Your computer is infected!

Palle00 · Jan 24, 2006

Kone valittaa infektiota!

Logfile of HijackThis v1.99.1
Scan saved at 15:58:43, on 24.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp9CDB.tmp
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137525948843
O17 - HKLM\System\CCS\Services\Tcpip\..\{01417E22-1B67-46E5-9958-515F45A65390}: NameServer = 212.50.211.55 212.50.192.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{01417E22-1B67-46E5-9958-515F45A65390}: NameServer = 212.50.211.55 212.50.192.226
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Mitä pitäis tehdä? Tuska kasvaa tuskaillessa..
Kiitoksia auttajalle.

Lucifer · Jan 24, 2006

Mulla lähti tällä:
http://www.f-secure.com/sw-desc/spyaxe.shtml

Palle00 · Jan 24, 2006

Mulla ei..

spertti · Jan 24, 2006

Fixaa tämä:

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp9CDB.tmp

Hae smitrem täältä -> http://noahdfear.geekstogo.com/click counter/click.php?id=1
Tallenna työpöydälle ja tuplaklikkaa sitä, jolloin se luo smitRem-kansion työpöydälle.

Käynnistä vikasietotilaan (paina F8 käynnistyksen yhteydessä, kunnes tulee valikko. Valitse valikosta vikasietotila), avaa smitRem-kansio ja tuplaklikkaa RunThis.bat. Seuraa ohjeita. Käynnistä kone uudestaan, lähetä uusi HjT-loki ja c:\smitfiles.txt-tiedoston sisältö.

Lisäksi minua kiinnostaa tämä filu:
C:\Windows\RUNXMLPL.exe
Testaa se täällä > http://www.virustotal.com/flash/index_en.html
Ja laita senkin tilokset tänne

Palle00 · Jan 24, 2006

Logfile of HijackThis v1.99.1
Scan saved at 17:14:44, on 24.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137525948843
O17 - HKLM\System\CCS\Services\Tcpip\..\{01417E22-1B67-46E5-9958-515F45A65390}: NameServer = 212.50.211.55 212.50.192.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{01417E22-1B67-46E5-9958-515F45A65390}: NameServer = 212.50.211.55 212.50.192.226
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [versio 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1956 'explorer.exe'
Killing PID 1956 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

This is a report processed by VirusTotal on 01/24/2006 at 16:16:48 (CET) after scanning the file "RUNXMLPL.EXE" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.24.2006 no virus found
Avast 4.6.695.0 01.24.2006 no virus found
AVG 718 01.23.2006 no virus found
Avira 6.33.0.77 01.24.2006 no virus found
BitDefender 7.2 01.24.2006 no virus found
CAT-QuickHeal 8.00 01.23.2006 no virus found
ClamAV devel-20051123 01.24.2006 no virus found
DrWeb 4.33 01.24.2006 no virus found
eTrust-InoculateIT 23.71.58 01.23.2006 no virus found
eTrust-Vet 12.4.2054 01.24.2006 no virus found
Ewido 3.5 01.24.2006 no virus found
Fortinet 2.54.0.0 01.24.2006 no virus found
F-Prot 3.16c 01.23.2006 no virus found
Ikarus 0.2.59.0 01.24.2006 no virus found
Kaspersky 4.0.2.24 01.24.2006 no virus found
McAfee 4680 01.23.2006 no virus found
NOD32v2 1.1376 01.23.2006 no virus found
Norman 5.70.10 01.24.2006 no virus found
Panda 9.0.0.4 01.24.2006 no virus found
Sophos 4.01.0 01.24.2006 no virus found
Symantec 8.0 01.24.2006 no virus found
TheHacker 5.9.2.079 01.23.2006 no virus found
UNA 1.83 01.21.2006 no virus found
VBA32 3.10.5 01.24.2006 no virus found

spertti · Jan 24, 2006

kaikki näytää olevan OK. Onko vielä ongelmia? Taustakuva on taas normaali?

