Kansiot sammuvat eikä työpöytä toimi, HJT-logi

Eli kuten otsikko sanoo, tietokoneen käynnistyessä koko työpöytä ja käynnistä-valikko katoavat ruudulta sekä Windows Explorerissa avatut kansiot sammuvat hetken auki oltuaan.

Sain juuri poistettua vundo.gen58-viruksen, jonka jälkeen alkoi välittömästi tämä esitelty oireilu. Olisin todella kiitollinen avusta.

Tuossa on myös HJT-log, jos siitä olisi vaikka apua.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:10:43, on 27.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Users\Otto ja Niko\Desktop\HiJackThis_v2.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {efebeb1b-86de-adb9-fb34-c748571051e2} - {2e150175-847c-43bf-9bda-ed68b1bebefe} - C:\Windows\system32\mcbedkfl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {91C87EC9-1385-46D6-87C7-F9777A9996C8} - C:\Windows\system32\xxwxu.dll (file missing)
O2 - BHO: (no name) - {A81300E9-7843-4AC1-B288-99A037D1FD79} - C:\Windows\system32\xxwxu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b88df835] rundll32.exe "C:\Windows\system32\tielepyw.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 23590 bytes

 

Poista Trend Micro HijackThis v2.0.0 (BETA) ja lataa uusin versio

Lataa TÄSTÄ HJTInstall.exe

* Tallenna HJTInstall.exe työpöydällesi.
* Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
* Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
* Klikkaa Install.
* Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
* Kun asennus on valmis, se käynnistää HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.
* ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
* ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.

==============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tässä olisi uudemman HijackThisin loki.

Combofix välähtää hetkeksi käyntiin pienessä latausikkunassa mutta hiljenee sen jälkeen eikä tuota lokia.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:02, on 27.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Users\Otto ja Niko\Desktop\HiJackThis_v2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {efebeb1b-86de-adb9-fb34-c748571051e2} - {2e150175-847c-43bf-9bda-ed68b1bebefe} - C:\Windows\system32\mcbedkfl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {91C87EC9-1385-46D6-87C7-F9777A9996C8} - C:\Windows\system32\xxwxu.dll (file missing)
O2 - BHO: (no name) - {A81300E9-7843-4AC1-B288-99A037D1FD79} - C:\Windows\system32\xxwxu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b88df835] rundll32.exe "C:\Windows\system32\tielepyw.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10332 bytes

 

ajas toi combofix

===========

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

 

Se Combofix ei lähde käyntiin.. Lataa ensin vihreän palkin ja sen jälkeen mitään ei tapahdu eikä tule lokia.

Lataan VundoFixin.

 

aja sitten combofix vikasiedossa

 

Vikasietotilassa Combofix avaa sinisen ruudun jossa lukee: "Järjestelmä ei löydä sanomaa numerolle 0x8 ohjelman System sanomatiedostossa". Muuta ei sitten tapahdukaan.

 

saakos ton avg:n anti-spywaren 7.5 ajettua.

 

Kyllä. Pistin complete system scanin menemään.

 

No ootellaan mitä se saa aikaseksi.

kai olet sitten valvojan oikeuksilla sisällä.

 

Kyllä ollaan, ei tässä muita ole.

 

Tämä AVG Anti-Spyware löysi sitten neljä Tracking Cookieta. Poistankos ne? (vaikka mikään niistä ei luultavastikaan aiheuta tätä etsimääni vaivaa)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:22:36 27.2.2008

+ Scan result:



C:\Users\Otto ja Niko\AppData\Roaming\Microsoft\Windows\Cookies\otto_ja_niko@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Users\Otto ja Niko\AppData\Roaming\Microsoft\Windows\Cookies\otto_ja_niko@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Users\Otto ja Niko\AppData\Roaming\Microsoft\Windows\Cookies\otto_ja_niko@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Users\Otto ja Niko\AppData\Roaming\Microsoft\Windows\Cookies\otto_ja_niko@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken.


::Report end

 

deletoi ne

==============

normaalissa tilassa combofix ja saas nähä tuleeko formatointi
jos ei kalut ala toimimaan. Olet valvojan oikeuksilla.

