trojan vundo ei poistu mitä tehdä?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by rubycon, Apr 20, 2008.

Page 1 of 2
  1. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Hei gurut!

    Olen nyt kaksi päivää skannannu eri skannereilla ja tulee vaan aina takas.Oisko apuja,tässä logi:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26:34, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    D:\programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\efcbAsqQ.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: (file missing)
    O20 - Winlogon Notify: efcbAsqQ - C:\WINDOWS\SYSTEM32\efcbAsqQ.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 10470 bytes
     
    rubycon, Apr 20, 2008
    #1
  2. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    ZoneAlarm Spy Blocker


    Poista kansio vikasiedossa

    C:\Program Files\ZoneAlarmSB

    =============

    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O19 - User stylesheet: (file missing)

    ===============

    sitten siellä koneella näyttää olevan nortonia antivir ja BitDefender
    mitä virusohjelmaa käytät.

    ==============

    scnnaa uusi hjt:n loki
     
    Hujo, Apr 20, 2008
    #2
  3. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    No niin poistettu on (miten pääsen vikasietoon?)
    Mulla on Avira antivir personal käytossä.BitDefender on kyllä koneella,skannailin sillä äskettäin,mutta se ei ole jatkuvasti käytössä,pitäskö poistaa?Sit on spybotin tea timer päällä ja juurikin zone alarm palomuurina.Tässä taas loki.Kiitos!: Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:57:31, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    D:\programs\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    D:\programs\Opera.exe
    D:\programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\efcbAsqQ.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: efcbAsqQ - C:\WINDOWS\SYSTEM32\efcbAsqQ.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 10063 bytes
     
    rubycon, Apr 20, 2008
    #3
  4. Hujo

    Hujo Guest

    Poista se BitDefender

    sitten aja
    Notonin poistotyökalu

    ================

    Poista siellä vikasiedossa myös

    C:\Program Files\Common Files\Symantec Shared

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    ================

    Sulla on siellä myös

    Windows Defender
    SpybotSD TeaTimer

    Onkos Windows Defender:ssä myös taustasuojaus päällä
     
    Last edited by a moderator: Apr 20, 2008
    Hujo, Apr 20, 2008
    #4
  5. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    No niin nyt poistettu.

    Ja Windows Defender on ajastettu skannaamaan kerran päivässä kone.Muuten se ei oo aktiivinen. SpybotSD TeaTimer taas on koko ajan päällä ja tietysti Avira.Kiitos nöyrimmästi taas!Tässä vielä loki.Jokohan poistu?Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:23:31, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    D:\programs\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    D:\programs\Opera.exe
    D:\programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\efcbAsqQ.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: efcbAsqQ - C:\WINDOWS\SYSTEM32\efcbAsqQ.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9211 bytes
     
    rubycon, Apr 20, 2008
    #5
  6. Hujo

    Hujo Guest

    aja tuosta seuraavat

    Lataa TÄSTÄ VundoFix.exe työpöydällesi.

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    ===============

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    ================

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

    =============

    Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
    Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
    työpöydällesi.

    @echo off
    sc stop ”Symantec RemoteAssist”
    sc delete ”Symantec RemoteAssist”

    Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
     
    Last edited by a moderator: Apr 20, 2008
    Hujo, Apr 20, 2008
    #6
  7. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Tässä vundofix loki:VundoFix V7.0.3

    Scan started at 16:58:00 20.4.2008

    Listing files found while scanning....

    C:\WINDOWS\system32\efcbAsqQ.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\efcbAsqQ.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\efcbAsqQ.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.3

    Scan started at 17:09:09 20.4.2008

    Listing files found while scanning....

    C:\WINDOWS\system32\efcbAsqQ.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\efcbAsqQ.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\efcbAsqQ.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.3

    Scan started at 17:19:55 20.4.2008

    Listing files found while scanning....

    C:\WINDOWS\system32\efcbAsqQ.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\efcbAsqQ.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
    Ajoin sen vikasietotilassa kahdesti,tuntuu ettei poistunu.Ja tässä HJT-loki:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:32:52, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    D:\programs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\efcbAsqQ.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9287 bytes
    sitten jatkan combofixillä.Kiitos taas.
     
    rubycon, Apr 20, 2008
    #7
  8. Hujo

    Hujo Guest

    Lataa Killbox Option^Explicitiltä
    Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

    Tallenna työpöydällesi.
    Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
    Valitse:
    Delete on Reboot sitten klikkaa All Files valintaa.
    Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

    C:\WINDOWS\system32\efcbAsqQ.dll

    Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

    Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön.
    Käynnistä koneesi itse jos se ei sitä automaattisesti tee.
     
    Hujo, Apr 20, 2008
    #8
  9. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Ja tässä combofix loki:ComboFix 08-04-18.3 - Aliena 2008-04-20 17:40:45.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1522 [GMT 3:00]
    Running from: C:\Documents and Settings\Aliena\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\efcbAsqQ.dll
    C:\WINDOWS\system32\tmp64.tmp

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-03-20 to 2008-04-20 )))))))))))))))))
    .

    2008-04-20 16:58 . 2008-04-20 17:31 <KANSIO> d-------- C:\VundoFix Backups
    2008-04-20 14:41 . 2008-02-15 17:00 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
    2008-04-20 12:01 . 2008-04-20 12:02 <KANSIO> d-------- C:\Program Files\Windows Defender
    2008-04-20 11:53 . 2007-01-18 15:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-04-20 11:18 . 2008-04-20 15:52 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-04-20 11:14 . 2008-04-20 15:53 <KANSIO> d-------- C:\Program Files\Common Files\Softwin
    2008-04-20 08:24 . 2008-04-20 08:26 <KANSIO> d-------- C:\Program Files\Panda Security
    2008-04-19 20:19 . 2008-04-19 21:57 <KANSIO> d-------- C:\Documents and Settings\Aliena\.housecall6.6
    2008-04-19 20:18 . 2008-04-19 20:18 <KANSIO> d-------- C:\WINDOWS\Sun
    2008-04-19 15:40 . 2008-04-19 15:40 <KANSIO> d-------- C:\fsaua.data
    2008-04-19 14:26 . 2008-04-19 13:39 94,208 --a------ C:\WINDOWS\olgdqarf.exe
    2008-04-18 20:52 . 2008-04-18 20:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-18 20:52 . 2008-04-18 20:52 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-16 21:54 . 2008-04-16 21:54 <KANSIO> d-------- C:\Program Files\Apple Software Update
    2008-04-16 11:41 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-04-16 11:41 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-04-16 11:40 . 2008-04-16 11:40 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-04-16 11:40 . 2008-04-16 11:40 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-04-16 11:31 . 2008-04-16 11:31 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2008-04-16 11:31 . 2008-04-16 11:31 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2008-04-16 11:31 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
    2008-04-16 11:30 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2008-04-16 11:30 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2008-04-16 11:30 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
    2008-04-16 11:30 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
    2008-04-16 11:30 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
    2008-04-03 07:20 . 2008-04-03 07:20 <KANSIO> d-------- C:\Program Files\iPod
    2008-04-03 07:18 . 2008-04-03 07:19 <KANSIO> d-------- C:\Program Files\QuickTime
    2008-04-02 20:38 . 2008-04-02 20:38 <KANSIO> d-------- C:\Documents and Settings\DZH~1.OLY\LOCALS~1
    2008-04-02 20:38 . 2008-04-02 20:38 <KANSIO> d-------- C:\Documents and Settings\DZH~1.OLY
    2008-04-01 14:03 . 2008-04-01 14:03 <KANSIO> d-------- C:\Documents and Settings\Aliena\Application Data\Logitech
    2008-04-01 14:01 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-04-01 14:01 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
    2008-04-01 14:01 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
    2008-04-01 14:01 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
    2008-04-01 14:01 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-03-20 12:58 . 2008-03-20 12:58 <KANSIO> d-------- C:\Documents and Settings\Aliena\Application Data\Media Player Classic

