Löytyykö

pienesti ongelmia..

Jokohan juu jatkaisi tästä eteenpäin

Scannaa seuraavat tiedostot tällä:
http://virusscan.jotti.dhs.org/

C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
winupdate18987430[1].exe

Boottasithan koneen Escan scannauksen jälkeen? Jos et niin boottaa se.

LÄhetä vastaukset ja uusi HJT-logi

juggis kirjoitti:

Scannaa seuraavat tiedostot tällä:
http://virusscan.jotti.dhs.org/

C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
winupdate18987430[1].exe

Boottasithan koneen Escan scannauksen jälkeen? Jos et niin boottaa se.

LÄhetä vastaukset ja uusi HJT-logi

Lue lisää

Ei pääse scannaamaan tuolla scannerilla, tulee teksti "The jotti.dhs.org domain has been obsoleted. Please use jotti.org instead. Update your bookmarks". En muista buuttasinko koneen mut nyt tein ja tossa logi
Logfile of HijackThis v1.99.0
Scan saved at 20:34:30, on 26.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Jylppy kirjoitti:

Ei pääse scannaamaan tuolla scannerilla, tulee teksti "The jotti.dhs.org domain has been obsoleted. Please use jotti.org instead. Update your bookmarks". En muista buuttasinko koneen mut nyt tein ja tossa logi
Logfile of HijackThis v1.99.0
Scan saved at 20:34:30, on 26.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Lue lisää

Scannaa ne täällä
http://www.virustotal.com/flash/index_en.html

Lisää tuohon listaan vielä nämä jotka ovat myös "örkkejä"

C:\WINDOWS\System32\mstask.exe
C:\WINDOWS\System32\msmsgs.exe

.
.

Jylppy kirjoitti:

Ei pääse scannaamaan tuolla scannerilla, tulee teksti "The jotti.dhs.org domain has been obsoleted. Please use jotti.org instead. Update your bookmarks". En muista buuttasinko koneen mut nyt tein ja tossa logi
Logfile of HijackThis v1.99.0
Scan saved at 20:34:30, on 26.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Lue lisää

Scannata ne tällä:

http://www.virustotal.com/flash/index_en.html

Tuo on vähä outo kans
C:\WINDOWS\system32\shdocpl.dll

Scannaa sekin.

Ad-Aware kirjoitti:

Scannaa ne täällä
http://www.virustotal.com/flash/index_en.html

Lisää tuohon listaan vielä nämä jotka ovat myös "örkkejä"

C:\WINDOWS\System32\mstask.exe
C:\WINDOWS\System32\msmsgs.exe

.
.

Lue lisää

Jotin oikea osoite on tämä ;)

http://virusscan.jotti.org/

Ad-Aware kirjoitti:

Scannaa ne täällä
http://www.virustotal.com/flash/index_en.html

Lisää tuohon listaan vielä nämä jotka ovat myös "örkkejä"

C:\WINDOWS\System32\mstask.exe
C:\WINDOWS\System32\msmsgs.exe

.
.

Lue lisää

Service load:    0%            100%

File:    svcnut.exe
Status:    POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
Packers detected:    UPX

AntiVir    No viruses found
Avast    No viruses found
AVG Antivirus    No viruses found
BitDefender    BehavesLike:Trojan.StartPage (probable variant)
ClamAV    No viruses found
Dr.Web    No viruses found
F-Prot Antivirus    No viruses found
Fortinet    No viruses found
Kaspersky Anti-Virus    No viruses found
mks_vir    No viruses found
NOD32    probably unknown NewHeur_PE (probable variant)
Norman Virus Control    No viruses found

Statistics
Last piece of malware found was probably unknown NewHeur_PE in justaBadGirl.exe, detected by:
Scanner    Malware name
AntiVir    X
Avast    X
AVG Antivirus    X
BitDefender    Backdoor.DarkMoon
ClamAV    X
Dr.Web    BackDoor.DarkMoon
F-Prot Antivirus    unknown virus
Fortinet    X
Kaspersky Anti-Virus    X
mks_vir    X
NOD32    probably unknown NewHeur_PE
Norman Virus Control    X



