kone on jotenki seko täs HiJackThis log

eikukaan · Apr 2, 2007

olin laittanut suomi24:n keskustelualueelle viestin siitä kun painan hiiren oikeeta näppäintä niin kone "sekoaa" noin 10 sekunniksi eikä tapahdu mitään ja siellä sanottiin että kyseessä voi olla HiJackThis asia tai jotain ni laitoin login tänne:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:50:02, on 2.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
D:\PROGRA~1\AVAST!~1\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\PuXpMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
D:\Program Files\Avast! Antivirus\aswUpdSv.exe
D:\Program Files\Avast! Antivirus\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\Avast! Antivirus\ashMaiSv.exe
D:\Program Files\Avast! Antivirus\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Minä\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\AVAST!~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\Program Files\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08fa1db26a11472a87c38a5a769b8974
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08fa1db26a11472a87c38a5a769b8974
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Avast! Antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Avast! Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast! Antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast! Antivirus\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8301 bytes

Auttaja · Apr 2, 2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

eikukaan · Apr 2, 2007

no, täs on se combofix log

"Min„" - 07-04-02 21:08:00 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Program Files\Ashampoo\Ashampoo PowerUp XP Platinum"

((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))

2007-04-02 18:36 98,304 --a------ C:\WINDOWS\system32\xipopup.dll
2007-04-02 18:36 94,208 --a------ C:\WINDOWS\system32\xislide.dll
2007-04-02 18:36 90,112 --a------ C:\WINDOWS\system32\xipush.dll
2007-04-02 18:36 45,056 --a------ C:\WINDOWS\system32\puxptwks.exe
2007-04-02 18:36 448,192 --a------ C:\WINDOWS\system32\xitabs.dll
2007-04-02 18:36 345,544 --a------ C:\WINDOWS\system32\xithreed.dll
2007-04-02 18:36 282,624 --a------ C:\WINDOWS\system32\xitree.dll
2007-04-02 18:36 163,840 --a------ C:\WINDOWS\system32\pwrupcid.dll
2007-04-02 18:36 102,400 --a------ C:\WINDOWS\system32\puxpman.exe
2007-04-02 18:36 <KANSIO> d-------- C:\Program Files\Ashampoo
2007-04-01 21:11 <KANSIO> d-------- C:\Program Files\Windows Defender
2007-04-01 20:59 <KANSIO> d-------- C:\WINDOWS\pss
2007-03-27 17:39 <KANSIO> d-------- C:\Program Files\Steam
2007-03-27 16:48 <KANSIO> d-------- C:\Program Files\Steam_
2007-03-25 14:26 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\Zen of Sudoku
2007-03-23 18:29 <KANSIO> d-------- C:\Program Files\HEX editor XVI32
2007-03-22 23:02 <KANSIO> d-------- C:\WINDOWS\OPTIONS
2007-03-22 23:02 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\InstallShield
2007-03-21 20:42 <KANSIO> d-------- C:\Program Files\The All-Seeing Eye
2007-03-21 19:12 <KANSIO> d-------- C:\Program Files\Common Files\EasyInfo
2007-03-20 16:45 <KANSIO> d-------- C:\DOCUME~1\MIN~1\APPLIC~1\InstallShield Installation Information
2007-03-18 21:53 <KANSIO> d-------- C:\ProgramData
2007-03-18 21:53 <KANSIO> d-------- C:\Program Files\Electronic Arts
2007-03-18 18:23 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cabela's Big Game Hunter - Alaskan Adventure Saves
2007-03-18 16:52 0 --a------ C:\WINDOWS\PowerReg.dat
2007-03-17 19:30 7,077,888 --a------ C:\DOCUME~1\MIN~1\ntuser.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-02 15:15 -------- d-------- C:\Program Files\incomplete
2007-04-02 15:15 -------- d-------- C:\Program Files\incomplete
2007-04-01 17:35 -------- d-------- C:\Program Files\limewire
2007-04-01 17:35 -------- d-------- C:\Program Files\limewire
2007-03-25 01:20 -------- d--h----- C:\Program Files\installshield installation information
2007-03-25 01:20 -------- d--h----- C:\Program Files\installshield installation information
2007-03-22 23:02 -------- d-------- C:\Program Files\realtek
2007-03-22 23:02 -------- d-------- C:\Program Files\realtek
2007-03-20 16:58 -------- d-------- C:\Program Files\gamespy arcade
2007-03-20 16:58 -------- d-------- C:\Program Files\gamespy arcade
2007-03-18 22:28 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-15 22:53 -------- d-------- C:\Program Files\yahoo!
2007-03-15 22:53 -------- d-------- C:\Program Files\yahoo!
2007-03-15 22:43 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-15 22:42 -------- d-------- C:\Program Files\java
2007-03-15 22:42 -------- d-------- C:\Program Files\java
2007-02-17 14:33 -------- d-------- C:\Program Files\xvid
2007-02-17 14:33 -------- d-------- C:\Program Files\xvid
2007-02-15 18:14 34966223 --------- C:\AVG7QT.DAT
2007-02-12 22:07 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-02-08 18:30 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 16:56 -------- d-------- C:\Program Files\ipod
2007-02-07 16:56 -------- d-------- C:\Program Files\ipod
2007-02-05 17:31 -------- d-------- C:\Program Files\quicktime
2007-02-05 17:31 -------- d-------- C:\Program Files\quicktime
2007-02-04 15:16 -------- d-------- C:\Program Files\msn messenger
2007-02-04 15:16 -------- d-------- C:\Program Files\msn messenger
2007-02-02 23:17 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-02 23:04 307200 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-02-02 23:03 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-02 23:03 1975296 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-02 22:57 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-02 22:56 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-02 22:56 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-02-02 22:56 110592 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-02-02 22:56 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-02 22:55 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-02 22:54 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-02-02 22:46 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-02 22:40 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-02 22:27 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-02 22:25 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-02 22:20 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-02 22:19 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-01-30 19:21 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-01-26 18:44 2637312 --a------ C:\WINDOWS\system32\logonuix.exe
2007-01-25 21:37 45834 --a------ C:\WINDOWS\bricopackuninst.cmd
2007-01-25 21:37 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-01-25 21:37 1934 --a------ C:\WINDOWS\bricopackfoldersdelete.cmd
2007-01-25 20:29 1023035 --a------ C:\WINDOWS\system32\worldclock.scr
2007-01-24 16:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 20:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 20:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-08 16:30 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 1"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"avast!"="D:\\PROGRA~1\\AVAST!~1\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"mspwr"="C:\\WINDOWS\\system32\\PuXpMan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f25dc1a-7406-11db-909d-806d6172696f}]
Shell\AutoRun\command E:\K.EXE

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\chkdsk.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-02 21:10:35

Auttaja · Apr 2, 2007

Avaa omatietokone
Paina oikealla napilla C: asemaa
->valitse ominaisuudet
Avaa työkalut välilehti
->aja virheen etsintä
*molemmat kohdat, siis etsi ja korjaa
->eheytä kiintolevy

*********

Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1
Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma
etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös
puhdistettua rekisterisi. -korjaa automaattisesti tiedostojärjestelmän virheet¨
-etsi ja yritä korjata virheelliset sektorit

Log in or Sign up

kone on jotenki seko täs HiJackThis log

eikukaan Regular member

Auttaja Guest

eikukaan Regular member

Auttaja Guest

Share This Page

Log in or Sign up

kone on jotenki seko täs HiJackThis log

eikukaan Regular member

Auttaja Guest

eikukaan Regular member

Auttaja Guest

Share This Page

Useful Searches