AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
tiistai 11.11.2025 / 13:57
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > trojan horse generic 2. exo
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Trojan Horse Generic 2. EXO
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
Amao
Junior Member
_ 		8. marraskuuta 2006 @ 05:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli tällaisen onnistuin saamaan koneeseeni. AVG löytää sen ja laittaa virus-vaulttiin, mutta AVG Anti-spyware ei löydä kyseistä trojania, vaikka filen ottaisikin pois vaultista ja uudelleen suorittaisi scanin anti-spywarella! ja vaikka virus onkin vaultissa, niin kone ei silti kyllä pelitä täysillä, vaan hidsteluja esiintyy ja oikeaan alakulmaan tulee aina koneen käynnistäessä security warning: your comp may be harmed jne...Mitä pitäs tehä?
[ + lainaa]
nObO2
Suspended due to non-functional email address
_ 		8. marraskuuta 2006 @ 11:42 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jos kyseessä on virus niin Anti-spyware ei välttämättä sitä tunnista. kokeile kumminkin vielä online scanni
[ + lainaa]
||AMD Athlon(tm) 64 Processor 3200+||510RAM|| Nvidia 7600GT AGP||Windows XP||Fsecure||Fujitsu Siemens Scaleo T||
Amao
Junior Member
_ 		8. marraskuuta 2006 @ 12:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Siis online scan kyseisten ohjelmien valikosta vai eri valmistajien sivuilta? Kokeilin koneen laittamista vika sietotilaan, muttei tuo AVG(siis tavallinen) suostunut poistamaan Trojania virusholvistaan
[ + lainaa]
Amao
Junior Member
_ 		8. marraskuuta 2006 @ 12:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä tuo logini. Ja tiedosto missä AVG:n virus-vault sen ilmoittaa olevaksi: C:\program files\Common Files\} 3434c091F-0707....... ja filename on activate.exe..jos noista nyt mtn hyötyä on...

Logfile of HijackThis v1.99.1
Scan saved at 17:42:05, on 8.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUMENTS AND SETTINGS\ALE\MY DOCUMENTS\My Downloads\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll
O2 - BHO: (no name) - {B4039C15-2A49-4130-B704-5DED6CC0FAB8} - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvros.dll,startup
O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll
O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		8. marraskuuta 2006 @ 13:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		8. marraskuuta 2006 @ 14:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Vundo on tehnyt nyt poistamista yli tunnin?Tämä ilmeisesti normaalia...Minun ei siis tarvitse "vapauttaa" virusta AVG:n virusvaultista ennen seuraavaa logia ja wundon "logia", vaan...
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		8. marraskuuta 2006 @ 14:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ole normaalia. Jos ei toimi niin sammuta AVG antispywaren guard ja kokeile uudestaan.

Jollei toimi niinkään niin tuo saadaan muutenkin kyllä pois, älä siitä huoli :)
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 06:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli toimi vundo kun sammutin tuon anti-sw:n, eikä uudelleenkäynnistyksen yhteydessä uudestaan tehnyt samaa prosessia. Windows ilmoitti tosin jostain Run time errorista(dll. error win32 tiedostossa muistaakseni.. tässä nyt nuo uudet...Niin ja ei ilmoittanut enää W oikeassa alakulmassa haitallisista ohjelmista jne. Jota se teki ennen vundoa... Mutta AVG:n virus-vaultissa on nyt kaks virusta (tai trojania): eli tuo TH generic ja uusi TH downloader.zlob.EUN sen hakemistopolku on C\WIndows\system32\ismini.exe

Logfile of HijackThis v1.99.1
Scan saved at 11:08:03, on 9.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\dc6_startupmon.exe
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\Common Files\dc6_startupmon.exe
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing)
O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing)
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\awtuvsq.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtuvsq - C:\WINDOWS\SYSTEM32\awtuvsq.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe



Java version is 1.5.0.5

Scan started at 18:35:47 8.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\pqvgchg.dll
C:\WINDOWS\system32\wrivjsi.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2

Beginning removal...

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.5

Scan started at 10:59:36 9.11.2006

Listing files found while scanning....

C:\WINDOWS\system32\pqvgchg.dll
C:\WINDOWS\system32\wrivjsi.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqvgchg.dll
C:\WINDOWS\system32\pqvgchg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wrivjsi.dll
C:\WINDOWS\system32\wrivjsi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtutr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.bak2 Has been deleted!

