Elikkäs olisi semmonen ongelma, että välillä, kun avaa oma tietokoneen tai muun vastaavan kansion, niin kone sulkee ne hetken päästä itsestään. Eli luultavasti jokin virus kyseessä. Osaisiko kukaan neuvoa, miten asian saisi kuntoon?
Lataa Hijackthis (alla ohjeet) ja lähetä sen loki tähän linkkiin. Lataa tästä HJTInstall.exe *Tallenna HJTInstall.exe työpöydällesi. *Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. *Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. *Klikkaa Install. *Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. *Kun asennus on valmis, se käynnistää HijackThisin. *Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. *Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. *Mene tänne, luo uusi aihe ja liitä juuri kopioitu HijackThis loki sinne. Jää odottamaan fiksaajien vastausta. *ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. *ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia. Ko. ohjelma skannaa mm. käynnissä olevat prosessit sekä joitakin muutoksia rekisterissä, ja näistä tiedoista fiksaajat pystyvät erottamaan virukset sekä niiden aiheuttamat vahingot yms. oleellista tietoa. Fiksaajat ajattavat tuon ensimmäisen login lukemisen jälkeen joitakin fiksaukseen tarkoitettuja ohjelmia koneellasi ja siinä välissä myös uusia HjT-skannauksia, joten älä poista mitään omatoimisesti ennen kuin saat siitä erikseen kehoituksen. Ja vaikka ongelmat vaikuttaisivatkin poistuneen, ei se tarkoita sitä että koneesi olisi vielä puhdas! Joten suorita kaikki fiksaajan antamat toimenpiteet loppuun asti ja odota, että saat ilmoituksen koneesi puhtaudesta! Mahdollisissa epäselvissä tilanteissa älä epäröi kysyä neuvoa, sinua varmasti autetaan. Toinen vaihtoehto on tuon lokin lähettäminen Virustorjunta.nettiin (tarvitsee rekisteröinnin, maksuton tietenkin)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:59:27, on 24.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe C:\WINDOWS\runservice.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {15AAD327-175C-4C7E-8062-3B4C55175073} - C:\WINDOWS\system32\cbXomMGy.dll O2 - BHO: {bf0fa43d-0baf-4d49-6434-5bb38a70c333} - {333c07a8-3bb5-4346-94d4-fab0d34af0fb} - C:\WINDOWS\system32\ecxahm.dll O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\qoMeDVMf.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {905A01D4-0D75-49CD-AAD4-8911857FCAA2} - C:\WINDOWS\system32\whasttrh.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [07f66045] rundll32.exe "C:\WINDOWS\system32\bhwsfvpx.dll",b O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\qnmtisdf.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O20 - AppInit_DLLs: ecxahm.dll O20 - Winlogon Notify: qoMeDVMf - C:\WINDOWS\SYSTEM32\qoMeDVMf.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10057 bytes
No onhan tuossa viruksestakin kyse, mutta miten mahtuu kaksi virusohjelmaa ja kaksi palomuuria samaan laatikkoon? Vastaus: Ei mitenkään. Saako kysyä? Kysyn kuitenkin! Mitä virusohjelmaa käytät?
Antiviriä käytän, ja koneen mukana tuli norton, ja en ole sitä koskaan saanut poistettua, niin sen takia kaksi on käytössä, tosin norton on pois päältä kokoajan, mutta silti tuolla se kummittelee työkalupalkissa...
Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
µTorrent Ad-Aware Adobe Reader 7.0.5 - Suomi Adobe Shockwave Player ATI Display Driver ATI-ohjauspaneeli AVIcodec (remove only) Avira AntiVir PersonalEdition Classic BitLord 1.1 BitrateView BSPlayer BUFFALO Client Manager 3 CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore Civilization III: Conquests Command & Conquer The First Decade Command & Conquer™ The First Decade Patch 1.02 DC++ 0.698 Enhanced Multimedia Keyboard Solution FFdshow [2006-08-21 | rev 2546] Google Earth Pro Google Toolbar for Internet Explorer GTA2 Hamachi 1.0.3.0 High Definition Audio - KB888111 HijackThis 2.0.2 Hotfix-päivitys Windows XP:lle (KB893357) Hotfix-päivitys Windows XP:lle (KB906569) HP Boot Optimizer HP DVD Play 2.1 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Software Update J2SE Runtime Environment 5.0 Update 5 LiveUpdate 2.7 (Symantec Corporation) MakeTorrent v2.1 Messenger Plus! Live & Sponsor (CiD) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Finnish Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Works mIRC Mozilla Firefox (3.0.1) MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Need for Speed Underground 2 Nero 6 Ultra Edition Norton AntiSpam Norton AntiVirus 2006 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2006 (Symantec Corporation) Norton Protection Center Norton Security Scan Norton WMI Update Norton WMI Update Opera 9.02 Pack Vista Inspirat 1.1 Päivitys Windows XP:lle (KB898461) Päivitys Windows XP:lle (KB900485) Päivitys Windows XP:lle (KB908531) Päivitys Windows XP:lle (KB910437) Päivitys Windows XP:lle (KB911280) Päivitys Windows XP:lle (KB912945) Päivitys Windows XP:lle (KB916595) Päivitys Windows XP:lle (KB920872) Päivitys Windows XP:lle (KB922582) Päivitys Windows XP:lle (KB927891) Päivitys Windows XP:lle (KB929338) Päivitys Windows XP:lle (KB930916) Päivitys Windows XP:lle (KB931836) Päivitys Windows XP:lle (KB933360) Päivitys Windows XP:lle (KB938828) Päivitys Windows XP:lle (KB942763) Päivitys Windows XP:lle (KB942840) Päivitys Windows XP:lle (KB946627) Red Alert Windows 95 Samsung PC Studio II PIMS & File Manager Samsung PC Studio II Sample SmartFTP Client 2.0 SmartFTP Client 2.0 Setup Files (remove only) Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager SPBBC Steam Subtitle Workshop 2.51 Suojauspäivitys ohjelmistolle Windows XP (KB923689) Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Media Player 10:lle (KB911565) Suojauspäivitys Windows Media Player 10:lle (KB917734) Suojauspäivitys Windows Media Player 10:lle (KB936782) Suojauspäivitys Windows Media Player 6.4:lle (KB925398) Suojauspäivitys Windows Media Playerille (KB911564) Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896422) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896424) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB900725) Suojauspäivitys Windows XP:lle (KB901017) Suojauspäivitys Windows XP:lle (KB901214) Suojauspäivitys Windows XP:lle (KB902400) Suojauspäivitys Windows XP:lle (KB904706) Suojauspäivitys Windows XP:lle (KB905414) Suojauspäivitys Windows XP:lle (KB905749) Suojauspäivitys Windows XP:lle (KB905915) Suojauspäivitys Windows XP:lle (KB908519) Suojauspäivitys Windows XP:lle (KB911562) Suojauspäivitys Windows XP:lle (KB911567) Suojauspäivitys Windows XP:lle (KB911927) Suojauspäivitys Windows XP:lle (KB912919) Suojauspäivitys Windows XP:lle (KB913580) Suojauspäivitys Windows XP:lle (KB914388) Suojauspäivitys Windows XP:lle (KB914389) Suojauspäivitys Windows XP:lle (KB917159) Suojauspäivitys Windows XP:lle (KB917344) Suojauspäivitys Windows XP:lle (KB917422) Suojauspäivitys Windows XP:lle (KB917953) Suojauspäivitys Windows XP:lle (KB918118) Suojauspäivitys Windows XP:lle (KB918439) Suojauspäivitys Windows XP:lle (KB918899) Suojauspäivitys Windows XP:lle (KB919007) Suojauspäivitys Windows XP:lle (KB920213) Suojauspäivitys Windows XP:lle (KB920214) Suojauspäivitys Windows XP:lle (KB920670) Suojauspäivitys Windows XP:lle (KB920683) Suojauspäivitys Windows XP:lle (KB920685) Suojauspäivitys Windows XP:lle (KB921398) Suojauspäivitys Windows XP:lle (KB921503) Suojauspäivitys Windows XP:lle (KB921883) Suojauspäivitys Windows XP:lle (KB922616) Suojauspäivitys Windows XP:lle (KB922760) Suojauspäivitys Windows XP:lle (KB922819) Suojauspäivitys Windows XP:lle (KB923191) Suojauspäivitys Windows XP:lle (KB923414) Suojauspäivitys Windows XP:lle (KB923694) Suojauspäivitys Windows XP:lle (KB923980) Suojauspäivitys Windows XP:lle (KB924191) Suojauspäivitys Windows XP:lle (KB924270) Suojauspäivitys Windows XP:lle (KB924496) Suojauspäivitys Windows XP:lle (KB924667) Suojauspäivitys Windows XP:lle (KB925454) Suojauspäivitys Windows XP:lle (KB925486) Suojauspäivitys Windows XP:lle (KB925902) Suojauspäivitys Windows XP:lle (KB926255) Suojauspäivitys Windows XP:lle (KB926436) Suojauspäivitys Windows XP:lle (KB927779) Suojauspäivitys Windows XP:lle (KB927802) Suojauspäivitys Windows XP:lle (KB928090) Suojauspäivitys Windows XP:lle (KB928255) Suojauspäivitys Windows XP:lle (KB928843) Suojauspäivitys Windows XP:lle (KB929123) Suojauspäivitys Windows XP:lle (KB929969) Suojauspäivitys Windows XP:lle (KB930178) Suojauspäivitys Windows XP:lle (KB931261) Suojauspäivitys Windows XP:lle (KB931768) Suojauspäivitys Windows XP:lle (KB931784) Suojauspäivitys Windows XP:lle (KB932168) Suojauspäivitys Windows XP:lle (KB933566) Suojauspäivitys Windows XP:lle (KB933729) Suojauspäivitys Windows XP:lle (KB935839) Suojauspäivitys Windows XP:lle (KB935840) Suojauspäivitys Windows XP:lle (KB936021) Suojauspäivitys Windows XP:lle (KB937143) Suojauspäivitys Windows XP:lle (KB938127) Suojauspäivitys Windows XP:lle (KB938829) Suojauspäivitys Windows XP:lle (KB939653) Suojauspäivitys Windows XP:lle (KB941202) Suojauspäivitys Windows XP:lle (KB941568) Suojauspäivitys Windows XP:lle (KB941644) Suojauspäivitys Windows XP:lle (KB941693) Suojauspäivitys Windows XP:lle (KB942615) Suojauspäivitys Windows XP:lle (KB943055) Suojauspäivitys Windows XP:lle (KB943460) Suojauspäivitys Windows XP:lle (KB943485) Suojauspäivitys Windows XP:lle (KB944338) Suojauspäivitys Windows XP:lle (KB944533) Suojauspäivitys Windows XP:lle (KB944653) Suojauspäivitys Windows XP:lle (KB945553) Suojauspäivitys Windows XP:lle (KB946026) Suojauspäivitys Windows XP:lle (KB947864) Suojauspäivitys Windows XP:lle (KB948590) Suojauspäivitys Windows XP:lle (KB948881) Suojauspäivitys Windows XP:lle (KB950749) Suojauspäivitys Windows XP:lle (KB950759) Suojauspäivitys Windows XP:lle (KB950760) Suojauspäivitys Windows XP:lle (KB950762) Suojauspäivitys Windows XP:lle (KB951376) Suojauspäivitys Windows XP:lle (KB951376-v2) Suojauspäivitys Windows XP:lle (KB951698) Suojauspäivitys Windows XP:lle (KB951748) SymNet TVUPlayer 2.3.0.0 Update for Windows XP (KB953356) URUSoft ViPlay URUSoft ViPlay3 Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892050 Windows XP Hotfix - KB893066 WinRAR-pakkausohjelma
Norttonin poistotyökalu Toimi ohjeiten mukaan ===================== Poista lisää poista sovelutuksesta Messenger Plus! Live & Sponsor (CiD) ===================== Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen. Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi =============== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ====================== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Kone ei suostu asentamaan tuota nortonin poistotyökalua. Vaan valittaa jostain uudelleensijoitetusta user32.dll tiedostosta.