=============

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: {efebeb1b-86de-adb9-fb34-c748571051e2} - {2e150175-847c-43bf-9bda-ed68b1bebefe} - C:\Windows\system32\mcbedkfl.dll
O2 - BHO: (no name) - {91C87EC9-1385-46D6-87C7-F9777A9996C8} - C:\Windows\system32\xxwxu.dll (file missing)
O2 - BHO: (no name) - {A81300E9-7843-4AC1-B288-99A037D1FD79} - C:\Windows\system32\xxwxu.dll (file missing)
O4 - HKLM\..\Run: [b88df835] rundll32.exe "C:\Windows\system32\tielepyw.dll",b

 

Combofix toimi, tässä loki:

ComboFix 08-02-25.3 - Otto ja Niko 2008-02-27 18:04:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1169 [GMT 2:00]
Running from: C:\Users\Otto ja Niko\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\mcbedkfl.dll
C:\Windows\system32\tielepyw.dll
C:\Windows\System32\wypeleit.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-27 to 2008-02-27 )))))))))))))))))
.

2008-02-27 14:00 . 2008-02-27 14:00 <KANSIO> d-------- C:\Users\Otto ja Niko\DoctorWeb
2008-02-26 23:11 . 2008-02-26 23:12 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-02-26 23:11 . 2008-02-26 23:12 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-02-26 23:11 . 2008-02-26 23:11 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-02-26 23:10 . 2008-02-26 23:10 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 22:48 . 2008-02-26 22:48 <KANSIO> d-------- C:\VundoFix Backups
2008-02-26 20:13 . 2008-02-26 20:13 <KANSIO> d-------- C:\Program Files\Bethesda Softworks
2008-02-26 14:08 . 2008-02-26 14:08 <KANSIO> d-------- C:\Users\Otto ja Niko\AppData\Roaming\Grisoft
2008-02-26 14:08 . 2008-02-26 14:08 <KANSIO> d-------- C:\Users\All Users\Grisoft
2008-02-26 14:08 . 2008-02-26 14:08 <KANSIO> d-------- C:\ProgramData\Grisoft
2008-02-26 14:08 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-02-26 13:17 . 2008-02-26 13:40 <KANSIO> d-------- C:\Program Files\InCode Solutions
2008-02-26 12:32 . 2008-02-26 12:32 <KANSIO> d-------- C:\Program Files\File Shredder
2008-02-26 09:08 . 2008-02-26 09:08 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-19 16:12 . 2008-02-27 12:55 168,840 --ahs---- C:\Windows\System32\uxwxx.ini
2008-02-19 16:12 . 2008-02-27 12:53 168,585 --ahs---- C:\Windows\System32\uxwxx.ini2
2008-02-19 16:11 . 327,168 C:\Windows\System32\xxwxu.dll.bak
2008-02-19 16:02 . 2008-02-19 16:02 <KANSIO> d-------- C:\Program Files\UltraISO
2008-02-19 16:02 . 2008-02-19 16:02 <KANSIO> d-------- C:\Program Files\Common Files\EZB Systems
2008-02-19 15:54 . 2008-02-19 15:54 <KANSIO> d-------- C:\Users\Otto ja Niko\AppData\Roaming\Ahead
2008-02-19 01:28 . 2008-02-19 01:28 <KANSIO> d-------- C:\Program Files\ASIO4ALL v2
2008-02-19 01:28 . 2006-06-20 10:56 225,280 --a------ C:\Windows\System32\rewire.dll
2008-02-19 01:27 . 2002-07-08 00:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm
2008-02-19 01:26 . 2008-02-19 01:36 <KANSIO> d-------- C:\Program Files\Image-Line
2008-02-18 15:18 . 2008-02-18 15:19 <KANSIO> d-------- C:\Program Files\Phun
2008-02-17 22:41 . 2008-02-17 22:41 <KANSIO> d-------- C:\Users\All Users\Trymedia
2008-02-17 22:41 . 2008-02-17 22:41 <KANSIO> d-------- C:\ProgramData\Trymedia
2008-02-17 22:40 . 2008-02-17 22:40 <KANSIO> d-------- C:\Program Files\BFG
2008-02-16 11:40 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 09:53 . 2008-02-13 09:53 196,096 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 09:53 . 2008-02-13 09:53 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 09:53 . 2008-02-13 09:53 48,640 --a------ C:\Windows\System32\davclnt.dll
2008-02-13 09:50 . 2008-02-13 09:50 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:49 . 2008-02-13 09:49 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:49 . 2008-02-13 09:49 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-05 18:59 . 2008-02-05 18:59 <KANSIO> d-------- C:\Users\Otto ja Niko\AppData\Roaming\Sony
2008-02-05 18:59 . 2008-02-05 18:59 <KANSIO> d-------- C:\Users\Otto ja Niko\AppData\Roaming\Publish Providers
2008-02-05 18:59 . 2008-02-05 22:05 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-02-05 18:59 . 2008-02-05 22:05 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-02-05 18:46 . 2008-02-05 18:46 <KANSIO> d-------- C:\Users\All Users\Sony
2008-02-05 18:46 . 2008-02-05 18:46 <KANSIO> d-------- C:\ProgramData\Sony
2008-02-05 18:46 . 2008-02-19 01:36 <KANSIO> d-------- C:\Program Files\Vstplugins
2008-02-05 18:46 . 2008-02-05 18:46 <KANSIO> d-------- C:\Program Files\Sony
2008-02-05 18:44 . 2008-02-05 18:44 <KANSIO> d-------- C:\Program Files\Sony Setup
2008-01-31 14:41 . 2008-01-31 14:41 <KANSIO> d-------- C:\Program Files\Power Tab Software
2008-01-30 12:24 . 2008-01-30 12:24 <KANSIO> d-------- C:\Program Files\Unity