Performing Repairs to the registry.
Done!
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		9. marraskuuta 2006 @ 07:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Käynnistä-valikko -> Suorita -> kopioi seuraava kenttään ja paina Enter:
"%userprofile%\työpöytä\combofix.exe" /v awtuvsq
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
4.Käynnistä tietokoneesi uudelleen
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Poista ohjauspaneelista

WinAntivirus 2006

Fixaa nämä:

O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {7434E401-819E-6AB5-188A-03F4242206D1} - C:\WINDOWS\system32\pqvgchg.dll (file missing)
O2 - BHO: (no name) - {92100BF3-28CA-4E07-9BBB-32EF6C708A66} - C:\WINDOWS\system32\vtutr.dll (file missing)
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\wilscsvg.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{343C091F-0707-1035-0826-050726050166}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [wrivjsi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wrivjsi.dll,ksmddaf
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe[/b]

Käynnistä vikasietotilaan ja poista:

C:\Program Files\WinAntiVirus Pro 2006
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\Common Files\dc6_startupmon.exe
C:\WINDOWS\system32\wrivjsi.dll

Tyhjennä roskis

Käynnistä uudelleen.

Lähetä uusi HjT-loki ja combofixin raportti.




[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 07:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
hmm siis tarkoititko että combofixin käynnistämisen jälkeen suoritan tuon komennon? Jos yritän sitä suorittaa ennen combofixin käynnistämistä, niin vastaus on suurinpiirtein tällainen:C\documents and settings\Ale\työpöytä refers to a location that is unavailable. Fixaamisella tarkoitat combofixin avulla fixaamista vai? Entä tuo poistaminen? Aivan normaalisti vikasietotilassa poistan tiedostot(pl. winantivirus ohjauspaneelista remove programilla..) , ei sen ihmeempää?
[ + lainaa]
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 09:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
eli ei onnistu tuo komennon toteuttaminen combofixin suorittamisenkaan jälkeen..
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		9. marraskuuta 2006 @ 13:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En tarkoita

Homma menee tarkalleen näin.

1. Combofixin pitää olla työpöydällä. Jos se ei ole, siirrä se sinne.
2. Käynnistä-valikko -> Suorita -> kopioi seuraava teksti kenttään ja paina Enter:

eli tästä -> "%userprofile%\työpöytä\combofix.exe" /v awtuvsq <- tähän kaikki teksti tarkalleen noin

Poistat WinAntivirus 2006 Ohjauspaneelin lisää/poista sovellus-kohdasta

Fixaaminen:

Avaa HijackThis, klikkaa do a system scan only, merkkaa mainitut rivit ja paina fix checked.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 13:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ,ei ei onnistu vaan:( Työpöytähän on vain- ja ainoastaan tämä "näkymä" winodwsista ja kuvakkeista.sekä desktop nimellä oleva kansio. Koska se on siinä ollut, mutta silti ei kone suostu komentoa suorittamaan vaan toteaa edelleen ettei sitä löydy, vaikka tuo combofix.exen siirsin sieltä mihin kone sen latasi suoraan tuohon työpöydälle. Kone vain väittää ettei sitä löydä, vaikka omin silmin sen näkee olevan tuossa. Väittää edelleen että C:\.....\työpöytä refers to a location that is unavailable. ...jnejne
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		9. marraskuuta 2006 @ 14:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No jos sulla on enkkuwinukka niin korvaa työpöytä -> desktop ja yritä uudestaan.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 17:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Yllä sitä osaa olla tyhmä:( Tässä tuo combofixin logi nyt ennen noita muita toimenpiteitä...

Ale - 06-11-09 22:37:55.90 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop"
Command switches used :: /v awtuvsq