Service load:    0%            100%

File:    6970.exe
Status:    INFECTED/MALWARE
Packers detected:    UPX

AntiVir    Heuristic/Trojan.Downloader (probable variant)
Avast    No viruses found
AVG Antivirus    No viruses found
BitDefender    No viruses found
ClamAV    No viruses found
Dr.Web    not a virus Adware.BetterInternet
F-Prot Antivirus    No viruses found
Fortinet    No viruses found
Kaspersky Anti-Virus    No viruses found
mks_vir    No viruses found
NOD32    No viruses found
Norman Virus Control    No viruses found

Statistics
Last piece of malware found was probably unknown NewHeur_PE in justaBadGirl.exe, detected by:
Scanner    Malware name
AntiVir    X
Avast    X
AVG Antivirus    X
BitDefender    Backdoor.DarkMoon
ClamAV    X
Dr.Web    BackDoor.DarkMoon
F-Prot Antivirus    unknown virus
Fortinet    X
Kaspersky Anti-Virus    X
mks_vir    X
NOD32    probably unknown NewHeur_PE
Norman Virus Control    X



Service load:    0%            100%

File:    shdocpl.dll
Status:    MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected:    -

AntiVir    No viruses found
Avast    No viruses found
AVG Antivirus    No viruses found
BitDefender    No viruses found
ClamAV    No viruses found
Dr.Web    No viruses found
F-Prot Antivirus    No viruses found
Fortinet    No viruses found
Kaspersky Anti-Virus    No viruses found
mks_vir    No viruses found
NOD32    No viruses found
Norman Virus Control    No viruses found

Statistics
Last piece of malware found was Trojan.Spy.Linux.Alk.A in vlogger-2.1.1.tar.gz, detected by:
Scanner    Malware name
AntiVir    X
Avast    X
AVG Antivirus    X
BitDefender    X
ClamAV    X
Dr.Web    X
F-Prot Antivirus    X
Fortinet    X
Kaspersky Anti-Virus    Trojan-Spy.Linux.Alk.a
mks_vir    Trojan.Spy.Linux.Alk.A
NOD32    X
Norman Virus Control    X


Scannasin nuo kaikki tolla Jotilla, nuo se scannas mut muille tuli teksti "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
".

juggis kirjoitti:

Scannata ne tällä:

http://www.virustotal.com/flash/index_en.html

Tuo on vähä outo kans
C:\WINDOWS\system32\shdocpl.dll

Scannaa sekin.

Lue lisää

This is a report processed by VirusTotal on 03/27/2005 at 12:14:28 (CET) after scanning the file "svcnut.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   no virus found
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   BehavesLike:Trojan.StartPage
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   probably unknown NewHeur_PE virus
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   Adware/Startpage.DH
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   Trojan.StartPage.L
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.





This is a report processed by VirusTotal on 03/27/2005 at 12:16:14 (CET) after scanning the file "6970.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   Heuristic/Trojan.Downloader
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   no virus found
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   no virus found
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   no virus found
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   no virus found
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



C:\WINDOWS\system32\shdocpl.dll
tästä ei löytynyt viruksia


Muissa luki et ilmeisesti liian iso tiedosto tai jotain eikä se scannannut niitä

Jylppy kirjoitti:

This is a report processed by VirusTotal on 03/27/2005 at 12:14:28 (CET) after scanning the file "svcnut.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   no virus found
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   BehavesLike:Trojan.StartPage
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   probably unknown NewHeur_PE virus
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   Adware/Startpage.DH
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   Trojan.StartPage.L
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.





