbsofe] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [eflvqyn] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [kwrygkl] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [jsllumo] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [eocyymm] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [chyxenb] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [dauntre] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [kwkonkx] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [akonhgk] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [ppssxru] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [bkknjpr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [buvyodv] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [sutlydw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [plsfxmy] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [rolmdrw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [jabgapn] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [fksnlen] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [qjobfej] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [mbqtrpq] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [ukbtham] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [ywyieuh] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [htynywk] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [icphfui] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [bmvfxeg] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tywowdk] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [ccjvjjr] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [hpaxrld] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tucedbg] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [qcogvxn] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [nmbqnlk] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [jceovmt] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [aaplcer] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [dfeapxq] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [kawhjsa] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [mfokmko] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [jrgufbv] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [smtqhtw] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [lybibfn] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tyqbtyu] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [vrtqxkx] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [ltwhfwl] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [bbaljwp] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [btjhijy] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [uglgjks] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [rndsvdv] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [weuewxb] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [xapnagy] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [xavwchb] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [ahpnodc] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [ovpkgdf] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [tabwxbw] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [povoaqe] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [xifabwc] c:\winnt\fvcakyp.exe
O4 - HKCU\..\Run: [rbprkmo] c:\winnt\fvcakyp.exe
O4 - HKCU\..\Run: [lvabhgj] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [suiovpj] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [qgghetu] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [hvfgmpc] c:\winnt\rsserhn.exe
O4 - HKCU\..\Run: [qdkjkvj] c:\winnt\rsserhn.exe
O4 - HKCU\..\Run: [lftywqj] c:\winnt\rsserhn.exe
O4 - HKCU\..\Run: [luguhua] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [dbiupgw] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [vnrjmhe] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [cjphbuk] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [qtefbje] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [cbchkjm] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [suskrjh] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [splbtpr] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [cecjjvk] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [lwwqtyn] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [ybrmfyq] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [dmlfpsr] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [nmlupdp] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [vphmrvw] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [gtblpmx] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [wuuacxx] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [chganlu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [jwqjgut] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [nxmixmi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [wmwsnrf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [pqpdeyl] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [rgmqwye] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [msnpujo] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [btllgdw] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [usawfyf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [mwtbnef] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [lrackyt] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [dnhrcvf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tnxiffu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [ulpwjpc] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [aaebjua] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [rudlywb] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tlvslsi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [mpqtucf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [mkwfffc] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [lacroao] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [jfiduij] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tamlldv] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [gbchdgk] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [dsdusrt] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [ssgtywu] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [svvwopg] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [ynmungt] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [amepdtw] c:\winnt\ujdkkvn.exe
O4 - HKCU\..\Run: [huwotsj] c:\winnt\ujdkkvn.exe
O4 - HKCU\..\Run: [ptxfwbk] c:\winnt\odeuwpq.exe
O4 - HKCU\..\Run: [nmybhky] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [oxjekex] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [btqppaw] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [rtkegbw] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [fussxtj] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [otswbgl] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lcumrcf] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [tmoqhln] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [hhxbhkt] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [gbbcrwd] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lktieas] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [qpsxnqb] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [tjqliey] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [ivurvft] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [ybyvjvm] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [uydvwrt] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [difpcfy] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [hooukpu] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [akwucom] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [cynximh] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [sfynlid] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [hgouxbb] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [qmpwsab] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [jeneiwd] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [oqkxqir] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [tehemua] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [nnwwlwa] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [aapbxvq] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ogvftby] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [yihdwid] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [mfewyth] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [xkdwgsf] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ewqqbam] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [vekxpwd] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [qwxeupe] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [wodadmj] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [kjbhqhd] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [vujygfy] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [iuucyar] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [xbeetxc] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [cqhoslm] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [bqrwnjm] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [pfwyrue] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [wdmmsdw] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [datdgrm] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [nbamdni] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [cvjcecl] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [affsovk] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [vigtqnc] c:\winnt\towfcaj.exe
O4 - HKCU\..\Run: [iijupko] c:\winnt\towfcaj.exe
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128107058375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBBD619E-C530-41E2-A97F-DDA849BA2968}: NameServer = 85.255.113.131,85.255.112.20
O20 - Winlogon Notify: ATINotify - logonnfy.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

-kemisti- · Oct 8, 2005

Pöpöjen temmellyskenttä, jep

Haepas tuolta -> http://koti.mbnet.fi/pattaya1/escanmwav.htm eScan, asenna ja päivitä se ohjeiden mukaan. Tee sitten sillä skanni ja lähetä tänne "örkkitulokset" (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti). Lähetä myös sen jälkeen uusi HjT-loki, niin katotaan, mitä jäi jäljelle

Vilema · Oct 8, 2005

okkei... Kyllä mä ton jo arvasinkin. =) Palaan asialle piakkoin.

