Trojan Horse Generic 2. EXO

Discussion in 'Virukset ja haittaohjelmat' started by Amao, Nov 7, 2006.

  1. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Eli tällaisen onnistuin saamaan koneeseeni. AVG löytää sen ja laittaa virus-vaulttiin, mutta AVG Anti-spyware ei löydä kyseistä trojania, vaikka filen ottaisikin pois vaultista ja uudelleen suorittaisi scanin anti-spywarella! ja vaikka virus onkin vaultissa, niin kone ei silti kyllä pelitä täysillä, vaan hidsteluja esiintyy ja oikeaan alakulmaan tulee aina koneen käynnistäessä security warning: your comp may be harmed jne...Mitä pitäs tehä?
     
  2. nObO2

    nObO2 Guest

    Jos kyseessä on virus niin Anti-spyware ei välttämättä sitä tunnista. kokeile kumminkin vielä online scanni
     
  3. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Siis online scan kyseisten ohjelmien valikosta vai eri valmistajien sivuilta? Kokeilin koneen laittamista vika sietotilaan, muttei tuo AVG(siis tavallinen) suostunut poistamaan Trojania virusholvistaan
     
  4. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Tässä tuo logini. Ja tiedosto missä AVG:n virus-vault sen ilmoittaa olevaksi: C:\program files\Common Files\} 3434c091F-0707....... ja filename on activate.exe..jos noista nyt mtn hyötyä on...

    Logfile of HijackThis v1.99.1
    Scan saved at 17:42:05, on 8.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\DOCUMENTS AND SETTINGS\ALE\MY DOCUMENTS\My Downloads\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll
    O2 - BHO: (no name) - {B4039C15-2A49-4130-B704-5DED6CC0FAB8} - C:\WINDOWS\system32\vtutr.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
    O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvros.dll,startup
    O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.sf-anytime.com
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll
    O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
     
  5. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Lataa VundoFix.exe työpöydällesi.
    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
  6. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Vundo on tehnyt nyt poistamista yli tunnin?Tämä ilmeisesti normaalia...Minun ei siis tarvitse "vapauttaa" virusta AVG:n virusvaultista ennen seuraavaa logia ja wundon "logia", vaan...
     
  7. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Ei ole normaalia. Jos ei toimi niin sammuta avg antispywaren guard ja kokeile uudestaan.

    Jollei toimi niinkään niin tuo saadaan muutenkin kyllä pois, älä siitä huoli :)
     
  8. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Eli toimi vundo kun sammutin tuon anti-sw:n, eikä uudelleenkäynnistyksen yhteydessä uudestaan tehnyt samaa prosessia. Windows ilmoitti tosin jostain Run time errorista(dll. error win32 tiedostossa muistaakseni.. tässä nyt nuo uudet...Niin ja ei ilmoittanut enää W oikeassa alakulmassa haitallisista ohjelmista jne. Jota se teki ennen vundoa... Mutta AVG:n virus-vaultissa on nyt kaks virusta (tai trojania): eli tuo TH generic ja uusi TH downloader.zlob.EUN sen hakemistopolku on C\WIndows\system32\ismini.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:03, on 9.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing)
    O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing)
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing)
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
    O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min
    O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.sf-anytime.com
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe



    Java version is 1.5.0.5

    Scan started at 18:35:47 8.11.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\pqvgchg.dll
    C:\WINDOWS\system32\wrivjsi.dll
    C:\WINDOWS\system32\vtutr.dll
    C:\WINDOWS\system32\rtutv.ini
    C:\WINDOWS\system32\rtutv.bak1
    C:\WINDOWS\system32\rtutv.bak2

    Beginning removal...

    VundoFix V6.2.8

    Checking Java version...

    Java version is 1.5.0.5

    Scan started at 10:59:36 9.11.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\pqvgchg.dll
    C:\WINDOWS\system32\wrivjsi.dll
    C:\WINDOWS\system32\vtutr.dll
    C:\WINDOWS\system32\rtutv.ini
    C:\WINDOWS\system32\rtutv.bak1
    C:\WINDOWS\system32\rtutv.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pqvgchg.dll
    C:\WINDOWS\system32\pqvgchg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wrivjsi.dll
    C:\WINDOWS\system32\wrivjsi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutr.dll
    C:\WINDOWS\system32\vtutr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtutv.ini
    C:\WINDOWS\system32\rtutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtutv.bak1
    C:\WINDOWS\system32\rtutv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtutv.bak2
    C:\WINDOWS\system32\rtutv.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

     
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    1. Lataa combofix.exe tiedosto työpöydällesi.
    2. Käynnistä-valikko -> Suorita -> kopioi seuraava kenttään ja paina Enter:
    "%userprofile%\työpöytä\combofix.exe" /v awtuvsq
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    4.Käynnistä tietokoneesi uudelleen
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    Poista ohjauspaneelista

    WinAntivirus 2006

    Fixaa nämä:

    O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing)
    O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing)
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing)
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min
    O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - Startup: PowerReg Scheduler V3.exe
    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
    O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe[/b]

    Käynnistä vikasietotilaan ja poista:

    C:\Program Files\WinAntiVirus Pro 2006
    C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\WINDOWS\system32\wrivjsi.dll

    Tyhjennä roskis

    Käynnistä uudelleen.