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:11 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\WTablet
2008-02-27 16:11 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\OpenOffice.org2
2008-02-27 16:11 --------- d-----w C:\Program Files\Norman
2008-02-26 20:30 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\mIRC
2008-02-26 11:44 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\uTorrent
2008-02-21 10:08 --------- d-----w C:\Program Files\Google
2008-02-18 23:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-13 07:51 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 07:51 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 07:51 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 07:51 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 07:51 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 07:51 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 07:51 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 07:51 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 07:50 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 07:50 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 07:50 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 07:50 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-13 07:50 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 07:50 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 07:50 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 07:50 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 07:50 1,061,432 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-05 17:19 --------- d-----w C:\Program Files\StepMania
2008-01-26 22:01 --------- d-----w C:\Program Files\DOSBox-0.72
2008-01-22 18:53 --------- d-----w C:\Program Files\Propellerhead
2008-01-19 20:19 --------- d-----w C:\Program Files\Infogrames
2008-01-16 14:54 --------- d-----w C:\Program Files\Time Commando
2008-01-15 18:17 --------- d-----w C:\Program Files\Strategy First
2008-01-15 18:15 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\DAEMON Tools
2008-01-15 18:15 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-10 17:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 17:33 --------- d-----w C:\Program Files\Windows Mail
2008-01-06 14:33 --------- d-----w C:\Program Files\4Musics OGG to MP3 Converter
2008-01-04 18:03 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\Propellerhead Software
2008-01-04 17:48 --------- d-----w C:\ProgramData\Propellerhead Software
2008-01-04 17:47 --------- d-----w C:\Program Files\Last.fm
2008-01-04 17:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-04 17:27 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-12-30 17:56 --------- d-----w C:\Program Files\GIMPshop
2007-12-30 17:48 --------- d-----w C:\ProgramData\AppData
2007-12-30 17:46 --------- d-----w C:\Program Files\Tablet
2007-12-30 15:56 --------- d-----w C:\Program Files\Java
2007-12-30 15:55 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 12:43 --------- d-----w C:\Program Files\Black Shades
2007-12-29 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 17:59 --------- d-----w C:\Program Files\Common Files\IviSDK
2007-12-29 17:59 --------- d-----w C:\Program Files\anysee
2007-12-29 17:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-29 12:24 --------- d-----w C:\Program Files\Cave Story Deluxe
2007-12-29 10:33 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-28 14:33 --------- d-----w C:\Program Files\uTorrent
2007-12-28 12:28 --------- d-----w C:\ProgramData\Last.fm
2007-12-28 12:28 --------- d-----w C:\Program Files\iTunes
2007-12-28 12:13 --------- d-----w C:\Program Files\WS_FTP
2007-12-28 09:41 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 09:28 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\Apple Computer
2007-12-28 09:28 --------- d-----w C:\ProgramData\Apple Computer
2007-12-28 09:28 --------- d-----w C:\Program Files\QuickTime
2007-12-28 09:28 --------- d-----w C:\Program Files\iPod
2007-12-28 09:27 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 09:25 --------- d-----w C:\ProgramData\Apple
2007-12-28 09:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-28 09:17 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-12-28 09:17 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-12-28 09:17 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-12-28 09:17 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-12-28 09:17 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-12-28 09:17 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-12-28 09:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-28 09:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-28 09:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-28 09:14 102,400 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-28 09:04 --------- d-----w C:\Program Files\FLV Player