No tee nuo muut ensin ja viimisenä uusi hjt:n loki scannaten Jätetään vielä se poistotyökalu käyttämättä / asentamatta.
Ensimmäinen loki lisää tulossa, kunhan kerkeän. Malwarebytes' Anti-Malware 1.27 Tietokantaversio: 1127 Windows 5.1.2600 Service Pack 2 26.9.2008 13:41:25 mbam-log-2008-09-26 (13-41-25).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|) Tarkistetut kohteet: 160532 Kulunut aika: 1 hour(s), 50 minute(s), 22 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 4 Saastuneita rekisteriavaimia: 16 Saastuneita rekisteriarvoja: 3 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 141 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\cbXomMGy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hqxljmdo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\smoxmu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qoMeDVMf.dll (Trojan.FakeAlert) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b3d7b10-2f07-430f-a7ba-8d235e864619} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6b3d7b10-2f07-430f-a7ba-8d235e864619} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomedvmf (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e70ca76-429f-4afb-8488-7adb4110a80a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{9e70ca76-429f-4afb-8488-7adb4110a80a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\07f66045 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.FakeAlert) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm04c553d9 (Trojan.Agent) -> Delete on reboot. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxommgy -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxommgy -> Delete on reboot. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\smoxmu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qoMeDVMf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cbXomMGy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yGMmoXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yGMmoXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cgorakcx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xckarogc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hpuidmoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iomdiuph.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hqxljmdo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\odmjlxqh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcannmtw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wtmnnack.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mjdpjguv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vugjpdjm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ptinrevm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mvernitp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qbstioac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\caoitsbq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qedrhsmr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rmshrdeq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmcvvgso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\osgvvcmx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temp\jkcepoou.VIR (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5L0ZCSEO\64q33[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\JCX4BH1O\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OP6BSPY3\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0218014.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0221014.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP334\A0221015.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP336\A0222071.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222399.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222400.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0222401.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP339\A0223399.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP340\A0228398.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0235420.exe (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0235421.dll (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237614.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237615.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237616.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237617.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP342\A0237618.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahilmful.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anuwlxkn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\auxdpmhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdghky.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\beirkftr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bkgtne.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\boywgquh.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cevmbwbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ckbmscga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\croxseqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ctoszv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cwlrge.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dqhmbmqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\draarakp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dsasbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwxulf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ebluue.