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 14:45 1,937,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-20 14:42 25,796 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-20 10:05 --------- d-----w C:\Documents and Settings\Aliena\Application Data\uTorrent
    2008-04-19 16:46 --------- d-----w C:\Program Files\Java
    2008-04-16 08:40 --------- d-----w C:\Documents and Settings\Aliena\Application Data\Nokia
    2008-04-16 08:31 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-04-16 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-04-15 15:04 34,560 ----a-w C:\WINDOWS\system32\drivers\SSDefrag.sys
    2008-04-01 11:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-01 11:01 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-01 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-03-30 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-03-18 14:54 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-18 12:38 --------- d-----w C:\Program Files\AlienGUIse
    2008-03-18 07:39 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-03-17 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-03-17 16:54 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
    2008-03-16 08:13 --------- d-----w C:\Program Files\IECustomizer.com
    2008-03-14 06:46 --------- d-----w C:\Program Files\SysTool
    2008-03-13 20:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2008-03-13 05:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-13 05:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-12 09:23 --------- d-----w C:\Program Files\IObit
    2008-03-10 04:34 --------- d-----w C:\Program Files\Logitech
    2008-03-08 04:59 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-08 04:52 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-08 04:52 --------- d-----w C:\Program Files\Windows Live
    2008-03-08 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-02 05:33 --------- d-----w C:\Documents and Settings\Aliena\Application Data\Nokia Multimedia Player
    2008-03-01 11:33 --------- d-----w C:\Documents and Settings\Aliena\Application Data\InstallShield
    2008-02-28 11:17 --------- d-----w C:\Program Files\Nokia
    2008-02-28 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
    2008-02-28 05:11 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-02-28 05:09 --------- d-----w C:\Program Files\Artificial
    2008-02-27 19:30 --------- d-----w C:\Program Files\Common Files\Java
    2008-02-27 18:14 --------- d-----w C:\Documents and Settings\Aliena\Application Data\PC Suite
    2008-02-26 17:17 --------- d-----w C:\Program Files\Opera
    2008-02-25 09:57 5,152 ----a-w C:\WINDOWS\system32\drivers\io.sys
    2008-02-23 13:12 --------- d-----w C:\Documents and Settings\Aliena\Application Data\DeepBurner
    2008-02-22 01:43 --------- d-----w C:\Program Files\Foxit Software
    2008-02-20 14:55 --------- d-----w C:\Documents and Settings\Aliena\Application Data\Leadertech
    2008-02-17 08:57 691,545 ----a-w C:\WINDOWS\unins000.exe
    .

    (((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15:00 15360]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 10:05 345640]
    "SpybotSD TeaTimer"="D:\programs\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 04:54 363008]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 08:07 262401]
    "WinFast2KLoadDefault"="C:\WINDOWS\system32\wf2kcpl.dll" [2005-09-16 15:35 616448]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15:00 15360]
    "Nokia.PCSync"="D:\programs\Nokia PC Suite 6\PcSync2.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    D:\programs\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 D:\programs\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "D:\\programs\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=
    "D:\\programs\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\programs\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2008-02-25 12:57]
    R3 physX32;physX32;C:\WINDOWS\system32\DRIVERS\physX32.sys [2007-09-13 08:43]
    R4 WINFOXIO;WINFOXIO;C:\WINDOWS\system32\Drivers\WINFOXIO.SYS [2005-03-25 19:24]
    S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 16:08]
    S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
    S3 SSDefrag;SSDefrag;C:\WINDOWS\system32\drivers\SSDefrag.sys [2008-04-15 18:04]
    S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
    S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

    .
    'Ajoitetut teht&#8222;v&#8222;t'-kansion sis&#8222;lt&#8221;
    "2008-04-16 18:54:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-20 14:46:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 17:44:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    folder error: C:\DOCUME~1\Aliena\LOCALS~1\Temp\

    scan completed successfully
    hidden files: 6

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-20 17:47:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-20 14:47:37