2007-12-28 08:40 --------- d-----w C:\Program Files\Windows Live
2007-12-28 08:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 08:34 --------- d-----w C:\ProgramData\WLInstaller
2007-12-28 08:13 --------- d-----w C:\Program Files\Opera
2007-12-27 18:04 --------- d-----w C:\Program Files\ANI
2007-12-27 18:03 --------- d-----w C:\Program Files\D-Link
2007-12-27 18:00 --------- d-----w C:\Users\Otto ja Niko\AppData\Roaming\InstallShield
2007-12-27 17:58 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-27 17:57 --------- d-----w C:\ProgramData\Nero
2007-12-27 17:57 --------- d-----w C:\Program Files\Nero
2007-12-27 17:57 --------- d-----w C:\Program Files\Microsoft Works
2007-12-27 17:55 --------- d-----w C:\Program Files\Common Files\Adobe
2007-01-01 10:20 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91C87EC9-1385-46D6-87C7-F9777A9996C8}]
C:\Windows\system32\xxwxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A81300E9-7843-4AC1-B288-99A037D1FD79}]
C:\Windows\system32\xxwxu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:16 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-28 10:14 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2008-02-03 13:42 587776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-01-01 10:23 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-05 11:21 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-05 11:21 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-05 11:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 11:06 4669440 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"anysee_TR"="C:\Program Files\anysee\anysee-E30\anysee_TR.exe" [2007-09-20 09:45 1330688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Users\Otto ja Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-28 12:53:42 106496]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A2984DED-630B-4203-A9C9-605C1E218048}E:\d-link.exe"= UDP:E:\d-link.exe:Setup Wizard Template|Desc=Setup Wizard Template
"UDP Query User{2D2C01F4-251E-4BB9-9AAF-8BB3DC1803B2}E:\d-link.exe"= TCP:E:\d-link.exe:Setup Wizard Template|Desc=Setup Wizard Template
"{D114A7FC-D681-4C28-AB92-3781E64D6578}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{F328B841-DB40-414D-B93E-E2E7259D8FE8}K:\stepmania 4.0 cvs\program\stepmania.exe"= UDP:K:\stepmania 4.0 cvs\program\stepmania.exe:StepMania|Desc=StepMania
"UDP Query User{B38C7C06-A876-4ACE-91E7-AD9CCA79D584}K:\stepmania 4.0 cvs\program\stepmania.exe"= TCP:K:\stepmania 4.0 cvs\program\stepmania.exe:StepMania|Desc=StepMania
"{3E0B7533-3E6C-489C-B04B-FC535AE8A000}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CFF12D99-2578-44D2-B709-F3CF5B7AE83A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DC5B3EFC-8008-4A2E-B1B0-C97274E4BC54}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B6EB52A2-1191-4DCF-B3F7-C84C886A9C09}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{349178D9-A4F4-4A7E-81B8-0CBD12E5C5E6}C:\program files\opera\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser|Desc=Opera Internet Browser
"UDP Query User{1A8D6140-63F1-4A4E-936E-81A3DD8FDB70}C:\program files\opera\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser|Desc=Opera Internet Browser
"TCP Query User{41FC6AF9-7093-4713-A04C-4A3DA6C8CD7E}C:\mirc\mirc.exe"= UDP:C:\mirc\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{E1CA3275-CBF9-450B-B0E7-C582CF711DB3}C:\mirc\mirc.exe"= TCP:C:\mirc\mirc.exe:mIRC|Desc=mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 11:22]
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 20:52]
R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 13:37]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 13:48]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S1 AMTBDA_P861F;anysee Capture Service;C:\Windows\system32\DRIVERS\anyseeTU.SYS [2007-07-24 10:48]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16:20]
S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 15:25]
S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 15:25]
S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 15:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b2ce1c-c36b-11dc-b29a-001b111f2c2b}]
\shell\AutoRun\command - H:\AutoRunMorrowind.exe
\shell\install\command - H:\Setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:11:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
.
**************************************************************************
.
Completion time: 2008-02-27 18:14:51 - machine was rebooted
.
2008-02-27 10:44:41 --- E O F ---

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.