Vilema · Oct 8, 2005

Tossa olis toi E-Scan logi.

File C:\WINNT\FVCAKYP.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\GEALPJR.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\LKQAFFN.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\NTIWAAG.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\QCTUKDC.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\RSSERHN.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\TAPMLCE.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\YCAYBYH.0XE infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\system32\ggscpaaa.0xe infected by "Trojan-Dropper.Win32.Agent.qs" Virus. Action Taken: File Deleted.
File C:\WINNT\system32\HGQHP.0XE infected by "Trojan.Win32.DNSChanger.aa" Virus. Action Taken: File Deleted.
File C:\WINNT\system32\MSDOS.0IF infected by "Backdoor.Win32.Rbot.xt" Virus. Action Taken: File Renamed.
File C:\WINNT\system32\sagxbaaa.0xe infected by "Trojan.Win32.StartPage.abc" Virus. Action Taken: File Deleted.
File C:\WINNT\system32\vaffmaaa.0xe infected by "Trojan-Clicker.Win32.LowZones.c" Virus. Action Taken: File Deleted.
File C:\WINNT\system32\WINMAN32.0XE infected by "Backdoor.Win32.Rbot.xr" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\-\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3821a986-63fa1fca.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\-\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7b975c36-38adbc4c.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\-\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-1cf6d242.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\-\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-1249b3f2.zip infected by "Trojan.Java.ClassLoader.ai" Virus. Action Taken: File Deleted.
File C:\WINNT\Downloaded Program Files\gsda.dll tagged as not-a-virusownloader.Win32.SpyGame. No Action Taken.

Ja tossa olis uudestaan toi HjT logi... Tuntu jäävän kamaa.

Logfile of HijackThis v1.99.1
Scan saved at 16:42:20, on 8.10.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINNT\System32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\-\Työpöytä\DL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] winman32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mpyjeco] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rcxnhlr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [expoakg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lhmulyf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gyhkajy] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mgidetc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rfxpkdq] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rnyopqx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [srydale] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gojovtp] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kkrlnwd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rlebkrg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ysywgtu] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhbmtvk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [qmuomyw] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kohacdi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yydelks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [defauwe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xomvusf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ahqvohk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fmyhqgx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fjqwtbc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lyckack] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [hggcveo] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xqtbidj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yxaruks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nkifunx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dkygnnv] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [tjmmcfd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yuoysrb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhuuuge] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xfkkebe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dhoocxd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [adjnrvi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mvhxqoj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yyswtqc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [laasfjf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ohckmya] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gfohswr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [attcflx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ychvwjc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ffxlwrt] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ithfmxa] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nxxyqgs] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [hwiboqf] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [wsicwlb] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jaibjgv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [rdiwxrw] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [cakhmoi] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jmaecyp] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [xovjguk] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [gheakcj] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [enwdjvv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [vxydomr] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [lwfdegi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yklymvc] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [tvbidic] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [qdeviak] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [nxqkrjv] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ldwprig] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wppvqhk] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [axbruyb] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yifgkos] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [pqbjidq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [isfuxaw] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mahxaeg] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [kixljua] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ceahwbm] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ikdpdwi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mjpqphq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [jkijnrp] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wfobkto] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [plfqbta] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [emdbfjr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [pcbsofe] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [kwrygkl] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [eocyymm] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [dauntre] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [akonhgk] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [bkknjpr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [sutlydw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [rolmdrw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [fksnlen] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [mbqtrpq] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [ywyieuh] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [icphfui] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tywowdk] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [hpaxrld] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [qcogvxn] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [jceovmt] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [dfeapxq] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [mfokmko] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [smtqhtw] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tyqbtyu] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [ltwhfwl] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [btjhijy] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [rndsvdv] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [xapnagy] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [ahpnodc] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [tabwxbw] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [xifabwc] c:\winnt\fvcakyp.exe
O4 - HKCU\..\Run: [lvabhgj] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [qgghetu] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [qdkjkvj] c:\winnt\rsserhn.exe
O4 - HKCU\..\Run: [luguhua] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [vnrjmhe] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [qtefbje] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [suskrjh] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [cecjjvk] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [ybrmfyq] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [nmlupdp] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [gtblpmx] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [chganlu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [nxmixmi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [pqpdeyl] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [msnpujo] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [usawfyf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [lrackyt] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tnxiffu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [aaebjua] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tlvslsi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [mkwfffc] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [jfiduij] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [gbchdgk] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [ssgtywu] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [ynmungt] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [huwotsj] c:\winnt\ujdkkvn.exe
O4 - HKCU\..\Run: [nmybhky] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [btqppaw] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [fussxtj] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lcumrcf] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [hhxbhkt] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lktieas] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [tjqliey] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [ybyvjvm] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [difpcfy] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [akwucom] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [sfynlid] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [qmpwsab] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [oqkxqir] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [nnwwlwa] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ogvftby] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [mfewyth] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ewqqbam] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [qwxeupe] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [kjbhqhd] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [iuucyar] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [cqhoslm] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [pfwyrue] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [datdgrm] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [cvjcecl] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [vigtqnc] c:\winnt\towfcaj.exe
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128107058375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBBD619E-C530-41E2-A97F-DDA849BA2968}: NameServer = 85.255.113.131,85.255.112.20
O20 - Winlogon Notify: ATINotify - logonnfy.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