Palle00 · Jan 24, 2006

Sama ongelma on edelleen. Taustakuvassa ei oo häikkää ollutkaan. Alapalkista hyppii tuo popuppi esiin: Your computer is infected!

spertti · Jan 24, 2006

Jaa-a.... Loki nyt on ainakin puhdas. Olet varmaanki Ewidon ajanut läpi, kun se kerran koneelta löytyy? eScan taitaapi olla seuraavaksi listalla.
Asenna, ja päivitä ( ohjeet sivulla ) ja laita alalaatikon örkkilöydökset tänne > http://koti.mbnet.fi/pattaya1/escanmwav.htm

Lukeeko niissä Pop-Upeissa "viestinvälityspalvelu" ( eng: Messenger service )?

Zipp2 · Jan 24, 2006

Onko sulla 2 antivirusta käynnissä

Norton ja AVPersonal

jos niin sammuta toinen niistä.

Koitas tota

http://www.sysinternals.com/files/procexpnt.zip

Pura se omaan kansioon ja sitte auki
Sitte ylhäältä View ja kato että siellä on täpit näissä kohissa

Show processes form all users.
Show Lower Pane
Lower Pane View DLL's

Sitte siittä ikkunasta klikkaa Explorer.exe kohtaa
Sitte ylhäältä File > Save As > ja säästät sen ja sitte pistä tänne se logi,niin katotaan jos siinä näky jotain.

Palle00 · Jan 24, 2006

Evido on ajettu läpi..

Popupin teksti: You computer is infected! Dangerous infection was detected on your PC. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats.

Escan löysi yhden errorin..

AVPersonal ei käsittääkseni ole käytössä.

Explorer.exe:

Process PID CPU Description Company Name
System Idle Process 0 86.96
Interrupts n/a 1.45 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 1.45
SMSS.EXE 432 Windows NT:n istunnonhallinta Microsoft Corporation
CSRSS.EXE 492 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 516 Windows NT -kirjaus Microsoft Corporation
SERVICES.EXE 560 Palvelu- ja ohjainohjelma Microsoft Corporation
SVCHOST.EXE 728 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2656 WMI Microsoft Corporation
SVCHOST.EXE 776 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 840 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 912 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 1008 Generic Host Process for Win32 Services Microsoft Corporation
ccSetMgr.exe 1112 Symantec Settings Manager Service Symantec Corporation
ccEvtMgr.exe 1140 Symantec Event Manager Service Symantec Corporation
ccProxy.exe 1212 Symantec Network Proxy Service Symantec Corporation
SNDSrvc.exe 1228 Network Driver Service Symantec Corporation
SPBBCSvc.exe 1296 SPBBC Service Symantec Corporation
SYMLCSVC.EXE 1320 Symantec Core Component Symantec Corporation
SPOOLSV.EXE 1808 Spooler SubSystem App Microsoft Corporation
anbmServ.exe 1920 Service Program for Acer eManager OSA Technologies Inc.
AVWUPSRV.EXE 1940 AntiVir Software Update Service for Windows H+BEDV Datentechnik GmbH, Germany
ewidoctrl.exe 1980 ewido control ewido networks
NAVAPSVC.EXE 2000 Norton AntiVirus Auto-Protect Service Symantec Corporation
ALG.EXE 1436 Application Layer Gateway Service Microsoft Corporation
SVCHOST.EXE 2780 Generic Host Process for Win32 Services Microsoft Corporation
NSCSRVCE.EXE 3224 Norton Security Console Norton Protection Center Service Symantec Corporation
LSASS.EXE 572 LSA Shell (Export Version) Microsoft Corporation
Explorer.EXE 1680 4.35 Resurssienhallinta Microsoft Corporation
igfxtray.exe 2180 igfxTray Module Intel Corporation
hkcmd.exe 2192 hkcmd Module Intel Corporation
SOUNDMAN.EXE 2220 Realtek Sound Manager Realtek Semiconductor Corp.
SynTPLpr.exe 2228 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 2328 Synaptics TouchPad Enhancements Synaptics, Inc.
epm-dm.exe 2420 Acer EPM Device Manager Acer Inc
LaunchAp.exe 2552 LaunchAp MFC Application
Powerkey.exe 2564 Powerkey
HotkeyApp.exe 2576 HotkeyApp Wistron
OSDCtrl.exe 2612 OSD MFC Application
WButton.exe 2624 WButton MFC Application
Monitor.exe 2640 Monitor acer Inc.
ccApp.exe 2648 Symantec User Session Symantec Corporation
realsched.exe 2664 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 2772 CTF Loader Microsoft Corporation
TeaTimer.exe 2888 System settings protector Safer Networking Limited
msmsgs.exe 2900 Windows Messenger Microsoft Corporation
firefox.exe 2256 Firefox Mozilla Corporation
procexp.exe 3816 5.80 Sysinternals Process Explorer Sysinternals
mwavscan.com 3432 mwavscan MSSPL
kavss.exe 1684 Kaspersky Anti-Virus Single Scanner Kaspersky Lab.

Process: Explorer.EXE Pid: 1680

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
activeds.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180
adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180
advapi32.dll Windows 32 -pohjainen lisä-API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
asOEHook.dll AntiSpam OE Hook Symantec Corporation 2006.02.0000.0153
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
batmeter.dll Battery Meter Helper -kirjasto (DLL) Microsoft Corporation 6.00.2900.2180
browselc.dll Liittymäselaimen käyttöliittymäkirjasto Microsoft Corporation 6.00.2900.2180
browseui.dll Liittymäselaimen käyttöliittymäkirjasto Microsoft Corporation 6.00.2900.2802
ccL40.dll Symantec Library Symantec Corporation 104.00.0001.0017
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
comdlg32.dll Yleisten valintaikkunoiden dll-tiedosto Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Luottamusliittymän tarjoaja Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline-verkkoagentti Microsoft Corporation 5.01.2600.2180
cscui.dll Asiakkaan puskurointiliittymä Microsoft Corporation 5.01.2600.2180
ctype.nls
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
dsound.dll DirectSound Microsoft Corporation 5.03.2600.2180
explorer.exe Resurssienhallinta Microsoft Corporation 6.00.2900.2180
fxsapi.dll Microsoft Fax API Support DLL Microsoft Corporation 5.02.2600.2180
fxsst.dll Faksipalvelu Microsoft Corporation 5.02.2600.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180
kernel32.dll Windows NT BASE APIn asiakas-DLL Microsoft Corporation 5.01.2600.2180
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
lpk.dll Language Pack Microsoft Corporation 5.01.2600.2180
midimap.dll Microsoft MIDI-kartoitin Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mpr.dll Monipalvelureititin-DLL Microsoft Corporation 5.01.2600.2180
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180
msgina.dll Windows NT -kirjaus GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msutb.dll MSUTB Server DLL Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcp71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.3077.0000
msvcr71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
mswsock.dll Microsoft Windows Sockets 2.0 -palveluntarjoaja Microsoft Corporation 5.01.2600.2180
NavShExt.dll Norton AntiVirus Shell Extension Module Symantec Corporation 12.01.0000.0020
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI-luokat Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
NSCEXT.DLL Norton Security Console ExplorerExtensions Symantec Corporation 2006.01.0003.0002
NSCEXT.LOC Norton Security Console ExplorerExtensions Symantec Corporation 2006.01.0003.0002
ntdll.dll NT Layer -kirjasto (DLL) Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntmarta.dll Windows NT MARTA -toimittaja Microsoft Corporation 5.01.2600.2180
ntshrui.dll Liittymälaajennus jakamista varten Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC-resurssit Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE Windowsia varten Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
RarExt.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2180
rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasdlg.dll Etäkäytön yleisten valintaruutujen API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
replmap.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdocvw.dll Shell Doc -objekti ja Control-kirjasto Microsoft Corporation 6.00.2900.2805
shell32.dll Windows-käyttöliittymän yleinen DLL Microsoft Corporation 6.00.2900.2763
shellhook.dll 1.00.0000.0001
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2781
sortkey.nls
sorttbls.nls
stobject.dll Systray shell -palvelun objekti Microsoft Corporation 5.01.2600.2180
SynTPFcs.dll SynTPFcs Synaptics, Inc. 7.13.0002.0000
tapi32.dll Microsoft® Windows(TM) puhelin-API-liittymän asiakas-DLL Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
unicode.nls
urlmon.dll OLE32-laajennukset Win32:ta varten Microsoft Corporation 6.00.2900.2790
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web-sivuston valvonta Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wininet.dll Internet-laajennus Win32:ta varten Microsoft Corporation 6.00.2900.2781
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180
winspool.drv Windows Taustatulostusohjain Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIt Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 Ldap API dll Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows NT:n Windows Socket 2.0 Helper Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socketin 32-bittinen DLL-tiedosto Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
WZSHLSTB.DLL WinZip Shell Extension DLL WinZip Computing, Inc. 4.01.0000.0000
xpsp2res.dll Service Pack 2 -viestit Microsoft Corporation 5.01.2600.2180

Zipp2 · Jan 24, 2006

Scannaa tuo tuolla ja ilmoita tulos

replmap.dll

http://virusscan.jotti.org/

lettas · Jan 24, 2006

Ei millään pahalla, mutta kyseinen teksti tulee selaimeen oli kone saastunut tai ei. Popup ilmaantuminen saattaisi tosin sinänsä olla spywarea .

Palle00 · Jan 24, 2006

Kaspersky Anti-Virus Found not-virus:Hoax.Win32.Renos.v

Muilla ei löytyny mitään.

Zipp2 · Jan 24, 2006

Avaa Hijackki
Open the Misc Tools section
Delete a file on reboot

Sitte kopioi tuo rivi ja liitä se sinne kenttään

C:\WINDOWS\system32\replmap.dll

aukase se sinne ja käynnistä kone uudestaan ja kato jos se pop uppi ois poissa.

Palle00 · Jan 24, 2006

Ja popuppi vaikeni! Kiitoksia valtavasti!

Zipp2 · Jan 24, 2006

Muistakko jos siinä mainostettiin jotain tiettyä ohjelmaa.

Palle00 · Jan 24, 2006

spywarestrike?

Zipp2 · Jan 24, 2006

> AVPersonal ei käsittääkseni ole käytössä <

Näkyy se tuolla prosessi kohassa

C:\Program Files\AVPersonal\AVWUPSRV.EXE

ja nuo palvelut

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

Palle00 · Jan 24, 2006

Joo olihan tuo toiminnassa. Enää ei pitäis olla..

CoDn00b · Jan 25, 2006

Mullakin pomppii tuo "system is infected", vaikka lokini pitäisi olli siisti? Kattokaa te jotka osaatte tää kun ei minusta mihinkään ole, kiitos.

Logfile of HijackThis v1.99.1
Scan saved at 20:27:07, on 25.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33C.tmp.exe
C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33D.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\winstall.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kari Sainio\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\djscp.dll/sp.html#54688%
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {A46FE085-9CBD-B597-DCBB-7280E33BA470} - C:\WINDOWS\system32\appel32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [33C.tmp] C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33C.tmp.exe
O4 - HKLM\..\Run: [33D.tmp] C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33D.tmp.exe
O4 - HKLM\..\Run: [33C.tmp.exe] C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33C.tmp.exe
O4 - HKLM\..\Run: [33D.tmp.exe] C:\DOCUME~1\KARISA~1\LOCALS~1\Temp\33D.tmp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeskMarker] C:\Program Files\delight software gmbh\DeskMarker\DeskMarker.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096820812109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\msfa32.exe (file missing)
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Log in or Sign up

Your computer is infected!

Palle00 Member

Lucifer Member

Palle00 Member

spertti Active member

Palle00 Member

spertti Active member

Palle00 Member

spertti Active member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

lettas Moderator Staff Member

Palle00 Member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

Palle00 Member

CoDn00b Member

Share This Page

Log in or Sign up

Your computer is infected!

Palle00 Member

Lucifer Member

Palle00 Member

spertti Active member

Palle00 Member

spertti Active member

Palle00 Member

spertti Active member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

lettas Moderator Staff Member

Palle00 Member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

Palle00 Member

Zipp2 Regular member

Palle00 Member

CoDn00b Member

Share This Page

Useful Searches