En ole varma, että kuuluisiko tämä windows puolelle vai tänne, mutta sen verran virusta epäilen, että laitoin sitten tänne. Sitten itse asiaan. Eli c-asemalta(ainoa) vähenee tilaa 10mt n.5 sekunnin välein, vaikka sinne mitään ei menekään. Myöskin kun katsoo c-aseman juuresta löytyvien kansioiden ominaisuudet, ei sieltä yli 125gt löydy, vaikka omastatietokoneesta katsottaessa c-asemalla onkin 148gt ja lisääntyy jatkuvasti. Kovalevy myös ruksuttaa jatkuvasti, joten jotain siellä on meneillään. Avastilla olen koneen yrittänyt skannata, mutta mitään ei löydy. Nyt siis olen pahasti avun tarpeessa! Aika paljon olen joutunut jo kaikkea poistelemaankin, kun kovalevyn vapaan tilan määräksi on ilmoitettu 0t.
Jotkut haittaohjelmat tosiaan voivat täyttää kovon, tutkitaan: -> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe -> Tallenna hakemistoon C:\hjt ->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin: 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe -> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile. -> Lähetä ilmestynyt logisi tähän ketjuun
Tuon näköistä tuli: Logfile of HijackThis v1.99.1 Scan saved at 1:33:15, on 7.1.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Bluetooth\Bluetooth-ohjelmisto\bin\btwdins.exe C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\RF Driver\One Take V2.0.8\GLtakone.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bluetooth\Bluetooth-ohjelmisto\BTTray.exe C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\BLUETO~1\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Scanner.exe.exe C:\WINDOWS\Temp\WDF721E.tmp\Microsoft User-Mode Driver Framework Install-v1.0-WinXP.exe c:\7301c6fc9aec062296b02ba8\update\update.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [GLtakone.exe] "C:\Program Files\RF Driver\One Take V2.0.8\GLtakone.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth-ohjelmisto\bin\btwdins.exe O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Tuota lokia, kun itse katselen niin silmään pistää prosesseista update.exe(viimeinen). Tuon ko. ohjelman hakemisto nimittäin ihmeellisesti pomppii näkyviin ja pois c-aseman juuressa. task manageristakaan en saa prosessia tapettua, koska se siinä niin pikaisesti käväisee. Voisiko ongelma olla siinä prosessissa? Ja jos on, niin miten poistan sellaisen mitä ei ole...?
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen ****** c:\7301c6fc9aec062296b02ba8\update\update.exe etsi tuo tiedosto ja lähetä se tänne http://virusscan.jotti.org/ File to upload & scan: kohtaan, jos ei löydy tää voi auttaa, Laita piilotiedostot näkyviin
Kansio ei ole piilotettu, vaan se näkyy aivan oikein, mutta pomppii edestakaisin näkyviin ja pois näkyvistä(ei ole väliä näyttääkö piilotetut vai ei). Kansio ikään kuin häviää ja tulee jälleen takaisin. Prosessi tekee myös samaa, joten en pääse siihen mitenkään käsiksi. :/ Tuossa se toinen loki: "JaJuMi" - 04-01-07 6:10:52 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\JaJuMi\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2003-12-07 to 2004-01-07 )))))))))))))))))))))))))))))))))) 2004-01-17 18:20 <KANSIO> d-------- C:\DOCUME~1\JaJuMi\Bluetooth Software 2004-01-07 21:21 237,936 --a------ C:\WINDOWS\system32\unicows.dll 2004-01-07 01:31 218,112 --a------ C:\Scanner.exe.exe 2004-01-07 00:55 <KANSIO> d-------- C:\Program Files\Lavasoft 2004-01-07 00:55 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2004-01-07 00:55 <KANSIO> d-------- C:\DOCUME~1\JaJuMi\APPLIC~1\Lavasoft 2004-01-07 00:02 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt 2004-01-05 08:56 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2004-01-05 08:42 <KANSIO> d-------- C:\Program Files\ToniArts 2004-01-01 21:14 372,480 -ra------ C:\WINDOWS\system32\drivers\CBG54.SYS 2004-01-01 10:13 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 18:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 18:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 18:39 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 18:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 18:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-03-02 22:53 1972224 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-02-22 09:15 8320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-02-22 09:15 137216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-02-22 09:15 12288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-02-22 09:15 12288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2006-10-18 19:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-10-13 12:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-09-15 21:30 82688 --------- C:\WINDOWS\system32\drivers\WudfRd.sys 2006-09-15 21:29 76544 --------- C:\WINDOWS\system32\drivers\WudfPf.sys 2006-08-25 05:47 36528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2006-08-25 05:47 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-08-25 05:47 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 11:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys 2006-08-14 12:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys 2006-07-13 10:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys 2006-06-14 11:00 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2006-06-14 10:47 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2006-06-14 10:47 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2006-06-10 08:58 1373120 --a------ C:\WINDOWS\system32\drivers\cmuda.sys 2006-05-05 11:47 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys 2006-05-05 11:41 453120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys 2006-04-20 13:51 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys 2006-04-18 21:59 78720 --a------ C:\WINDOWS\system32\drivers\TE100XP.SYS 2006-03-17 02:33 262784 --a------ C:\WINDOWS\system32\drivers\http.sys 2006-03-15 14:00 96256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys 2006-03-15 14:00 