virukset..

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 13.11.2025 / 14:35

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > virukset..

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

virukset..

Siirry:

Kirjoittaja

Viesti

eydnas

Junior Member

30. toukokuuta 2008 @ 14:24

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 699

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 33959
Kulunut aika: 13 minute(s), 24 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

_____________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 7:21:16, on 30.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe
C:\WINDOWS\service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\pmnllkIb.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnllkIb - C:\WINDOWS\SYSTEM32\pmnllkIb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

olen poistellut viruksia nyt 3 päivää ja aina ilmestyy lisää..

Troijan hevonen W32/LowZones.ASU
muisti käyttäjä amd64..
Tartunta tiedosto c:\docume~1\amd64\locals~1\tempor~1\content.ie5\t81xrcwg\kb7135~1
Poistettu Troijan hevonen W32/LowZones.ASU

norman valittelee tuon tyylisistä viruksista vähän väliä mutta ne ei koskaan poistu kunnolla

[ + lainaa]

kalminen

AfterDawn Addict

30. toukokuuta 2008 @ 16:53

Linkki tähän viestiin

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\pmnllkIb.dll

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\pmnllkIb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: pmnllkIb - C:\WINDOWS\SYSTEM32\pmnllkIb.dll

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

[ + lainaa]

(:)

eydnas

Junior Member

30. toukokuuta 2008 @ 20:08

Linkki tähän viestiin

ComboFix 08-05-29.1 - amd64 2008-05-30 12:45:40.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.291 [GMT -4:00]
Running from: C:\Documents and Settings\amd64\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\amd64\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\service.exe
C:\WINDOWS\system32\pmnllkIb.dll
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\BM9bafe2ee.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\GOqrXyxx.ini
C:\WINDOWS\system32\GOqrXyxx.ini2
C:\WINDOWS\system32\iifebArr.dll
C:\WINDOWS\system32\jhpctlvt.dll
C:\WINDOWS\system32\jrcjquxs.dll
C:\WINDOWS\system32\jtukrvjp.ini
C:\WINDOWS\system32\khfCTMdD.dll
C:\WINDOWS\system32\nnnoNfDt.dll
C:\WINDOWS\system32\pjvrkutj.dll
C:\WINDOWS\system32\pmnllkIb.dll
C:\WINDOWS\system32\qoMcyvVm.dll
C:\WINDOWS\system32\rXwxHRqr.ini
C:\WINDOWS\system32\rXwxHRqr.ini2
C:\WINDOWS\system32\urqqnLcb.dll
C:\WINDOWS\system32\xxyXrqOG.dll
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-04-28 to 2008-05-30 )))))))))))))))))
.

2008-05-30 12:24 . 2008-05-30 12:24 60,132 --a------ C:\dcsi.exe
2008-05-30 09:55 . 2008-05-30 12:08 86,498 --a------ C:\Documents and Settings\amd64\setup.exe
2008-05-29 22:34 . 2008-05-29 22:35 86,498 --a------ C:\com.com
2008-05-29 16:14 . 2008-05-29 16:14 <KANSIO> d-------- C:\Documents and Settings\amd64\Application Data\Talkback
2008-05-29 16:08 . 2008-05-29 16:08 86,340 --a------ C:\profile.com
2008-05-29 16:05 . 2008-05-29 17:23 345 --ahs---- C:\WINDOWS\system32\XxHRYcfe.ini
2008-05-29 16:00 . 2008-05-29 16:00 96,768 --------- C:\is15480.exe
2008-05-29 15:14 . 2008-05-29 17:21 60,132 --a------ C:\ddc.exe
2008-05-29 07:20 . 2008-05-29 07:35 345 --ahs---- C:\WINDOWS\system32\FOoVxyxx.ini
2008-05-28 23:34 . 2008-05-29 15:56 <KANSIO> d-------- C:\Program Files\Viewpoint
2008-05-28 23:34 . 2008-05-29 07:21 <KANSIO> d-------- C:\Program Files\AIMTunes
2008-05-28 23:34 . 2008-05-28 23:34 21 --a------ C:\WINDOWS\atid.ini
2008-05-28 23:32 . 2008-05-28 23:35 <KANSIO> d-------- C:\Program Files\AIM6
2008-05-28 23:15 . 2008-05-29 07:14 474 ---hs---- C:\WINDOWS\system32\hrmpwkmv.ini
2008-05-28 15:17 . 2008-05-30 12:39 60,132 --a------ C:\dci.exe
2008-05-28 07:11 . 2008-05-30 12:39 96,768 --------- C:\is154890.exe
2008-05-27 18:22 . 2008-05-28 07:11 40,960 --a------ C:\dciz.exe
2008-05-27 18:07 . 2008-05-27 18:07 <KANSIO> d-------- C:\Program Files\CCleaner
2008-05-27 18:05 . 2008-05-28 07:41 56,832 --a------ C:\sexy.com
2008-05-27 17:12 . 2008-05-27 18:17 <KANSIO> d-------- C:\Documents and Settings\amd64\Application Data\Winamp
2008-05-20 07:10 . 2008-05-20 07:15 <KANSIO> d-------- C:\Program Files\MSECache
2008-05-02 15:15 . 2008-05-30 12:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-02 15:15 . 2008-05-02 15:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-30 21:45 . 2008-04-30 21:57 <KANSIO> d-------- C:\Downloads
2008-04-30 21:45 . 2008-04-30 21:57 <KANSIO> d-------- C:\Bases
2008-04-30 21:38 . 2008-05-27 16:16 <KANSIO> d-------- C:\Kaspersky
2008-04-30 15:45 . 2008-04-30 15:45 <KANSIO> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-24 08:08 . 2008-04-24 08:08 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 08:08 . 2008-04-24 08:08 <KANSIO> d-------- C:\Documents and Settings\amd64\Application Data\Malwarebytes
2008-04-24 08:08 . 2008-04-24 08:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 15:47 . 2008-04-23 15:48 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-17 07:33 . 2008-04-17 07:33 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-04-15 16:37 . 2008-04-15 16:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-04-06 13:22 . 2008-04-29 17:56 <KANSIO> d-------- C:\Program Files\LimeWire
2008-04-06 13:22 . 2008-05-28 15:30 <KANSIO> d-------- C:\Documents and Settings\amd64\Application Data\LimeWire
2008-04-03 07:46 . 2008-05-26 10:40 <KANSIO> d-------- C:\Program Files\iTunes
2008-04-03 07:46 . 2008-04-03 07:46 <KANSIO> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-29 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-29 03:33 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-28 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-27 21:12 --------- d-----w C:\Program Files\Winamp
2008-05-27 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 19:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 19:50 --------- d-----w C:\Documents and Settings\amd64\Application Data\AdobeUM
2008-05-19 20:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 04:11 --------- d-----w C:\Documents and Settings\amd64\Application Data\Skype
2008-05-13 01:01 --------- d-----w C:\Program Files\Steam
2008-05-11 22:40 --------- d-----w C:\Documents and Settings\amd64\Application Data\BSplayer Pro
2008-04-30 11:39 --------- d-----w C:\Program Files\Java
2008-04-07 19:22 --------- d-----w C:\Documents and Settings\amd64\Application Data\Apple Computer
2008-04-03 11:45 --------- d-----w C:\Program Files\QuickTime
2008-03-28 02:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:31 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-26 11:49 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 11:49 297,984 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 16:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" [2005-06-08 07:44 196608]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-18 04:53 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="C:\Launch Manager\CtrlVol.exe" [2006-01-18 04:36 20480]
"Wbutton"="C:\Launch Manager\Wbutton.exe" [2006-01-18 04:36 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-18 04:41 737369]
"SoundMan"="SOUNDMAN.EXE" [2006-01-18 04:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 10:32 221184]
"LogitechVideoTray"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe" [2005-06-08 08:14 217088]
"LogitechVideoRepair"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe" [2005-06-08 08:24 458752]
"LMgrVolOSD"="C:\Launch Manager\OSD.exe" [2006-01-18 04:36 204800]
"LMgrOSD"="C:\Launch Manager\OSDCtrl.exe" [2006-01-18 04:36 245760]
"LaunchAp"="C:\Launch Manager\LaunchAp.exe" [2006-01-18 04:36 32768]
"HotkeyApp"="C:\Launch Manager\HotkeyApp.exe" [2006-01-18 04:36 57344]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-18 04:39 339968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 08:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-01-18 04:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-01-18 04:53 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnllkIb]
pmnllkIb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Sierra\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\amd64\\Omat tiedostot\\Ohjelmia\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam\\steamapps\\sandye\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED3.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET2.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2006-01-18 04:52]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 03:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2006-01-18 04:52]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 06:23]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 08:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 08:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 08:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 08:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b518c9c6-16ed-11dd-a749-000ae4b543ab}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb65a-87fa-11da-88b2-000ae4a9347e}]
\Shell\AutoRun\command - D:\setupSNK.exe

.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-05-23 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-29 17:33:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 12:57:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Norman\npm\bin\elogsvc.exe
C:\Norman\npm\bin\Zanda.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Norman\npm\bin\Njeeves.exe
C:\Norman\NVC\Bin\Nip.exe
C:\Norman\NVC\Bin\CClaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-05-30 13:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 17:07:51

Pre-Run: 34,860,781,568 tavua vapaana
Post-Run: 34,812,104,704 tavua vapaana

237 --- E O F --- 2008-05-29 03:54:03

[ + lainaa]

eydnas

Junior Member

30. toukokuuta 2008 @ 20:17

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 13:14:52, on 30.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe
C:\Launch Manager\OSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Launch Manager\OSDCtrl.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe
C:\Program Files\AIM6\aolsoftware.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

utta hijackthis logia

[ + lainaa]

Mainos

kalminen

AfterDawn Addict

30. toukokuuta 2008 @ 20:24

Linkki tähän viestiin

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************

* Lataa Otmoveit2 by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTMoveIt2.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.

 

C:\dcsi.exe

C:\com.com

C:\profile.com

C:\is15480.exe

C:\ddc.exe

C:\dci.exe

C:\is154890.exe

C:\dciz.exe 

C:\sexy.com

* Palaa takaisin OtmoveIt2, paina oikeanpuoleista hiiren nappia Paste List Of Files/Folders to Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.

* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OtMoveIt.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

Jos täältä tulee herjoja vielä:
c:\docume~1\amd64\locals~1\tempor~1\content.ie5\t81xrcwg\
Tyhjennä kansio vikasiedossa (\t81xrcwg\)

Laita logit OT ja HJT
.

[ + lainaa]

(:)

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > virukset..


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.