-kemisti- · Oct 8, 2005

Niin jäi juu

Siirrä ensin HjT omaan kansioon, vaikka näin:
C:\Documents and Settings\-\Työpöytä\DL\HijackThis.exe ->
C:\hjt\HijackThis.exe

Fixaa HjT:llä (klikkaa do a system scan only, merkkaa nämä ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O4 - HKLM\..\Run: [Microsoft Update 64 BIT] winman32.exe
O4 - HKCU\..\Run: [mpyjeco] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rcxnhlr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [expoakg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lhmulyf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gyhkajy] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mgidetc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rfxpkdq] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rnyopqx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [srydale] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gojovtp] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kkrlnwd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [rlebkrg] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ysywgtu] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhbmtvk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [qmuomyw] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [kohacdi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yydelks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [defauwe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xomvusf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ahqvohk] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fmyhqgx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [fjqwtbc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [lyckack] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [hggcveo] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xqtbidj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yxaruks] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nkifunx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dkygnnv] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [tjmmcfd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yuoysrb] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yhuuuge] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [xfkkebe] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [dhoocxd] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [adjnrvi] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [mvhxqoj] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [yyswtqc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [laasfjf] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ohckmya] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [gfohswr] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [attcflx] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ychvwjc] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ffxlwrt] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [ithfmxa] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [nxxyqgs] c:\winnt\ycaybyh.exe
O4 - HKCU\..\Run: [hwiboqf] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [wsicwlb] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jaibjgv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [rdiwxrw] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [cakhmoi] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [jmaecyp] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [xovjguk] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [gheakcj] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [enwdjvv] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [vxydomr] c:\winnt\ixgmjhs.exe
O4 - HKCU\..\Run: [lwfdegi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yklymvc] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [tvbidic] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [qdeviak] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [nxqkrjv] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ldwprig] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wppvqhk] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [axbruyb] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [yifgkos] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [pqbjidq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [isfuxaw] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mahxaeg] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [kixljua] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ceahwbm] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [ikdpdwi] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [mjpqphq] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [jkijnrp] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [wfobkto] c:\winnt\kvauamu.exe
O4 - HKCU\..\Run: [plfqbta] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [emdbfjr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [pcbsofe] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [kwrygkl] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [eocyymm] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [dauntre] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [akonhgk] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [bkknjpr] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [sutlydw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [rolmdrw] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [fksnlen] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [mbqtrpq] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [ywyieuh] c:\winnt\qctukdc.exe
O4 - HKCU\..\Run: [icphfui] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tywowdk] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [hpaxrld] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [qcogvxn] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [jceovmt] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [dfeapxq] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [mfokmko] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [smtqhtw] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [tyqbtyu] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [ltwhfwl] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [btjhijy] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [rndsvdv] c:\winnt\lkqaffn.exe
O4 - HKCU\..\Run: [xapnagy] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [ahpnodc] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [tabwxbw] c:\winnt\gealpjr.exe
O4 - HKCU\..\Run: [xifabwc] c:\winnt\fvcakyp.exe
O4 - HKCU\..\Run: [lvabhgj] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [qgghetu] c:\winnt\tapmlce.exe
O4 - HKCU\..\Run: [qdkjkvj] c:\winnt\rsserhn.exe
O4 - HKCU\..\Run: [luguhua] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [vnrjmhe] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [qtefbje] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [suskrjh] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [cecjjvk] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [ybrmfyq] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [nmlupdp] c:\winnt\gjjbnyf.exe
O4 - HKCU\..\Run: [gtblpmx] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [chganlu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [nxmixmi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [pqpdeyl] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [msnpujo] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [usawfyf] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [lrackyt] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tnxiffu] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [aaebjua] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [tlvslsi] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [mkwfffc] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [jfiduij] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [gbchdgk] c:\winnt\fcnxgmn.exe
O4 - HKCU\..\Run: [ssgtywu] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [ynmungt] c:\winnt\xieoqfg.exe
O4 - HKCU\..\Run: [huwotsj] c:\winnt\ujdkkvn.exe
O4 - HKCU\..\Run: [nmybhky] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [btqppaw] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [fussxtj] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lcumrcf] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [hhxbhkt] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [lktieas] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [tjqliey] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [ybyvjvm] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [difpcfy] c:\winnt\fcnvvpx.exe
O4 - HKCU\..\Run: [akwucom] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [sfynlid] c:\winnt\sqxmbld.exe
O4 - HKCU\..\Run: [qmpwsab] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [oqkxqir] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [nnwwlwa] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ogvftby] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [mfewyth] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [ewqqbam] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [qwxeupe] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [kjbhqhd] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [iuucyar] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [cqhoslm] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [pfwyrue] c:\winnt\awlkdsx.exe
O4 - HKCU\..\Run: [datdgrm] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [cvjcecl] c:\winnt\sxvpxem.exe
O4 - HKCU\..\Run: [vigtqnc] c:\winnt\towfcaj.exe
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBBD619E-C530-41E2-A97F-DDA849BA2968}: NameServer = 85.255.113.131,85.255.112.20