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtuvsq.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe
2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE
2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe
2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe
2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe
2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe
2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe
2006-11-09 11:22 547,544 ---hs---- C:\WINDOWS\system32\qtvwa.bak1
2006-11-09 11:21 692,276 ---hs---- C:\WINDOWS\system32\awvtq.dll
2006-11-08 21:23 46,592 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-11-08 21:22 8,448 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys
2006-11-08 21:22 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-11-08 21:22 21,888 --a------ C:\WINDOWS\system32\drivers\vspf5.sys
2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-06 20:17 110,612 --a------ C:\WINDOWS\system32\hhhwjljq.exe
2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-09 22:32 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype
2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-09 18:44 -------- d-------- C:\Program Files\WinAntiVirus Pro 2006
2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
2006-11-09 14:16 -------- d-------- C:\Program Files\Common Files
2006-11-08 23:13 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus
2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log
2006-11-08 21:22 -------- d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2006
2006-11-07 20:07 -------- d-------- C:\Program Files\VSAdd-in
2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft
2006-11-06 20:09 -------- d-------- C:\Program Files\DC++
2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000
2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp
2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft
2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech
2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-11 15:31 163840 --a------ C:\Program Files\Common Files\ers_startupmon.exe
2006-10-11 15:27 192512 --a------ C:\Program Files\Common Files\dc6_startupmon.exe
2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming
2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-25 16:32 -------- d-------- C:\Program Files\Skype
2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office
2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System
2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe
2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech
2006-09-10 13:09 -------- d-------- C:\Program Files\Google
2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google
2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe
2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe
2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"wrivjsi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\wrivjsi.dll,ksmddaf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"WinAntiVirusPro2006"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"DC6"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\" /min"
"ERS"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\" /min"
"DC6_check"="\"C:\\Program Files\\Common Files\\dc6_startupmon.exe\""
"ERS_check"="\"C:\\Program Files\\Common Files\\ers_startupmon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-09 22:40:14.21
C:\ComboFix.txt ... 06-11-09 22:40
C:\ComboFix2.txt ... 06-11-09 14:16
[ + lainaa]
Amao
Junior Member
_ 		9. marraskuuta 2006 @ 18:31 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
eli nyt tein nuo asiat paitsi: Hijackin scanissa ei näkynyt 03 - toolbar:toolbar 888 ollenkaan, joten en sitä fixannut. system32\wrivjsi.dll ei löytynyt, kun sitä yritin vikasietotilassa poistaa, sama koskee common f\ers.startupmon.exeä ja dc6.startupmon.exeä.Kaikkia ihan jopa searchilla etsin, kun ei muuten näkyny:)AVG Anti spyware ilmoitti uuden viruksen hyök, torjui ja siirsi holviin/jossa on se kolme tällä hetkellä): samaa muotoa kuin tuo otsikon torjani paitsi .GGN loppuinen. tässä uusin HjT-logi

Logfile of HijackThis v1.99.1
Scan saved at 23:22:18, on 9.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {D1F40B7F-D5BD-49EF-8EC5-9D94D704B1B2} - C:\WINDOWS\system32\awvtq.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		10. marraskuuta 2006 @ 04:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Vundo tuli takas, ikävä kyllä

Poista nämä:

C:\WINDOWS\system32\hhhwjljq.exe
C:\Program Files\WinAntiVirus Pro 2006
C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\Common Files\dc6_startupmon.exe
C:\Program Files\VSAdd-in

Nyt aja combofix näin:

"%userprofile%\desktop\combofix.exe" /v awvtq

Lähetä uusi HjT-loki ja combofixin loki.

[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		10. marraskuuta 2006 @ 12:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jjeps, eli viimesimmät... Winantiviruksen poistin jo viimeksi, kun käskit..ei löytynyt application datasta jne. tietoja siitä. Edelleenkään näitä common files\ers_startupmon.exe ja dc6_startupmon.exe en löytänyt..(folderin asetuksista laitoin kyllä, että näyttää piilotetut jne. kansiot myös).. Yksi uusi trojan taas ilmestyi. Downloader-muotoa tällä kertaa.



Ale - 06-11-10 17:00:44,73 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ale\desktop"
Command switches used :: /v awvtq

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-09 18:51 8,192 --a------ C:\Documents and Settings\Ale\RestartIt.exe
2006-11-09 18:51 5,300 --a------ C:\Documents and Settings\Ale\NTP.EXE
2006-11-09 18:51 42,496 --a------ C:\Documents and Settings\Ale\swreg.exe
2006-11-09 18:51 39,184 --a------ C:\Documents and Settings\Ale\Ntrights.exe
2006-11-09 18:51 31,232 --a------ C:\Documents and Settings\Ale\sc.exe
2006-11-09 18:51 26,112 --a------ C:\Documents and Settings\Ale\nircmd.exe
2006-11-09 18:51 181,776 --a------ C:\Documents and Settings\Ale\handle.exe
2006-11-08 21:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-08 21:22 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-11-07 19:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-03 13:06 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2006-11-03 13:06 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2006-11-03 13:06 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2006-11-03 13:06 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2006-10-16 13:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-14 12:56 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2006-10-14 12:56 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2006-10-14 12:56 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 16:49 -------- d-------- C:\Documents and Settings\Ale\Application Data\Skype
2006-11-10 14:02 -------- d-------- C:\Documents and Settings\Ale\Application Data\Azureus
2006-11-09 23:12 -------- d-------- C:\Program Files\Common Files
2006-11-09 18:46 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-09 18:44 -------- d-------- C:\Documents and Settings\Ale\Application Data\WinAntiVirus Pro 2006
2006-11-08 21:23 0 --a------ C:\Program Files\Common Files\err.log
2006-11-07 19:09 -------- d-------- C:\Program Files\Grisoft
2006-11-06 20:09 -------- d-------- C:\Program Files\DC++
2006-11-05 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-05 19:21 -------- d-------- C:\Program Files\eDonkey2000
2006-11-05 19:20 -------- d-------- C:\Program Files\Winamp
2006-11-05 14:29 -------- d---s---- C:\Documents and Settings\Ale\Application Data\Microsoft
2006-11-03 13:06 -------- d-------- C:\Program Files\Logitech
2006-11-03 13:06 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-04 20:56 -------- d-------- C:\Program Files\Macrogaming
2006-09-27 10:29 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-25 16:32 -------- d-------- C:\Program Files\Skype
2006-09-14 18:04 -------- d-------- C:\Documents and Settings\Ale\Application Data\AdobeUM
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 17:40 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-11 17:40 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-11 17:39 -------- d-------- C:\Program Files\Microsoft Office
2006-09-11 17:39 -------- d-------- C:\Program Files\Common Files\System
2006-09-11 16:34 -------- d-------- C:\Program Files\Adobe
2006-09-11 10:24 -------- d-------- C:\Documents and Settings\Ale\Application Data\Leadertech
2006-09-10 13:09 -------- d-------- C:\Program Files\Google
2006-09-10 13:09 -------- d-------- C:\Documents and Settings\Ale\Application Data\Google
2006-09-10 12:58 11817800 --a------ C:\Program Files\GoogleEarth.exe
2006-09-06 16:40 89544096 --a------ C:\Program Files\setpoint260btenu-3.exe
2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 14:29 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,10,01,00,00,00,00,00,00,40,04,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-10 17:02:47.23
C:\ComboFix.txt ... 06-11-10 17:02
C:\ComboFix2.txt ... 06-11-09 22:40
C:\ComboFix3.txt ... 06-11-09 14:16