    Lähetä uusi HjT-loki ja combofixin raportti.



     
  10. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    hmm siis tarkoititko että combofixin käynnistämisen jälkeen suoritan tuon komennon? Jos yritän sitä suorittaa ennen combofixin käynnistämistä, niin vastaus on suurinpiirtein tällainen:C\documents and settings\Ale\työpöytä refers to a location that is unavailable. Fixaamisella tarkoitat combofixin avulla fixaamista vai? Entä tuo poistaminen? Aivan normaalisti vikasietotilassa poistan tiedostot(pl. winantivirus ohjauspaneelista remove programilla..) , ei sen ihmeempää?
     
  11. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    eli ei onnistu tuo komennon toteuttaminen combofixin suorittamisenkaan jälkeen..
     
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    En tarkoita

    Homma menee tarkalleen näin.

    1. Combofixin pitää olla työpöydällä. Jos se ei ole, siirrä se sinne.
    2. Käynnistä-valikko -> Suorita -> kopioi seuraava teksti kenttään ja paina Enter:

    eli tästä -> "%userprofile%\työpöytä\combofix.exe" /v awtuvsq <- tähän kaikki teksti tarkalleen noin

    Poistat WinAntivirus 2006 Ohjauspaneelin lisää/poista sovellus-kohdasta

    Fixaaminen:

    Avaa HijackThis, klikkaa do a system scan only, merkkaa mainitut rivit ja paina fix checked.
     
  13. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Ei ,ei ei onnistu vaan:( Työpöytähän on vain- ja ainoastaan tämä "näkymä" winodwsista ja kuvakkeista.sekä desktop nimellä oleva kansio. Koska se on siinä ollut, mutta silti ei kone suostu komentoa suorittamaan vaan toteaa edelleen ettei sitä löydy, vaikka tuo combofix.exen siirsin sieltä mihin kone sen latasi suoraan tuohon työpöydälle. Kone vain väittää ettei sitä löydä, vaikka omin silmin sen näkee olevan tuossa. Väittää edelleen että C:\.....\työpöytä refers to a location that is unavailable. ...jnejne
     
  14. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    No jos sulla on enkkuwinukka niin korvaa työpöytä -> desktop ja yritä uudestaan.
     
  15. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Yllä sitä osaa olla tyhmä:( Tässä tuo combofixin logi nyt ennen noita muita toimenpiteitä...

    Ale - 06-11-09 22:37:55.90 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop"
    Command switches used :: /v awtuvsq

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtuvsq.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


    2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe
    2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE
    2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe
    2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe
    2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe
    2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe
    2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe
    2006-11-09 11:22 547,544 ---hs---- C:\WINDOWS\system32\qtvwa.bak1
    2006-11-09 11:21 692,276 ---hs---- C:\WINDOWS\system32\awvtq.dll
    2006-11-08 21:23 46,592 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
    2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
    2006-11-08 21:22 8,448 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys
    2006-11-08 21:22 6,144 --a------ C:\WINDOWS\system32\stera.exe
    2006-11-08 21:22 21,888 --a------ C:\WINDOWS\system32\drivers\vspf5.sys
    2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-11-06 20:17 110,612 --a------ C:\WINDOWS\system32\hhhwjljq.exe
    2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
    2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
    2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
    2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
    2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
    2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
    2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
    2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-09 22:32 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype
    2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-09 18:44 -------- d-------- C:\Program Files\WinAntiVirus Pro 2006
    2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
    2006-11-09 14:16 -------- d-------- C:\Program Files\Common Files
    2006-11-08 23:13 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus
    2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log
    2006-11-08 21:22 -------- d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2006
    2006-11-07 20:07 -------- d-------- C:\Program Files\VSAdd-in
    2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft
    2006-11-06 20:09 -------- d-------- C:\Program Files\DC++
    2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000
    2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp
    2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft
    2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech
    2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-10-11 15:31 163840 --a------ C:\Program Files\Common Files\ers_startupmon.exe
    2006-10-11 15:27 192512 --a------ C:\Program Files\Common Files\dc6_startupmon.exe
    2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming
    2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-09-25 16:32 -------- d-------- C:\Program Files\Skype
    2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM
    2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET
    2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office
    2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System
    2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe
    2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech
    2006-09-10 13:09 -------- d-------- C:\Program Files\Google
    2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google
    2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe
    2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe
    2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "PowerBar"=""
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
    "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
    "CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    @=""
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "wrivjsi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\wrivjsi.dll,ksmddaf"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "WinAntiVirusPro2006"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
    "DC6"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\" /min"
    "ERS"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\" /min"
    "DC6_check"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\""
    "ERS_check"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-09 22:40:14.21
    C:\ComboFix.txt ... 06-11-09 22:40
    C:\ComboFix2.txt ... 06-11-09 14:16
     
  16. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    eli nyt tein nuo asiat paitsi: Hijackin scanissa ei näkynyt 03 - toolbar:toolbar 888 ollenkaan, joten en sitä fixannut. system32\wrivjsi.dll ei löytynyt, kun sitä yritin vikasietotilassa poistaa, sama koskee common f\ers.startupmon.exeä ja dc6.startupmon.exeä.Kaikkia ihan jopa searchilla etsin, kun ei muuten näkyny:)AVG Anti spyware ilmoitti uuden viruksen hyök, torjui ja siirsi holviin/jossa on se kolme tällä hetkellä): samaa muotoa kuin tuo otsikon torjani paitsi .GGN loppuinen. tässä uusin HJT-logi

    Logfile of HijackThis v1.99.1
    Scan saved at 23:22:18, on 9.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {D1F40B7F-D5BD-49EF-8EC5-9D94D704B1B2} - C:\WINDOWS\system32\awvtq.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.sf-anytime.com
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

     
  17. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Vundo tuli takas, ikävä kyllä

    Poista nämä:

    C:\WINDOWS\system32\hhhwjljq.exe
    C:\Program Files\WinAntiVirus Pro 2006
    C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
    C:\Program Files\Common Files\WinAntiVirus Pro 2006
    C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\Program Files\VSAdd-in

    Nyt aja combofix näin:

    "%userprofile%\desktop\combofix.exe" /v awvtq

    Lähetä uusi HjT-loki ja combofixin loki.
     
  18. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    jjeps, eli viimesimmät... Winantiviruksen poistin jo viimeksi, kun käskit..ei löytynyt application datasta jne. tietoja siitä. Edelleenkään näitä common files\ers_startupmon.exe ja dc6_startupmon.exe en löytänyt..(folderin asetuksista laitoin kyllä, että näyttää piilotetut jne. kansiot myös).. Yksi uusi trojan taas ilmestyi. Downloader-muotoa tällä kertaa.



    Ale - 06-11-10 17:00:44,73 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop"
    Command switches used :: /v awvtq

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awvtq.dll
    C:\WINDOWS\system32\qtvwa.bak1
    C:\WINDOWS\system32\qtvwa.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


    2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe
    2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE
    2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe
    2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe
    2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe
    2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe
    2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe
    2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
    2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
    2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
    2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
    2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
    2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
    2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
    2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
    2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-10 16:49 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype
    2006-11-10 14:02 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus
    2006-11-09 23:12 -------- d-------- C:\Program Files\Common Files
    2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
    2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log
    2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft
    2006-11-06 20:09 -------- d-------- C:\Program Files\DC++
    2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000
    2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp
    2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft
    2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech
    2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming
    2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-09-25 16:32 -------- d-------- C:\Program Files\Skype
    2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM
    2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET
    2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office
    2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System
    2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe
    2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech
    2006-09-10 13:09 -------- d-------- C:\Program Files\Google
    2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google
    2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe
    2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe
    2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "PowerBar"=""
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
    "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
    "CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    @=""
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-10 17:02:47.23
    C:\ComboFix.txt ... 06-11-10 17:02
    C:\ComboFix2.txt ... 06-11-09 22:40
    C:\ComboFix3.txt ... 06-11-09 14:16

    Logfile of HijackThis v1.99.1
    Scan saved at 17:03:58, on 10.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.sf-anytime.com
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

     
  19. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti). Lähetä myös uusi HjT-loki.
     
  20. Amao

    Amao Member

    Joined:
    Nov 7, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    11
    Asennus onnistuu, mutta en saa päivitettyä eScania:( Koetin kiinni laittaa Avgt, koetin kerion firewallinkin sammuttaa, mutta silti kun ajan tuon kavupd.exen, niin tulee vaan failed-ilmoitus. Tavalla 2 ei Escan aukea(jota siinä neuvotaan odottamaan), vaikka kuinka odotan:( Onko ongelma siellä päässä..vai?
     

Share This Page