Eli tällaisen onnistuin saamaan koneeseeni. AVG löytää sen ja laittaa virus-vaulttiin, mutta AVG Anti-spyware ei löydä kyseistä trojania, vaikka filen ottaisikin pois vaultista ja uudelleen suorittaisi scanin anti-spywarella! ja vaikka virus onkin vaultissa, niin kone ei silti kyllä pelitä täysillä, vaan hidsteluja esiintyy ja oikeaan alakulmaan tulee aina koneen käynnistäessä security warning: your comp may be harmed jne...Mitä pitäs tehä?
Jos kyseessä on virus niin Anti-spyware ei välttämättä sitä tunnista. kokeile kumminkin vielä online scanni
Siis online scan kyseisten ohjelmien valikosta vai eri valmistajien sivuilta? Kokeilin koneen laittamista vika sietotilaan, muttei tuo AVG(siis tavallinen) suostunut poistamaan Trojania virusholvistaan
Tässä tuo logini. Ja tiedosto missä AVG:n virus-vault sen ilmoittaa olevaksi: C:\program files\Common Files\} 3434c091F-0707....... ja filename on activate.exe..jos noista nyt mtn hyötyä on... Logfile of HijackThis v1.99.1 Scan saved at 17:42:05, on 8.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE C:\DOCUMENTS AND SETTINGS\ALE\MY DOCUMENTS\My Downloads\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll O2 - BHO: (no name) - {B4039C15-2A49-4130-B704-5DED6CC0FAB8} - C:\WINDOWS\system32\vtutr.dll O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing) O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvros.dll,startup O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
Lataa VundoFix.exe työpöydällesi. [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen. [*]Klikkaa Scan for Vundo valintaa. [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa. [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES. [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Vundo on tehnyt nyt poistamista yli tunnin?Tämä ilmeisesti normaalia...Minun ei siis tarvitse "vapauttaa" virusta AVG:n virusvaultista ennen seuraavaa logia ja wundon "logia", vaan...
Ei ole normaalia. Jos ei toimi niin sammuta avg antispywaren guard ja kokeile uudestaan. Jollei toimi niinkään niin tuo saadaan muutenkin kyllä pois, älä siitä huoli
Eli toimi vundo kun sammutin tuon anti-sw:n, eikä uudelleenkäynnistyksen yhteydessä uudestaan tehnyt samaa prosessia. Windows ilmoitti tosin jostain Run time errorista(dll. error win32 tiedostossa muistaakseni.. tässä nyt nuo uudet...Niin ja ei ilmoittanut enää W oikeassa alakulmassa haitallisista ohjelmista jne. Jota se teki ennen vundoa... Mutta AVG:n virus-vaultissa on nyt kaks virusta (tai trojania): eli tuo TH generic ja uusi TH downloader.zlob.EUN sen hakemistopolku on C\WIndows\system32\ismini.exe Logfile of HijackThis v1.99.1 Scan saved at 11:08:03, on 9.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\dc6_startupmon.exe C:\Program Files\Common Files\ers_startupmon.exe C:\Program Files\Common Files\dc6_startupmon.exe C:\Program Files\Common Files\ers_startupmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing) O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing) O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing) O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing) O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe" O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe Java version is 1.5.0.5 Scan started at 18:35:47 8.11.2006 Listing files found while scanning.... C:\WINDOWS\system32\pqvgchg.dll C:\WINDOWS\system32\wrivjsi.dll C:\WINDOWS\system32\vtutr.dll C:\WINDOWS\system32\rtutv.ini C:\WINDOWS\system32\rtutv.bak1 C:\WINDOWS\system32\rtutv.bak2 Beginning removal... VundoFix V6.2.8 Checking Java version... Java version is 1.5.0.5 Scan started at 10:59:36 9.11.2006 Listing files found while scanning.... C:\WINDOWS\system32\pqvgchg.dll C:\WINDOWS\system32\wrivjsi.dll C:\WINDOWS\system32\vtutr.dll C:\WINDOWS\system32\rtutv.ini C:\WINDOWS\system32\rtutv.bak1 C:\WINDOWS\system32\rtutv.bak2 Beginning removal... Attempting to delete C:\WINDOWS\system32\pqvgchg.dll C:\WINDOWS\system32\pqvgchg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wrivjsi.dll C:\WINDOWS\system32\wrivjsi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutr.dll C:\WINDOWS\system32\vtutr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rtutv.ini C:\WINDOWS\system32\rtutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rtutv.bak1 C:\WINDOWS\system32\rtutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rtutv.bak2 C:\WINDOWS\system32\rtutv.bak2 Has been deleted! Performing Repairs to the registry. Done!