Logfile of HijackThis v1.99.1
Scan saved at 17:03:58, on 10.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		10. marraskuuta 2006 @ 13:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti). Lähetä myös uusi HjT-loki.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		11. marraskuuta 2006 @ 05:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Asennus onnistuu, mutta en saa päivitettyä eScania:( Koetin kiinni laittaa Avgt, koetin kerion firewallinkin sammuttaa, mutta silti kun ajan tuon kavupd.exen, niin tulee vaan failed-ilmoitus. Tavalla 2 ei Escan aukea(jota siinä neuvotaan odottamaan), vaikka kuinka odotan:( Onko ongelma siellä päässä..vai?
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		11. marraskuuta 2006 @ 06:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ole ongelma siellä päässä. Jos tuo ei toimi, niin ajas tämä:

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		11. marraskuuta 2006 @ 14:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä nämä.

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 57134
Number of viruses found 4
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 02:41:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Ale\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\history.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\key3.db Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\call256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chat512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\index2.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\profile256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\user1024.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\user16384.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\ApplicationHistory\CLI.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\History\History.IE5\MSHist012006111120061112\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\hsperfdata_Ale\3060 Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_81c.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_b68.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_d9c.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ale\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ale\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Downloads\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Downloads\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP376\A0042041.dll Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP377\A0043085.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP377\A0043316.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP378\A0043333.dll Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP378\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_1.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_2.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_3.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_4.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_5.VOB Object is locked skipped
D:\warez\torrent\THE_VALLEY_OF_THE_WIND_1.ISO Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_1.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_2.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_3.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_4.VOB Object is locked skipped
Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 19:21:17, on 11.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe
C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		11. marraskuuta 2006 @ 14:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Järj.palautuksessa on örkkejä, muuten ok. Vielä ongelmia?
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Amao
Junior Member
_ 		11. marraskuuta 2006 @ 15:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli siis millä tavalla nämä örkit sitten vaikuttavat järjestelmän palautukseen?
No AVG:n virus vaultissa on se 5 virusta:
1.c:\windows\system32\ismini.exe (TH downloader.ZLOB.EUN)
2.c:\DOCUME~1\Ale\LOCALS~1\Temp\npmflhub.dll(TH Generic2.GGN)
3.c:\System Volume Information\_restore{AF138.... (sama kuin 1.)
4.c:\program files\Common Files\{349C09.....(sama kuin 2, paitsi EXO-loppuinen.)filename Activate.exe
5.Täysin sama kuin 3, mutta tämän filename on A0040898.exe ja kolmosen filename on A0042083.exe

Eli näillekkö ei tarvitse enää tehdä mtn?nyt on kone toiminut suht normaalisti. pientä tökkimistä, varsinkin explorerin kanssa(tosin Mozillaa käytän 99%)
[ + lainaa]
Mainos
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		11. marraskuuta 2006 @ 15:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tyhjennä AVG:n virus vault

Tyhjennä järjestelmän palatus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Päivitä Java.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
 
Sivu:12>
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > trojan horse generic 2. exo
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy