Troijalaisia koneella...

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by japo82, May 25, 2008.

  1. japo82

    japo82 Guest

    Troijalaisia koneella 10 poistin mut tulee koko ajan takaisin.


    Logfile of HijackThis v1.99.1
    Scan saved at 14:52:29, on 25.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS.0\winself.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\Microsoft\dtsc\23403.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-fin.exe
    d:\5323342ca27084c3860db387\update\iesetup.exe
    C:\WINDOWS.0\system32\drwtsn32.exe
    C:\WINDOWS.0\system32\drwtsn32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\vbpdtvdp.exe,
    O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
    O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
    O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
    O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
    O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
    O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
    O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
    O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
    O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
    O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
    O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
    O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
    O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
    O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
    O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
    O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
    O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
    O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
    O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\Microsoft\dtsc\23403.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: jkkLBuUm - jkkLBuUm.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS.0\winself.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe



    lueskelin noita juttuja ja ajoin koneelle Malwarebytes' Anti-Malware 1.12

    Tässä Loki siitä

    Malwarebytes' Anti-Malware 1.12
    Tietokantaversio: 786

    Tarkistustyyppi: Pikatarkistus
    Tarkistetut kohteet: 43528
    Kulunut aika: 5 minute(s), 9 second(s)

    Saastuneita muistiprosesseja: 1
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 1
    Saastuneita rekisteriarvoja: 2
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 4

    Saastuneita muistiprosesseja:
    C:\WINDOWS.0\winself.exe (Trojan.Agent) -> Unloaded process successfully.

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\Microsoft\dtsc\23403.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS.0\winself.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\rqRLdAqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
     
    Last edited by a moderator: May 25, 2008
    japo82, May 25, 2008
    #1
  2. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
    Hujo, May 26, 2008
    #2
  3. japo82

    japo82 Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 16:07:44, on 26.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\Program Files\Opera\Opera.exe
    C:\HJT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: jkkLBuUm - jkkLBuUm.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe



    KIITOKSIA taasen paljon
     
    japo82, May 26, 2008
    #3
  4. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    ZoneAlarm Spy Blocker

    Poista kansio vikasiedossa.

    C:\Program Files\ZoneAlarmSB


    ===========

    Scannaa hjt:llä merkkaa paina Fix checked

    O20 - Winlogon Notify: jkkLBuUm - jkkLBuUm.dll (file missing)

    ===========

    Lataa TÄSTÄ VundoFix.exe työpöydällesi.

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    =============

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, May 26, 2008
    #4
  5. japo82

    japo82 Guest

    ComboFix 08-05-25.5 - Arto 2008-05-26 18:20:55.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.588 [GMT 3:00]
    Running from: C:\Documents and Settings\Arto.APO-3E19018AE77\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS.0\default.htm
    C:\WINDOWS.0\explore.exe
    C:\WINDOWS.0\iexplorer.exe
    C:\WINDOWS.0\mainms.vpi
    C:\WINDOWS.0\megavid.cdt
    C:\WINDOWS.0\muotr.so
    C:\WINDOWS.0\system32\MSINET.oca
    C:\WINDOWS.0\x.exe
    C:\WINDOWS.0\y.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSSECURITY1.209.4


    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-26 to 2008-05-26 )))))))))))))))))
    .