1. Lataa combofix.exe tiedosto työpöydällesi. 2. Käynnistä-valikko -> Suorita -> kopioi seuraava kenttään ja paina Enter: "%userprofile%\työpöytä\combofix.exe" /v awtuvsq 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. 4.Käynnistä tietokoneesi uudelleen Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Poista ohjauspaneelista WinAntivirus 2006 Fixaa nämä: O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing) O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing) O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing) O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing) O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing) O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe" O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe" O4 - Startup: PowerReg Scheduler V3.exe O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing) O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe[/b] Käynnistä vikasietotilaan ja poista: C:\Program Files\WinAntiVirus Pro 2006 C:\Program Files\Common Files\ers_startupmon.exe C:\Program Files\Common Files\dc6_startupmon.exe C:\WINDOWS\system32\wrivjsi.dll Tyhjennä roskis Käynnistä uudelleen. Lähetä uusi HjT-loki ja combofixin raportti.
hmm siis tarkoititko että combofixin käynnistämisen jälkeen suoritan tuon komennon? Jos yritän sitä suorittaa ennen combofixin käynnistämistä, niin vastaus on suurinpiirtein tällainen:C\documents and settings\Ale\työpöytä refers to a location that is unavailable. Fixaamisella tarkoitat combofixin avulla fixaamista vai? Entä tuo poistaminen? Aivan normaalisti vikasietotilassa poistan tiedostot(pl. winantivirus ohjauspaneelista remove programilla..) , ei sen ihmeempää?
En tarkoita Homma menee tarkalleen näin. 1. Combofixin pitää olla työpöydällä. Jos se ei ole, siirrä se sinne. 2. Käynnistä-valikko -> Suorita -> kopioi seuraava teksti kenttään ja paina Enter: eli tästä -> "%userprofile%\työpöytä\combofix.exe" /v awtuvsq <- tähän kaikki teksti tarkalleen noin Poistat WinAntivirus 2006 Ohjauspaneelin lisää/poista sovellus-kohdasta Fixaaminen: Avaa HijackThis, klikkaa do a system scan only, merkkaa mainitut rivit ja paina fix checked.
Ei ,ei ei onnistu vaan Työpöytähän on vain- ja ainoastaan tämä "näkymä" winodwsista ja kuvakkeista.sekä desktop nimellä oleva kansio. Koska se on siinä ollut, mutta silti ei kone suostu komentoa suorittamaan vaan toteaa edelleen ettei sitä löydy, vaikka tuo combofix.exen siirsin sieltä mihin kone sen latasi suoraan tuohon työpöydälle. Kone vain väittää ettei sitä löydä, vaikka omin silmin sen näkee olevan tuossa. Väittää edelleen että C:\.....\työpöytä refers to a location that is unavailable. ...jnejne
Yllä sitä osaa olla tyhmä Tässä tuo combofixin logi nyt ennen noita muita toimenpiteitä... Ale - 06-11-09 22:37:55.90 Service Pack 2 ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop" Command switches used :: /v awtuvsq (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\awtuvsq.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 )))))))))))))))))))))))))))))))))) 2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe 2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE 2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe 2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe 2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe 2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe 2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe 2006-11-09 11:22 547,544 ---hs---- C:\WINDOWS\system32\qtvwa.bak1 2006-11-09 11:21 692,276 ---hs---- C:\WINDOWS\system32\awvtq.dll 2006-11-08 21:23 46,592 --a------ C:\WINDOWS\system32\drivers\FOPN.sys 2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll 2006-11-08 21:22 8,448 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys 2006-11-08 21:22 6,144 --a------ C:\WINDOWS\system32\stera.exe 2006-11-08 21:22 21,888 --a------ C:\WINDOWS\system32\drivers\vspf5.sys 2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-06 20:17 110,612 --a------ C:\WINDOWS\system32\hhhwjljq.exe 2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys 2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-09 22:32 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype 2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-09 18:44 -------- d-------- C:\Program Files\WinAntiVirus Pro 2006 2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006 2006-11-09 14:16 -------- d-------- C:\Program Files\Common Files 2006-11-08 23:13 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus 2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log 2006-11-08 21:22 -------- d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2006 2006-11-07 20:07 -------- d-------- C:\Program Files\VSAdd-in 2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft 2006-11-06 20:09 -------- d-------- C:\Program Files\DC++ 2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000 2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp 2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft 2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech 2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech 2006-10-11 15:31 163840 --a------ C:\Program Files\Common Files\ers_startupmon.exe 2006-10-11 15:27 192512 --a------ C:\Program Files\Common Files\dc6_startupmon.exe 2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming 2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-25 16:32 -------- d-------- C:\Program Files\Skype 2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM 2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office 2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System 2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe 2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech 2006-09-10 13:09 -------- d-------- C:\Program Files\Google 2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google 2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe 2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe 2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PowerBar"="" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s" "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\"" "CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe" "wrivjsi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\wrivjsi.dll,ksmddaf" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "WinAntiVirusPro2006"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min" "DC6"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\" /min" "ERS"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\" /min" "DC6_check"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\"" "ERS_check"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-09 22:40:14.21 C:\ComboFix.txt ... 06-11-09 22:40 C:\ComboFix2.txt ... 06-11-09 14:16
eli nyt tein nuo asiat paitsi: Hijackin scanissa ei näkynyt 03 - toolbar:toolbar 888 ollenkaan, joten en sitä fixannut. system32\wrivjsi.dll ei löytynyt, kun sitä yritin vikasietotilassa poistaa, sama koskee common f\ers.startupmon.exeä ja dc6.startupmon.exeä.Kaikkia ihan jopa searchilla etsin, kun ei muuten näkynyAVG Anti spyware ilmoitti uuden viruksen hyök, torjui ja siirsi holviin/jossa on se kolme tällä hetkellä): samaa muotoa kuin tuo otsikon torjani paitsi .GGN loppuinen. tässä uusin HJT-logi Logfile of HijackThis v1.99.1 Scan saved at 23:22:18, on 9.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {D1F40B7F-D5BD-49EF-8EC5-9D94D704B1B2} - C:\WINDOWS\system32\awvtq.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
Vundo tuli takas, ikävä kyllä Poista nämä: C:\WINDOWS\system32\hhhwjljq.exe C:\Program Files\WinAntiVirus Pro 2006 C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006 C:\Program Files\Common Files\WinAntiVirus Pro 2006 C:\Program Files\Common Files\ers_startupmon.exe C:\Program Files\Common Files\dc6_startupmon.exe C:\Program Files\VSAdd-in Nyt aja combofix näin: "%userprofile%\desktop\combofix.exe" /v awvtq Lähetä uusi HjT-loki ja combofixin loki.
jjeps, eli viimesimmät... Winantiviruksen poistin jo viimeksi, kun käskit..ei löytynyt application datasta jne. tietoja siitä. Edelleenkään näitä common files\ers_startupmon.exe ja dc6_startupmon.exe en löytänyt..(folderin asetuksista laitoin kyllä, että näyttää piilotetut jne. kansiot myös).. Yksi uusi trojan taas ilmestyi. Downloader-muotoa tällä kertaa. Ale - 06-11-10 17:00:44,73 Service Pack 2 ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop" Command switches used :: /v awvtq (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\awvtq.dll C:\WINDOWS\system32\qtvwa.bak1 C:\WINDOWS\system32\qtvwa.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 )))))))))))))))))))))))))))))))))) 2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe 2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE 2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe 2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe 2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe 2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe 2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe 2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll 2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys 2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-10 16:49 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype 2006-11-10 14:02 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus 2006-11-09 23:12 -------- d-------- C:\Program Files\Common Files 2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006 2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log 2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft 2006-11-06 20:09 -------- d-------- C:\Program Files\DC++ 2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000 2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp 2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft 2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech 2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech 2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming 2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-25 16:32 -------- d-------- C:\Program Files\Skype 2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM 2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office 2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System 2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe 2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech 2006-09-10 13:09 -------- d-------- C:\Program Files\Google 2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google 2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe 2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe 2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PowerBar"="" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s" "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\"" "CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-10 17:02:47.23 C:\ComboFix.txt ... 06-11-10 17:02 C:\ComboFix2.txt ... 06-11-09 22:40 C:\ComboFix3.txt ... 06-11-09 14:16 Logfile of HijackThis v1.99.1 Scan saved at 17:03:58, on 10.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.sf-anytime.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm . Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti). Lähetä myös uusi HjT-loki.
Asennus onnistuu, mutta en saa päivitettyä eScania Koetin kiinni laittaa Avgt, koetin kerion firewallinkin sammuttaa, mutta silti kun ajan tuon kavupd.exen, niin tulee vaan failed-ilmoitus. Tavalla 2 ei Escan aukea(jota siinä neuvotaan odottamaan), vaikka kuinka odotan Onko ongelma siellä päässä..vai?