Laita piilotiedostot näkyviin , ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

winman32.exe (etsi Etsi-toiminnolla, ei välttämättä ole))
MSDOS.PIF (samat sanat kuin edelliseen)
c:\winnt\==>ycaybyh.exe<==
c:\winnt\==>ixgmjhs.exe<==
c:\winnt\==>kvauamu.exe<==
c:\winnt\==>qctukdc.exe<==
c:\winnt\==>lkqaffn.exe<==
c:\winnt\==>gealpjr.exe<==
c:\winnt\==>fvcakyp.exe<==
c:\winnt\==>tapmlce.exe<==
c:\winnt\==>rsserhn.exe<==
c:\winnt\==>gjjbnyf.exe<==
c:\winnt\==>fcnxgmn.exe<==
c:\winnt\==>xieoqfg.exe<==
c:\winnt\==>ujdkkvn.exe<==
c:\winnt\==>fcnvvpx.exe<==
c:\winnt\==>sqxmbld.exe<==
c:\winnt\==>awlkdsx.exe<==
c:\winnt\==>sxvpxem.exe<==
c:\winnt\==>towfcaj.exe<== (kaikkia näitä tuskin on, osan poisti eScan)
C:\WINNT\web\==>related.htm<==

Käynnistä uudestaan ja lähetä uusi HjT-loki.

Vilema · Oct 8, 2005

Tässä taas uus logi HjT:stä. Nyt näyttäis olevan ainakin lyhyempi. =) Eipä löytynyt noita tiedostoja vikasieto tilassa.

Logfile of HijackThis v1.99.1
Scan saved at 17:51:50, on 8.10.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINNT\System32\rundll32.exe
C:\HjT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128107058375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O20 - Winlogon Notify: ATINotify - logonnfy.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

-kemisti- · Oct 8, 2005

Hyvältä näyttää Tuon voit vielä poistaa vikasiedossa, unohdin äsken sanoa ton:

C:\WINNT\Downloaded Program Files\==>gsda.dll<==

Muuten kunnossa.

Vilema · Oct 8, 2005

Eli ei tässä muuta kun kiitos ja kumarrus sitten sinnepäin!
Alko kone tuntuu jotenkin "nopeammalta".

Eli kiitos vielä kerran. =)

Zipp2 · Oct 8, 2005

Merkkaa ja Fix:saa vielä tuo

O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exe

Log in or Sign up

HjT loki tarjolla tarkasteltavaksi.

Vilema Regular member

-kemisti- Active member

Vilema Regular member

Vilema Regular member

-kemisti- Active member

Vilema Regular member

-kemisti- Active member

Vilema Regular member

Zipp2 Regular member

Share This Page

Log in or Sign up

HjT loki tarjolla tarkasteltavaksi.

Vilema Regular member

-kemisti- Active member

Vilema Regular member

Vilema Regular member

-kemisti- Active member

Vilema Regular member

-kemisti- Active member

Vilema Regular member

Zipp2 Regular member

Share This Page

Useful Searches