    2008-05-26 17:51 . 2008-05-26 17:51 <KANSIO> d-------- C:\VundoFix Backups
    2008-05-26 17:43 . 2008-05-26 17:43 <KANSIO> d-------- C:\Documents and Settings\J&#8222;rjestelm&#8222;nvalvoja.APO-3E19018AE77
    2008-05-25 21:13 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS.0\system32\ff_vfw.dll
    2008-05-25 21:13 . 2006-08-05 12:06 547 --a------ C:\WINDOWS.0\system32\ff_vfw.dll.manifest
    2008-05-25 20:45 . 2008-05-25 20:45 1,374 --a------ C:\WINDOWS.0\imsins.BAK
    2008-05-25 20:31 . 2008-05-25 20:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-25 20:31 . 2008-05-25 20:31 <KANSIO> d-------- C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\Malwarebytes
    2008-05-25 20:31 . 2008-05-25 20:31 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
    2008-05-25 20:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS.0\system32\drivers\mbamcatchme.sys
    2008-05-25 20:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
    2008-05-25 18:04 . 2008-05-25 18:04 <KANSIO> d--h----- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\CanonBJ
    2008-05-25 18:04 . 2006-03-26 21:00 161,792 --a------ C:\WINDOWS.0\system32\CNMLM83.DLL
    2008-05-25 18:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS.0\system32\drivers\usbscan.sys
    2008-05-25 18:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS.0\system32\dllcache\usbscan.sys
    2008-05-25 17:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS.0\system32\drivers\usbprint.sys
    2008-05-25 17:53 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS.0\system32\dllcache\usbprint.sys
    2008-05-25 17:52 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS.0\system32\drivers\usbccgp.sys
    2008-05-25 17:52 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS.0\system32\dllcache\usbccgp.sys
    2008-05-25 17:48 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS.0\system32\dllcache\usbstor.sys
    2008-05-25 17:35 . 2008-05-25 17:35 0 --a------ C:\23990098.$$$
    2008-05-25 14:58 . 2008-05-25 14:58 <KANSIO> d-------- C:\Bases
    2008-05-25 14:57 . 2008-05-25 14:57 <KANSIO> d-------- C:\Kaspersky
    2008-05-25 12:48 . 2008-05-25 19:06 <KANSIO> d--h----- C:\$AVG8.VAULT$
    2008-05-25 12:33 . 2008-05-25 12:33 <KANSIO> d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Application Data\AVGTOOLBAR
    2008-05-25 12:32 . 2008-05-26 15:55 <KANSIO> d-------- C:\WINDOWS.0\system32\drivers\Avg
    2008-05-25 12:32 . 2008-05-25 12:32 <KANSIO> d-------- C:\Program Files\AVG
    2008-05-25 12:32 . 2008-05-25 12:32 <KANSIO> d-------- C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\AVGTOOLBAR
    2008-05-25 12:32 . 2008-05-25 12:32 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8
    2008-05-25 12:32 . 2008-05-25 12:32 96,520 --a------ C:\WINDOWS.0\system32\drivers\avgldx86.sys
    2008-05-25 12:32 . 2008-05-25 12:32 75,272 --a------ C:\WINDOWS.0\system32\drivers\avgtdix.sys
    2008-05-25 12:32 . 2008-05-25 12:32 10,520 --a------ C:\WINDOWS.0\system32\avgrsstx.dll
    2008-05-25 11:49 . 2008-05-25 11:49 <KANSIO> d-------- C:\Program Files\Lavasoft
    2008-05-25 11:49 . 2008-05-25 11:50 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft
    2008-05-25 11:46 . 2008-05-25 11:46 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-25 11:27 . 2008-05-25 14:02 <KANSIO> d-------- C:\WINDOWS.0\system32\vntiho06
    2008-05-25 11:27 . 2008-05-25 11:27 <KANSIO> d-------- C:\Temp\vtmp2
    2008-05-25 11:27 . 2008-05-25 11:27 <KANSIO> d-------- C:\Temp
    2008-05-25 11:27 . 2008-05-25 11:27 <KANSIO> dr------- C:\Documents and Settings\LocalService.NT-HALLINTA\Suosikit
    2008-05-25 11:27 . 2008-05-25 11:27 4 --a------ C:\WINDOWS.0\system32\hljwugsf.bin
    2008-05-25 11:17 . 2008-05-25 11:35 <KANSIO> d-------- C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\DeepBurner
    2008-05-25 11:14 . 2008-05-25 11:14 <KANSIO> d-------- C:\Program Files\MSXML 6.0
    2008-05-25 10:44 . 2008-05-25 10:44 397 --a------ C:\WINDOWS.0\ODBC.INI
    2008-05-25 10:43 . 2008-05-25 10:43 <KANSIO> d-------- C:\WINDOWS.0\ShellNew
    2008-05-25 09:58 . 2008-05-25 09:58 <KANSIO> d-------- C:\Program Files\uTorrent
    2008-05-25 09:58 . 2008-05-25 14:48 <KANSIO> d-------- C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\uTorrent
    2008-05-25 09:03 . 2008-05-25 09:03 <KANSIO> d-------- C:\Documents and Settings\Arto.APO-3E19018AE77\Application Data\Winamp
    2008-05-25 00:35 . 2008-05-26 18:26 2,535,456 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox.dat
    2008-05-25 00:35 . 2008-05-26 18:24 31,688 --ahs---- C:\WINDOWS.0\system32\drivers\fidbox.idx
    2008-05-25 00:33 . 2008-05-25 00:33 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MailFrontier
    2008-05-25 00:32 . 2008-05-26 18:07 <KANSIO> d-------- C:\WINDOWS.0\Internet Logs
    2008-05-25 00:30 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS.0\system32\javacpl.cpl
    2008-05-25 00:25 . 2007-07-09 16:11 584,192 -----c--- C:\WINDOWS.0\system32\dllcache\rpcrt4.dll
    2008-05-25 00:25 . 2008-05-25 00:25 0 --a------ C:\WINDOWS.0\nsreg.dat
    2008-05-25 00:24 . 2008-05-25 20:45 <KANSIO> d--h----- C:\WINDOWS.0\$hf_mig$
    2008-05-25 00:20 . 2008-05-25 00:20 <KANSIO> d-------- C:\Program Files\Google
    2008-05-25 00:16 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS.0\system32\ati2sgag.exe
    2008-05-25 00:16 . 2008-05-25 00:16 1,020 --a------ C:\WINDOWS.0\ATICIM.INI
    2008-05-25 00:12 . 2008-05-25 00:12 <KANSIO> d-------- C:\Documents and Settings\ARTO~1~APO\LOCALS~1
    2008-05-25 00:12 . 2008-05-25 00:12 <KANSIO> d-------- C:\Documents and Settings\ARTO~1~APO
    2008-05-24 14:52 . 2008-05-24 15:00 <KANSIO> d-------- C:\Documents and Settings\Arto\Application Data\Winamp
    2008-05-14 16:30 . 2008-05-14 16:30 <KANSIO> d-------- C:\Program Files\Sun

