Kone jumittaa windowsiin/nettiin kirjautuessa Hjt, Combofix ja eScan-logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

perjantai 18.7.2025 / 01:34

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone jumittaa windowsiin/nettiin kirjautuessa hjt, combofix ja escan-logi

Aiheet

Keskustelualueet

Aloita uusi viestiketju

Kone jumittaa windowsiin/nettiin kirjautuessa Hjt, Combofix ja eScan-logi

Siirry:

Kirjoittaja

Viesti

Nispri

Newbie

17. marraskuuta 2006 @ 07:10

Linkki tähän viestiin

elikkä kone menee jumiin kun kirjaudun windowsiin noin 3-5 minuutiksi ja sen jälkeen rupeaa toimimaan normaalisti.
Logfile of HijackThis v1.99.1
Scan saved at 12:04:50, on 17.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NewSoft\Presto! PVR\URemote.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\MIIKAM~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Miika Merijärvi\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [URemote] C:\Program Files\NewSoft\Presto! PVR\URemote.exe
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{77479679-75A8-494D-BDE0-6A08474F4B14}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[ + lainaa]

Nispri

Newbie

18. marraskuuta 2006 @ 15:03

Linkki tähän viestiin

Ei kukaan viittis tarkastaa tota lokia??

[ + lainaa]

Hujo

Suspended permanently

19. marraskuuta 2006 @ 18:34

Linkki tähän viestiin

ei silmään osu äkkiselteen.

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Aina voi löytöjä tapahtua

[ + lainaa]

Voiko tietsikka koskaan toimia?

Nispri

Newbie

21. marraskuuta 2006 @ 14:39

Linkki tähän viestiin

elikkä tässä olis se loki:

Miika Merij?rvi - 06-11-21 19:35:53,40 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Miika Merij?rvi\Ty?p?yt?"

((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))

2006-11-19 19:32 <KANSIO> d-------- C:\Program Files\SimpleCenter
2006-11-19 19:32 <KANSIO> d-------- C:\Program Files\Common Files\i4j_jres
2006-11-18 20:37 571,696 --a------ C:\WINDOWS\LegitCheckControl.dll
2006-11-18 20:37 3,584 --a------ C:\WINDOWS\WgaLogon.dll
2006-11-17 18:58 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2006-11-17 18:57 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2006-11-17 18:56 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2006-11-17 18:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2006-11-17 18:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2006-11-17 18:56 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2006-11-17 18:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2006-11-17 18:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2006-11-17 11:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2006-11-17 11:27 <KANSIO> d-------- C:\Program Files\MessengerPlus! 3
2006-11-17 11:18 <KANSIO> d-------- C:\Program Files\MSN Messenger
2006-11-16 15:26 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-16 15:26 <KANSIO> d-------- C:\11c5c9a3c86406a62d84
2006-11-11 22:01 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-11 19:01 <KANSIO> d-------- C:\Program Files\Azureus
2006-11-11 19:01 <KANSIO> d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Azureus
2006-11-10 11:53 <KANSIO> d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Help
2006-11-10 11:46 86,016 --a------ C:\WINDOWS\system32\CNMCP5y.exe
2006-11-10 11:46 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2006-11-10 11:46 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2006-11-10 11:46 <KANSIO> d--h----- C:\BJPrinter
2006-11-10 11:25 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-05 19:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-11-05 19:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-11-05 19:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-11-04 19:38 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:56 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
2006-10-23 18:19 <KANSIO> d-------- C:\Program Files\NewSoft
2006-10-21 22:47 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2006-10-21 22:23 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-21 18:43 <KANSIO> d-------- C:\Program Files\TomTom HOME
2006-10-21 18:43 <KANSIO> d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\InstallShield

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-21 19:33 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-19 19:32 -------- d-------- C:\Program Files\Common Files
2006-11-17 19:19 -------- d---s---- C:\Documents and Settings\Miika Merij?rvi\Application Data\Microsoft
2006-11-17 19:19 -------- d-------- C:\Program Files\Common Files\Nokia
2006-11-17 19:18 -------- d-------- C:\Program Files\Nokia
2006-11-17 19:10 -------- d-------- C:\Program Files\Radeon Omega Drivers
2006-11-17 19:08 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-17 18:58 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Nokia
2006-11-17 11:19 -------- d-------- C:\Program Files\ffdshow
2006-11-16 15:25 -------- d-------- C:\Program Files\Internet Explorer
2006-11-11 22:20 -------- d-------- C:\Program Files\DC++
2006-11-11 21:58 -------- d-------- C:\Program Files\Winamp
2006-11-10 11:26 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Adobe
2006-11-04 19:37 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-03 10:57 -------- d-------- C:\Program Files\MultiRes
2006-10-29 19:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 18:20 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Macromedia
2006-10-27 09:15 -------- d-------- C:\Program Files\Java
2006-10-23 18:19 -------- d-------- C:\Program Files\Common Files\NewSoft
2006-10-21 22:43 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-18 09:40 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\PC Suite
2006-10-13 14:37 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:37 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 12:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 18:26 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 18:26 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 18:26 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 18:26 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 18:26 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 18:26 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-10 08:54 50688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2006-10-08 21:24 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\AdobeUM
2006-10-08 16:49 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-08 16:48 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-08 16:46 -------- d-------- C:\Program Files\Adobe
2006-10-08 15:19 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Datalayer
2006-10-08 11:34 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Sun
2006-10-08 11:27 -------- d-------- C:\Program Files\Common Files\Java
2006-10-07 13:05 -------- d-------- C:\Program Files\Launch Manager
2006-10-07 12:44 -------- d-------- C:\Program Files\DIFX
2006-10-07 11:29 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Ahead
2006-10-06 16:51 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-06 16:50 62 --ahs---- C:\Documents and Settings\Miika Merij?rvi\Application Data\desktop.ini
2006-10-06 16:50 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-06 16:20 -------- d-------- C:\Program Files\Windows Media Player
2006-10-06 15:59 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-10-06 15:48 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Leadertech
2006-10-06 15:21 -------- d-------- C:\Program Files\Messenger
2006-10-06 15:13 -------- d-------- C:\Program Files\F-Secure
2006-10-06 15:08 -------- d-------- C:\Program Files\Outlook Express
2006-10-06 15:08 -------- d-------- C:\Program Files\Common Files\System
2006-10-06 15:05 -------- d-------- C:\Program Files\Nero
2006-10-06 14:56 -------- d-------- C:\Program Files\CONEXANT
2006-10-06 14:50 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Mozilla
2006-10-06 14:44 -------- d-------- C:\Program Files\Realtek AC97
2006-10-06 14:43 -------- d-------- C:\Program Files\Synaptics
2006-10-06 14:42 -------- d-------- C:\Program Files\Broadcom
2006-10-06 14:38 -------- d-------- C:\Program Files\AMD
2006-10-06 14:37 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-06 14:35 -------- d-------- C:\Program Files\Acer Inc
2006-10-06 14:34 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-10-06 14:34 -------- d-------- C:\Program Files\Atheros
2006-10-06 14:34 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\BSplayer Pro
2006-10-06 14:33 -------- d-------- C:\Program Files\Webteh
2006-10-06 14:32 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Winamp
2006-10-06 14:29 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-10-06 14:24 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\F-Secure
2006-10-06 14:23 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Logitech
2006-10-06 14:22 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-10-06 14:22 -------- d-------- C:\Program Files\Cisco Systems
2006-10-06 14:21 118842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2006-10-06 14:20 -------- d-------- C:\Program Files\WinRAR
2006-10-06 14:14 -------- d-------- C:\Program Files\Logitech
2006-10-06 14:14 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-06 14:09 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
2006-10-06 14:07 -------- d-------- C:\Documents and Settings\Miika Merij?rvi\Application Data\Identities
2006-10-06 14:06 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-06 14:02 0 -rahs---- C:\MSDOS.SYS
2006-10-06 14:02 0 -rahs---- C:\IO.SYS
2006-10-06 14:02 0 --a------ C:\CONFIG.SYS
2006-10-06 14:02 0 --a------ C:\AUTOEXEC.BAT
2006-10-06 14:02 -------- d-------- C:\Program Files\xerox
2006-10-06 14:02 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-06 14:00 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-06 14:00 -------- d-------- C:\Program Files\Online Services
2006-10-06 13:59 -------- d-------- C:\Program Files\NetMeeting
2006-10-06 13:59 -------- d-------- C:\Program Files\Movie Maker
2006-10-06 13:59 -------- d-------- C:\Program Files\Common Files\Services
2006-10-06 13:59 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-06 13:57 -------- d-------- C:\Program Files\Windows NT
2006-10-06 13:57 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 13:44 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 05:47 129784 --------- C:\WINDOWS\system32\pxafs.dll
2006-08-25 05:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-23 05:11 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-23 04:53 260096 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-23 04:47 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-23 04:46 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-23 04:46 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-23 04:46 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-23 04:46 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-23 04:45 413696 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-23 04:44 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-23 04:38 2401984 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-23 04:33 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-23 04:33 2510752 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-23 04:27 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-23 04:24 5140480 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-23 04:21 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-23 04:19 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-23 04:14 290816 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"ACU"="\"C:\\Program Files\\Atheros\\ACU.exe\" -nogui"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"URemote"="C:\\Program Files\\NewSoft\\Presto! PVR\\URemote.exe"
"ChangeFilterMerit"="C:\\Program Files\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe"
"Presto! PVR Monitor"="C:\\Program Files\\NewSoft\\Presto! PVR\\Monitor.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-11-21 19:36:30.70
C:\ComboFix.txt ... 06-11-21 19:36

[ + lainaa]

Hujo

Suspended permanently

21. marraskuuta 2006 @ 14:56

Linkki tähän viestiin

C:\Documents and Settings\Miika Merijärvi\Työpöytä\HijackThis.exe nimeä uudestaan vaikka > Pommi.exe

lataa eScan http://koti.mbnet.fi/pattaya1/escanmwav.htm
Ohjeet sivulla.

lähetä:
Escan virusloki alaluukusta
uusi HjT-loki

[ + lainaa]

Voiko tietsikka koskaan toimia?

Nispri

Newbie

23. marraskuuta 2006 @ 13:17

Linkki tähän viestiin

elikkä tässä tarvittavat tiedot:

File C:\Program Files\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\Program Files\Nero\Nero 7\cmdow.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.

Logfile of HijackThis v1.99.1
Scan saved at 18:16:13, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\NewSoft\Presto! PVR\URemote.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\cisvc.exe
C:\DOCUME~1\MIIKAM~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\scan\mwavscan.com
C:\scan\kavss.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Miika Merijärvi\Työpöytä\pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [URemote] C:\Program Files\NewSoft\Presto! PVR\URemote.exe
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{77479679-75A8-494D-BDE0-6A08474F4B14}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[ + lainaa]

Nispri

Newbie

24. marraskuuta 2006 @ 08:18

Linkki tähän viestiin

Uusi huomio on että, jos kone ei saa yhteyttä nettiin niin se toimii normaalisti eli netillä on jotain osuutta asiaan...

[ + lainaa]

Hujo

Suspended permanently

24. marraskuuta 2006 @ 09:21

Linkki tähän viestiin

http://www.ctcn.net/~techweb/anti-virus/winsockfix.htm

koitas tuota jos auttaisi netti ongelmiin

[ + lainaa]

Voiko tietsikka koskaan toimia?

Mainos

Nispri

Newbie

24. marraskuuta 2006 @ 17:32

Linkki tähän viestiin

kyllä siitä vähän oli apua mutta edelleen kone jumittaa vähäksi aikaa, mutta kiitoksia avusta:)

[ + lainaa]

Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone jumittaa windowsiin/nettiin kirjautuessa hjt, combofix ja escan-logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.