    Pre-Run: 44,930,469,888 tavua vapaana
    Post-Run: 44,904,865,792 tavua vapaana

    203 --- E O F --- 2008-04-09 07:28:18
    Ja sitten vikasietotilaan...
     
    rubycon, Apr 20, 2008
    #9
  10. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    SDFix loki on tässä:SDFix: Version 1.173
    Run by Aliena on su 20.04.2008 at 18:10

    Microsoft Windows XP [versio 5.1.2600]
    Running From: C:\DOCUME~1\Aliena\TYPYT~1\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\olgdqarf.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 18:13:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000087
    source file error: C:\Documents and Settings\Aliena\ntuser.dat

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 6


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "D:\\programs\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="D:\\programs\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
    "D:\\programs\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="D:\\programs\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\\programs\\iTunes.exe"="D:\\programs\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Aliena\TYPYT~1\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Sat 19 Apr 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 17 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!
    Ja tässä HJT-loki:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:01, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\programs\Opera.exe
    D:\programs\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9770 bytes
    Entäs seuraavaks?Kyllä olis pulassa ilman apuja:)
     
    rubycon, Apr 20, 2008
    #10
  11. Hujo

    Hujo Guest

    Poista kansio

    C:\Program Files\Common Files\Symantec Shared


    Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
    Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
    työpöydällesi.

    @echo off
    sc stop ”Symantec RemoteAssist”
    sc delete ”Symantec RemoteAssist”


    Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
     
    Hujo, Apr 20, 2008
    #11
  12. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    no niin tämä poistettu: C:\Program Files\Common Files\Symantec Shared
    Ja Poisto.bat ajettu.Joko alkaa kirkastua?
     
    rubycon, Apr 20, 2008
    #12
  13. Hujo

    Hujo Guest

    Kirkastuu se pikku hiljaa...

    scannaa uusi hjt:n loki
     
    Hujo, Apr 20, 2008
    #13
  14. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Jep,tässä uus HJT-loki:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:05:45, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\programs\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9505 bytes
     
    rubycon, Apr 20, 2008
    #14
  15. Hujo

    Hujo Guest

    etsi tuo service

    Mene käynnistä -> suorita -> services.msc -> ok

    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

    tuplalikkaa sitä laita seis ja alasvetovalikosta ei käytössä

    käyttä     ja ok
     
    Hujo, Apr 20, 2008
    #15
  16. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Palvelu pysäytetty ja laitettu ei käytössä.
     
    rubycon, Apr 20, 2008
    #16
  17. Hujo

    Hujo Guest

    Nyt scannaat vielä sen hjt:n lokin
     
    Hujo, Apr 20, 2008
    #17
  18. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    Yes!Tässäpä taas loki:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:48:12, on 20.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\programs\AlienGUIse\wbload.exe
    D:\programs\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    D:\programs\hiiri\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\taskmgr.exe
    D:\programs\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = D:\programs\hiiri\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
    O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes' (file missing)
    O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programs\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\programs\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9395 bytes
     
    rubycon, Apr 20, 2008
    #18
  19. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi.
     
    Hujo, Apr 20, 2008
    #19
  20. rubycon

    rubycon Regular member

    Joined:
    Jan 18, 2008
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    26
    No,sehän tarkasti perusteellisesti,hyvä.Tässäpä taas loki:Malwarebytes' Anti-Malware 1.11
    Tietokantaversio: 663

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|L:\|M:\|)
    Tarkistetut kohteet: 160667
    Kulunut aika: 1 hour(s), 18 minute(s), 35 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 10

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\QooBox\Quarantine\C\WINDOWS\system32\efcbAsqQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP104\A0018026.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP104\A0018027.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP104\A0018028.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP110\A0018362.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP110\A0018363.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP115\A0019280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP115\A0019351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{075DE6B0-18ED-417B-96A3-1DB89C1FC91E}\RP115\A0019357.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\efcbAsqQ.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
     
    rubycon, Apr 20, 2008
    #20
Page 1 of 2

Share This Page