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-25 18:13 --------- d-----w C:\Program Files\ffdshow
    2008-05-25 16:26 --------- d-----w C:\Program Files\Opera
    2008-05-25 10:20 --------- d-----w C:\Program Files\DOSBox-0.70
    2008-05-25 07:43 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-05-24 21:53 --------- d-----w C:\Program Files\CCleaner
    2008-05-24 21:30 --------- d-----w C:\Program Files\Java
    2008-05-24 19:53 --------- d-----w C:\Documents and Settings\Arto\Application Data\uTorrent
    2008-05-24 11:53 --------- d-----w C:\Program Files\Winamp
    2008-05-23 11:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-23 10:26 --------- d-----w C:\Program Files\Futuremark
    2008-03-30 18:26 17,936 ----a-w C:\Documents and Settings\Arto\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS.0\system32\mswstr10.dll
    2008-03-25 04:51 166,688 ----a-w C:\WINDOWS.0\system32\msjint40.dll
    2008-03-20 07:57 1,846,144 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-03-13 20:11 75,248 ----a-w C:\WINDOWS.0\zllsputility.exe
    2008-03-13 20:11 1,086,952 ----a-w C:\WINDOWS.0\system32\zpeng24.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-05-25 12:32 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-25 12:32 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-25 12:32 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12 131072]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NWEReboot"="" []
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-25 12:32 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide3"="cmd.exe" [2004-09-15 15:00 390656 C:\WINDOWS.0\system32\cmd.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-05-16 03:20]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS.0\system32\Drivers\avgldx86.sys [2008-05-25 12:32]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-05-16 03:16]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-25 12:32]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 12:32]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS.0\system32\Drivers\avgtdix.sys [2008-05-25 12:32]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-26 18:25:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\DOCUME~1\ARTO~1.APO\LOCALS~1\Temp\08e5d2ec-af25-469d-8a88-aba1507d767c.tmp 0 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS.0\system32\ati2evxx.exe
    C:\WINDOWS.0\system32\ati2evxx.exe
    C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-26 18:28:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-26 15:28:29

    Pre-Run: 3,680,010,240 tavua vapaana
    Post-Run: 4,428,369,920 tavua vapaana

    185 --- E O F --- 2008-05-25 17:45:13




    VundoFix V7.0.5

    Scan started at 17:51:18 26.5.2008

    Listing files found while scanning....

    No infected files were found.





    Logfile of HijackThis v1.99.1
    Scan saved at 18:30:43, on 26.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\explorer.exe
    C:\WINDOWS.0\system32\notepad.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS.0\system32\NOTEPAD.EXE
    C:\HJT\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe

     
    japo82, May 26, 2008
    #5
  6. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    =========

    kumpaas käytät avastia vai avg:tä
     
    Hujo, May 26, 2008
    #6
  7. japo82

    japo82 Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 19:01:43, on 26.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\Ati2evxx.exe
    C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\WINDOWS.0\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Opera\Opera.exe
    C:\HJT\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe



    AVG on nyt käytössä Avast meni pois jostain syystä en kyl ite sitä sammuttanu .....tähän asti on ollu avasti.


    Kiitoksia avusta
     
    japo82, May 26, 2008
    #7
  8. Hujo

    Hujo Guest

    Poista sitten avasti koneelta lisää poista sovelutuksesta

    poista kansio vikasiedossa.

    C:\Program Files\Alwil Software

    ===================

    avasti pitää rekisteröidä ja avastissa on uusin verasio 4.8
     
    Hujo, May 26, 2008
    #8

Share This Page