9600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys 2006-03-15 14:00 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2006-03-15 14:00 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2006-03-15 14:00 92032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys 2006-03-15 14:00 91776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys 2006-03-15 14:00 88448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys 2006-03-15 14:00 8832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys 2006-03-15 14:00 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys 2006-03-15 14:00 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys 2006-03-15 14:00 79744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys 2006-03-15 14:00 7936 --a------ C:\WINDOWS\system32\drivers\fs_rec.sys 2006-03-15 14:00 7680 --a------ C:\WINDOWS\system32\drivers\mcd.sys 2006-03-15 14:00 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2006-03-15 14:00 74752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys 2006-03-15 14:00 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2006-03-15 14:00 72960 --a------ C:\WINDOWS\system32\drivers\mqac.sys 2006-03-15 14:00 71552 --a------ C:\WINDOWS\system32\drivers\bridge.sys 2006-03-15 14:00 71040 --a------ C:\WINDOWS\system32\drivers\dxg.sys 2006-03-15 14:00 69120 --a------ C:\WINDOWS\system32\drivers\psched.sys 2006-03-15 14:00 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys 2006-03-15 14:00 6784 --a------ C:\WINDOWS\system32\drivers\parvdm.sys 2006-03-15 14:00 67584 --a------ C:\WINDOWS\system32\drivers\sdbus.sys 2006-03-15 14:00 66176 --a------ C:\WINDOWS\system32\drivers\udfs.sys 2006-03-15 14:00 64896 --a------ C:\WINDOWS\system32\drivers\serial.sys 2006-03-15 14:00 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys 2006-03-15 14:00 63744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys 2006-03-15 14:00 63232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys 2006-03-15 14:00 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys 2006-03-15 14:00 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2006-03-15 14:00 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys 2006-03-15 14:00 59904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys 2006-03-15 14:00 5888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys 2006-03-15 14:00 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys 2006-03-15 14:00 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys 2006-03-15 14:00 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2006-03-15 14:00 574592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys 2006-03-15 14:00 55936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys 2006-03-15 14:00 55936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys 2006-03-15 14:00 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2006-03-15 14:00 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2006-03-15 14:00 52352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys 2006-03-15 14:00 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys 2006-03-15 14:00 51328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys 2006-03-15 14:00 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2006-03-15 14:00 49664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys 2006-03-15 14:00 49536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys 2006-03-15 14:00 48384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys 2006-03-15 14:00 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys 2006-03-15 14:00 46464 --a------ C:\WINDOWS\system32\drivers\gagp30kx.sys 2006-03-15 14:00 44928 --a------ C:\WINDOWS\system32\drivers\agpcpq.sys 2006-03-15 14:00 44672 --a------ C:\WINDOWS\system32\drivers\uagp35.sys 2006-03-15 14:00 4352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys 2006-03-15 14:00 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2006-03-15 14:00 43008 --a------ C:\WINDOWS\system32\drivers\amdagp.sys 2006-03-15 14:00 42752 --a------ C:\WINDOWS\system32\drivers\alim1541.sys 2006-03-15 14:00 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys 2006-03-15 14:00 42368 --a------ C:\WINDOWS\system32\drivers\agp440.sys 2006-03-15 14:00 42240 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2006-03-15 14:00 42240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys 2006-03-15 14:00 4224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys 2006-03-15 14:00 4224 --a------ C:\WINDOWS\system32\drivers\mnmdd.sys 2006-03-15 14:00 4224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2006-03-15 14:00 41856 --a------ C:\WINDOWS\system32\drivers\imapi.sys 2006-03-15 14:00 41472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys 2006-03-15 14:00 41088 --a------ C:\WINDOWS\system32\drivers\sisagp.sys 2006-03-15 14:00 40320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys 2006-03-15 14:00 38016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys 2006-03-15 14:00 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys 2006-03-15 14:00 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys 2006-03-15 14:00 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys 2006-03-15 14:00 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys 2006-03-15 14:00 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys 2006-03-15 14:00 36096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys 2006-03-15 14:00 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2006-03-15 14:00 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys 2006-03-15 14:00 352256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys 2006-03-15 14:00 35072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys 2006-03-15 14:00 34944 --a------ C:\WINDOWS\system32\drivers\fips.sys 2006-03-15 14:00 34560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys 2006-03-15 14:00 34560 --a------ C:\WINDOWS\system32\drivers\netbios.sys 2006-03-15 14:00 3456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys 2006-03-15 14:00 34432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys 2006-03-15 14:00 3328 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2006-03-15 14:00 3328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys 2006-03-15 14:00 32896 --a------ C:\WINDOWS\system32\drivers\ipfltdrv.sys 2006-03-15 14:00 32512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys 2006-03-15 14:00 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2006-03-15 14:00 31360 --a------ C:\WINDOWS\system32\drivers\atmepvc.sys 2006-03-15 14:00 30848 --a------ C:\WINDOWS\system32\drivers\npfs.sys 2006-03-15 14:00 30080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys 2006-03-15 14:00 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys 2006-03-15 14:00 2944 --a------ C:\WINDOWS\system32\drivers\null.sys 2006-03-15 14:00 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2006-03-15 14:00 29056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys 2006-03-15 14:00 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-03-15 14:00 27392 --a------ C:\WINDOWS\system32\drivers\fdc.sys 2006-03-15 14:00 26624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2006-03-15 14:00 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys 2006-03-15 14:00 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys 2006-03-15 14:00 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2006-03-15 14:00 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys 2006-03-15 14:00 24576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys 2006-03-15 14:00 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys 2006-03-15 14:00 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys 2006-03-15 14:00 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys 2006-03-15 14:00 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2006-03-15 14:00 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys 2006-03-15 14:00 20992 --a------ C:\WINDOWS\system32\drivers\vga.sys 2006-03-15 14:00 20992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys 2006-03-15 14:00 209408 --a------ C:\WINDOWS\system32\drivers\update.sys 2006-03-15 14:00 20480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys 2006-03-15 14:00 19072 --a------ C:\WINDOWS\system32\drivers\msfs.sys 2006-03-15 14:00 187776 --a------ C:\WINDOWS\system32\drivers\acpi.sys 2006-03-15 14:00 18688 --a------ C:\WINDOWS\system32\drivers\partmgr.sys 2006-03-15 14:00 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys 2006-03-15 14:00 18560 --a------ C:\WINDOWS\system32\drivers\tdi.sys 2006-03-15 14:00 182912 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2006-03-15 14:00 181248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys 2006-03-15 14:00 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys 2006-03-15 14:00 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2006-03-15 14:00 16512 --a------ C:\WINDOWS\system32\drivers\raspti.sys 2006-03-15 14:00 162816 --a------ C:\WINDOWS\system32\drivers\netbt.sys 2006-03-15 14:00 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys 2006-03-15 14:00 15488 --a------ C:\WINDOWS\system32\drivers\serenum.sys 2006-03-15 14:00 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys 2006-03-15 14:00 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys 2006-03-15 14:00 14976 --a------ C:\WINDOWS\system32\drivers\tape.sys 2006-03-15 14:00 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2006-03-15 14:00 14592 --a------ C:\WINDOWS\system32\drivers\smclib.sys 2006-03-15 14:00 143360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys 2006-03-15 14:00 14336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys 2006-03-15 14:00 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2006-03-15 14:00 14208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys 2006-03-15 14:00 13952 --a------ C:\WINDOWS\system32\drivers\cbidf2k.sys 2006-03-15 14:00 138496 --a------ C:\WINDOWS\system32\drivers\afd.sys 2006-03-15 14:00 12672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys 2006-03-15 14:00 125056 --a------ C:\WINDOWS\system32\drivers\ftdisk.sys 2006-03-15 14:00 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys 2006-03-15 14:00 12416 --a------ C:\WINDOWS\system32\drivers\nwlnkflt.sys 2006-03-15 14:00 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-03-15 14:00 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys 2006-03-15 14:00 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2006-03-15 14:00 12032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys 2006-03-15 14:00 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys 2006-03-15 14:00 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys 2006-03-15 14:00 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys 2006-03-15 14:00 119936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys 2006-03-15 14:00 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys 2006-03-15 14:00 11648 --a------ C:\WINDOWS\system32\drivers\acpiec.sys 2006-03-15 14:00 11392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys 2006-03-15 14:00 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2006-03-15 14:00 11136 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys 2006-03-15 14:00 107904 --a------ C:\WINDOWS\system32\drivers\mup.sys 2006-03-15 14:00 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2006-03-15 14:00 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys 2006-03-15 14:00 10240 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys 2006-02-15 02:22 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2005-09-29 09:43 9792 --a------ C:\WINDOWS\system32\drivers\LGTkFtr.sys 2005-09-20 15:26 1342122 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys 2005-09-20 15:03 401664 --a------ C:\WINDOWS\system32\drivers\btaudio.sys 2005-09-19 15:44 23271 --a------ C:\WINDOWS\system32\drivers\btserial.sys 2005-09-19 15:44 222876 --a------ C:\WINDOWS\system32\drivers\btslbcsp.sys 2005-09-19 15:42 30363 --a------ C:\WINDOWS\system32\drivers\btport.sys 2005-09-19 15:41 56648 --a------ C:\WINDOWS\system32\drivers\btwusb.sys 2005-09-19 15:41 30189 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys 2005-09-19 15:38 148040 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys 2005-09-15 09:45 9888 --a------ C:\WINDOWS\system32\drivers\UGTkFtr.sys 2005-06-29 01:43 46592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2005-06-29 01:43 19200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2005-06-21 03:52 14592 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys 2005-06-10 06:09 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2005-02-02 11:21 14408 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2004-12-19 06:32 38229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2004-09-30 00:28 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys 2004-08-10 13:45 11008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys 2004-08-04 11:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2004-08-04 09:01 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2004-08-04 08:31 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2004-08-04 01:07 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2004-08-04 01:07 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2004-08-04 00:59 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2004-08-03 23:15 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2004-08-03 23:15 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2004-08-03 23:08 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2004-08-03 23:08 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2004-06-03 10:40 79360 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys 2004-05-25 15:58 962560 --a------ C:\WINDOWS\system32\drivers\nvmcp.sys 2004-05-25 15:58 66688 --a------ C:\WINDOWS\system32\drivers\nvarm.sys 2004-05-25 15:58 48640 --a------ C:\WINDOWS\system32\drivers\nvax.sys 2004-05-25 15:58 396032 --a------ C:\WINDOWS\system32\drivers\nvapu.sys 2004-04-02 15:40 21760 --a------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2004-03-15 19:24 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2004-01-07 00:09 -------- d-------- C:\Program Files\nokia (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "GLtakone.exe"="\"C:\\Program Files\\RF Driver\\One Take V2.0.8\\GLtakone.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" @="" "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2004-01-07 06:14:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 04-01-07 6:18:31 C:\ComboFix-quarantined-files.txt ... 04-01-07 06:18
Lataa Killbox Option^Explicitiltä. Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi. [*]Tallenna työpöydällesi. [*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman. [*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa. [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi): vc:\7301c6fc9aec062296b02ba8\update\update.exe [*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard. [*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!). Käynnistä koneesi itse jos se ei sitä automaattisesti tee Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.' uusi hjt logi
Mulla on sama onkelma tässä on loki Olis ihan kiva jos joku pystys auttaa Logfile of HijackThis v1.99.1 Scan saved at 12:23:19, on 18.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\xoblite_bb3_rc1\Blackbox.exe C:\Program Files\TopDesk\topdesk.exe C:\Program Files\3D\Yodm3D.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\mIRC\mirc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Ville Viitaharju\Työpöytä\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=C:\xoblite_bb3_rc1\Blackbox.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Ville Viitaharju\Työpöytä\FindeXer Nightly V1.1.0.3\FindeXer.dll (file missing) O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\RunServices: [asdfg] C:\WINDOWS\system32\nmydk.exe O4 - HKCU\..\Run: [Windows restart by pönsö] C:\Program Files\Windowsin restartti by pönsö\1.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - Startup: Instance Manager Group Default Instance Group.lnk = C:\Program Files\Samurize\InstanceManager.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ville Viitaharju\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5A6763-9132-466B-91AB-A2D663E2C379}: NameServer = 193.210.18.18,193.210.19.19 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: WinRemotePC Server (WinRPC10) - Unknown owner - C:\Program Files\WinSoftMagic\WinRemotePC\WRPCServer.exe (file missing)
Ottakaa järjestelmän palauttaminen pois käytöstä ja katsokaa tuliko kovalevytila takaisin.. saattas auttaa. Itsellä ainakin.
Minulla hiukan sama tilanne, paitsi mulla nyt on koneessa vielä d-asemakin(jos se nyt jotain merkkaa). Tässäpä lokia, mitä tuli tuosta hijack -hommelista ulos: Logfile of HijackThis v1.99.1 Scan saved at 12:23:06, on 31.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\DOCUME~1\Tommi\LOCALS~1\Temp\200732120338_mcinfo.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Wireless LAN Utility\SISCFG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hjt\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - Default URLSearchHook is missing O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Tommi\LOCALS~1\Temp\200732120338_mcinfo.exe /insfin O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O15 - Trusted Zone: *.line6.net O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Mitäs pitäis tehä?
LUKEA SÄÄNNÖT... -> Lähetä ilmestynyt logisi AfterDawn:n Virukset ja haittaohjelmat-osioon HijackThis-logit: http://keskustelu.afterdawn.com/forum_view.cfm/198 Aloita uusi viestiketjusi ja kerro ongelmasta sekä liitä HijackThis logi mukaan! Odota rauhassa apua Eli editoi oma viestisi pois...