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ehucovwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eqbvcqtg.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\evjxfhxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fueanfvf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gkecuuyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\glwhiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hcclymno.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdtqla.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hrsnjmip.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ieywhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ifnfum.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\imvrxsvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ioqinckq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jdsijhqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jjzvnu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jwbbqnfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldjhwcwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJyxWqP.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lplqvpev.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lqcfmvpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ltismf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mojntfye.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mvonuosj.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ncxnburo.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nltprqkt.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnyblej.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nyjbtrpl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oevcss.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ogeiwtaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojasdwwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojhrmkhi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\otygykjl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfaxwtnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pifhejyv.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pwfontqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qcglikpl.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qcuhmvyk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qkirgkph.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qkiuyvkr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qlgaylgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qqenbvyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qshisuur.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qvwfphny.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rnwmgpsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rolwqlhb.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwdakebg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwwsrltr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sgpjkwnn.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sppaaqsh.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\srvmlc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssomrbkf.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\takcklpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tqnrlfgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ttotwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuwwmuhj.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tvaaib.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uxckvmui.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uxdpas.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uxefzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vvghbrno.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wdivhlkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wrlqgrsl.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wrshiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wxlinkyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wyltmikl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xdjcsfnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xtiaxorj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxcwvbba.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yaemlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yajramgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yeluojth.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ystlfcjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yujtqybq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zjjmkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zqznch.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fikaqbnc.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM04c553d9.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM04c553d9.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Combifixin logi: ComboFix 08-09-25.05 - Compaq_Omistaja 2008-09-26 13:59:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.156 [GMT 3:00] Sijainti: C:\Documents and Settings\Compaq_Omistaja\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Uusi palautuspiste luotu . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM04c553d9.txt C:\WINDOWS\pskt.ini C:\WINDOWS\system32\afjbdtqw.dll C:\WINDOWS\system32\batade.dll C:\WINDOWS\system32\cbXomMGy.dll C:\WINDOWS\system32\cgalui.dll C:\WINDOWS\system32\debjtvkw.dll C:\WINDOWS\system32\fjaobgcl.dll C:\WINDOWS\system32\gyuxwwyd.dll C:\WINDOWS\system32\icxbshog.dll C:\WINDOWS\system32\kfadcgln.dll C:\WINDOWS\system32\mpfjlc.dll C:\WINDOWS\system32\naodhxih.dll C:\WINDOWS\system32\nonbzn.dll C:\WINDOWS\system32\orzypv.dll C:\WINDOWS\system32\owingnnd.dll C:\WINDOWS\system32\pbiymatf.dll C:\WINDOWS\system32\puuycjil.dll C:\WINDOWS\system32\qoMeDVMf.dll C:\WINDOWS\system32\qxmudncy.dll C:\WINDOWS\system32\rnmqbv.dll C:\WINDOWS\system32\rovbsq.dll C:\WINDOWS\system32\uuaycz.dll C:\WINDOWS\system32\vtqahwgp.dll C:\WINDOWS\system32\ykqazt.dll D:\Autorun.inf . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-26 to 2008-09-26 ))))))))))))))))) . 2008-09-26 14:15 . 2008-09-26 14:15 22 --a------ C:\WINDOWS\pskt.ini 2008-09-26 14:00 . 2008-09-26 14:00 0 --a------ C:\WINDOWS\BM04c553d9.xml 2008-09-25 11:35 . 2008-09-25 11:35 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Malwarebytes 2008-09-25 11:33 . 2008-09-25 11:34 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-25 11:33 . 2008-09-25 11:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-25 11:33 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-25 11:33 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-25 11:16 . 2008-09-25 11:16 112,128 --------- C:\WINDOWS\system32\smoxmu.dll 2008-09-25 11:15 . 2008-09-25 11:15 98,816 --------- C:\WINDOWS\system32\fikaqbnc.dll 2008-09-22 01:52 . 2008-09-25 01:41 893,860 ---hs---- C:\WINDOWS\system32\xpvfswhb.ini 2008-09-21 20:31 . 2008-09-21 20:31 <KANSIO> d-------- C:\Program Files\CCleaner 2008-09-21 14:41 . 2008-09-21 14:41 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-09-21 14:11 . 2008-09-21 14:11 113,152 --a------ C:\WINDOWS\system32\uhkylcyr.dll 2008-09-21 14:11 . 2008-09-21 14:11 113,152 --a------ C:\WINDOWS\system32\ecxahm.dll 2008-09-21 14:11 . 2008-09-21 14:11 97,792 --a------ C:\WINDOWS\system32\qnmtisdf.dll 2008-09-19 19:01 . 2008-09-19 19:01 <KANSIO> d-------- C:\Program Files\Lavasoft 2008-09-19 19:01 . 2008-09-19 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-19 18:56 . 2008-09-19 18:56 112,640 --a------ C:\WINDOWS\system32\gmkwhr.dll 2008-09-19 18:56 . 2008-09-19 18:56 112,640 --a------ C:\WINDOWS\system32\eiqgmeog.dll 2008-09-19 18:54 . 2008-09-21 14:13 414 ---hs---- C:\WINDOWS\system32\lerjgujd.ini 2008-09-19 18:52 . 2008-09-19 18:52 97,280 --a------ C:\WINDOWS\system32\ituprxle.dll 2008-09-19 18:51 . 2008-09-19 18:51 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-04 12:08 . 2008-09-04 12:08 <KANSIO> d-------- C:\MicroGaming 2008-08-29 15:39 . 2008-09-06 14:27 3,940,434 ---hs---- C:\WINDOWS\system32\jshxsyrf.ini 2008-08-28 01:40 . 2008-08-29 02:53 1,447,729 ---hs---- C:\WINDOWS\system32\xasmaepk.ini 2008-08-27 01:46 . 2008-08-27 01:47 1,463,848 ---hs---- C:\WINDOWS\system32\qevoyvia.ini 2008-08-26 22:20 . 2008-09-24 18:00 <KANSIO> d-------- C:\Program Files\Norton Security Scan 2008-08-26 22:19 . 2008-08-27 13:22 <KANSIO> d-------- C:\WINDOWS\system32\Adobe 2008-08-26 01:49 . 2008-08-26 01:49 1,463,183 ---hs---- C:\WINDOWS\system32\boaoasde.ini . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 11:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-25 08:32 --------- d-----w C:\Program Files\MSN Messenger 2008-09-24 20:01 --------- d-----w C:\Documents and Settings\Compaq_Omistaja\Application Data\uTorrent 2008-08-24 18:49 --------- d-----w C:\Documents and Settings\Compaq_Omistaja\Application Data\Hamachi 2008-08-21 15:27 --------- d-----w C:\Program Files\Hamachi 2008-08-21 15:22 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-08-05 23:14 --------- d-----w C:\Program Files\DC++ 2008-07-10 00:15 111,615 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_09_01_31_53_small.dmp.zip 2008-07-10 00:15 110,669 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_09_19_25_08_small.dmp.zip 2008-05-12 20:57 296 ----a-w C:\Documents and Settings\Compaq_Omistaja\Application Data\wklnhst.dat 2004-03-19 10:53 1,107,022 ----a-w C:\Program Files\SubtitleWorkshop251.exe . ------- Sigcheck ------- 2007-06-13 16:22 1882112 65055edcaf16a1bbf98a2a1c80756844 C:\WINDOWS\explorer.exe 2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-09-15 00:00 1881088 cd888f6ea13ccd8499cdcdcd6faf81c0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 16:22 1882112 65055edcaf16a1bbf98a2a1c80756844 C:\WINDOWS\system32\dllcache\explorer.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 663552] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 249896] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "BM04c553d9"="C:\WINDOWS\system32\fikaqbnc.dll" [2008-09-25 98816] C:\Documents and Settings\Compaq_Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ PowerReg Scheduler V3.exe [2006-11-04 225280] PowerReg Scheduler.exe [2006-11-04 256000] Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885] Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=smoxmu.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"= "C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"= "C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe"= "C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe"= "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat"= "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"= "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"= R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2007-01-11 11008] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-09-26 2560] R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-09-15 12672] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608] *Newly Created Service* - COMHOST . 'Ajoitetut tehtävät'-kansion sisältö . - - - - POISTETUT JÄMÄRIVIT - - - - BHO-{6E6B0BB9-540A-4C65-9454-8F213AB60C84} - C:\WINDOWS\system32\cbXomMGy.dll BHO-{905A01D4-0D75-49CD-AAD4-8911857FCAA2} - C:\WINDOWS\system32\whasttrh.dll HKCU-Run-Steam - (no file) HKLM-Run-PCDrProfiler - (no file) Notify-WgaLogon - (no file) . ------- Täydentävä tarkistus ------- . FireFox -: Profile - C:\Documents and Settings\Compaq_Omistaja\Application Data\Mozilla\Firefox\Profiles\ieyjmh8b.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 14:13:55 Windows 5.1.2600 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- Prosesseihin ladatut DLLt --------------------- PROSESSI: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll -> C:\WINDOWS\system32\fikaqbnc.dll . ------------------------ Muut prosessit ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe . ************************************************************************** . Valmistumisajankohta: 2008-09-26 14:23:42 - kone käynnistettiin uudelleen ComboFix-quarantined-files.txt 2008-09-26 11:23:27 Ennen ajoa: 11ÿ522ÿ490ÿ368 tavua vapaana Ajon jälkeen: 12,064,256,000 tavua vapaana 207 --- E O F --- 2008-07-10 10:51:07
SDFix: Version 1.229 Run by Compaq_Omistaja on pe 26.09.2008 at 17:40 Microsoft Windows XP [versio 5.1.2600] Running From: C:\Documents and Settings\Compaq_Omistaja\Ty”p”yt„\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\pskt.ini - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 17:51:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:203a31e5 "s2"=dword:68df6a78 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ec,56,8e,64,b3,7f,8e,90,4f,c1,e0,0b,ca,ae,0d,7c,3d,58,51,10,21,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b6,27,d7,3b,df,8e,3a,39,e2,c6,8d,a9,66,0b,0f,33,b8,.. "khjeh"=hex:48,44,03,ca,ad,c6,ba,44,08,e5,2a,da,83,19,1c,88,15,7a,95,1c,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:16,0c,c0,68,0f,d5,3e,d0,d6,1b,52,40,1a,ef,d7,79,9e,7e,ec,49,68,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ec,56,8e,64,b3,7f,8e,90,4f,c1,e0,0b,ca,ae,0d,7c,3d,58,51,10,21,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b6,27,d7,3b,df,8e,3a,39,e2,c6,8d,a9,66,0b,0f,33,b8,.. "khjeh"=hex:48,44,03,ca,ad,c6,ba,44,08,e5,2a,da,83,19,1c,88,15,7a,95,1c,f8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:16,0c,c0,68,0f,d5,3e,d0,d6,1b,52,40,1a,ef,d7,79,9e,7e,ec,49,68,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"="C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe:*:Enabled:ClientMgr3" "C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"="C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe:*:Enabled:Aoss" "C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe"="C:\\Program Files\\firc\\FinnishIRC XP\\FIRC.exe:*:Enabled:FIRC" "C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nikolol\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm)\\ra95.dat:*:Enabled:ra95" "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2" "C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"="C:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge" "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser" "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component" "C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"="C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE:*:Enabled:Operation Flashpoint" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\COMPAQ~1\TYPYT~1\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 10 Aug 2006 213 A.SHR --- "C:\BOOT.BAK" Fri 26 Sep 2008 825 A.SH. --- "C:\WINDOWS\system32\mmf.sys" Sat 19 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\91671d33fbb0a8b5168be907aaf53cb2\BIT1.tmp" Finished! hjt logi tulee aamulla töitten jälkeen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:36:57, on 27.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe C:\WINDOWS\runservice.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\wuauclt.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\fikaqbnc.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O20 - AppInit_DLLs: smoxmu.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9011 bytes
Sain norttonin poistotyökälun toimimaan ja poistin norttonin joten uusi hjt logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:48, on 30.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe C:\WINDOWS\runservice.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\WINDOWS\system32\wuauclt.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Opera\opera.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.fi/vista R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=63&bd=PRESARIO&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BM04c553d9] Rundll32.exe "C:\WINDOWS\system32\fikaqbnc.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O20 - AppInit_DLLs: smoxmu.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe -- End of file - 6915 bytes