This is a report processed by VirusTotal on 03/27/2005 at 12:16:14 (CET) after scanning the file "6970.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   Heuristic/Trojan.Downloader
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   no virus found
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   no virus found
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   no virus found
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   no virus found
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



C:\WINDOWS\system32\shdocpl.dll
tästä ei löytynyt viruksia


Muissa luki et ilmeisesti liian iso tiedosto tai jotain eikä se scannannut niitä

Lue lisää

noita Ad-Awaren mainitsemia tiedostoja?

Jylppy kirjoitti:

This is a report processed by VirusTotal on 03/27/2005 at 12:14:28 (CET) after scanning the file "svcnut.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   no virus found
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   BehavesLike:Trojan.StartPage
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   probably unknown NewHeur_PE virus
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   Adware/Startpage.DH
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   Trojan.StartPage.L
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.





This is a report processed by VirusTotal on 03/27/2005 at 12:16:14 (CET) after scanning the file "6970.exe" file.
Antivirus   Version   Update   Result
AntiVir   6.30.0.7   03.26.2005   Heuristic/Trojan.Downloader
AVG   718   03.27.2005   no virus found
BitDefender   7.0   03.27.2005   no virus found
ClamAV   devel-20050307   03.26.2005   no virus found
DrWeb   4.32b   03.26.2005   no virus found
eTrust-Iris   7.1.194.0   03.26.2005   no virus found
eTrust-Vet   11.7.0.0   03.26.2005   no virus found
Fortinet   2.51   03.26.2005   no virus found
F-Prot   3.16a   03.26.2005   no virus found
Ikarus   2.32   03.21.2005   no virus found
Kaspersky   4.0.2.24   03.27.2005   no virus found
McAfee   4455   03.25.2005   no virus found
NOD32v2   1.1038   03.26.2005   no virus found
Norman   5.70.10   03.26.2005   no virus found
Panda   8.02.00   03.26.2005   no virus found
Sybari   7.5.1314   03.27.2005   no virus found
Symantec   8.0   03.26.2005   no virus found
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



C:\WINDOWS\system32\shdocpl.dll
tästä ei löytynyt viruksia


Muissa luki et ilmeisesti liian iso tiedosto tai jotain eikä se scannannut niitä

Lue lisää

>>>>>>
Muissa luki et ilmeisesti liian iso tiedosto tai jotain eikä se scannannut niitä

juggis kirjoitti:

noita Ad-Awaren mainitsemia tiedostoja?

Yritin scannata jotilla niitä kaikkia mut kaikkia ei pystynyt.

>>>>>Kun tulee se ilmoitus niin kirjoita siihen laatikkoon sähköpostiosoitteesi niin ne tulokset tulevat sähköpostiisi.

Jylppy kirjoitti:

Yritin scannata jotilla niitä kaikkia mut kaikkia ei pystynyt.

>>>>>Kun tulee se ilmoitus niin kirjoita siihen laatikkoon sähköpostiosoitteesi niin ne tulokset tulevat sähköpostiisi.

Lue lisää

Pistä uusi HijackThis logi
.
.

Jylppy kirjoitti:

Ei pääse scannaamaan tuolla scannerilla, tulee teksti "The jotti.dhs.org domain has been obsoleted. Please use jotti.org instead. Update your bookmarks". En muista buuttasinko koneen mut nyt tein ja tossa logi
Logfile of HijackThis v1.99.0
Scan saved at 20:34:30, on 26.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Lue lisää

Mulla ei ole kokemuksia tuosta tapauksesta, kun "jotti" lähettää sähköpostina vastauksen joten en tiedä kauanko siinä menee.

Mielestäni nuo kolme ovat poistettava. Voi olla että nuo kaksi joista vastausta ei ole tullut ovat kytköksissä noihin kolmeen (ym) tai osaan niistä.

Kuinka muuten onko ollut aloitussivun kanssa ongelmia ennen kun login lähetit? Entäs sen jälkeen kun Escan:in ajoit?

Nuo ainakin voitaisiin poistaa mitkä escan nimesi, muttei voinut poistaa:

File C:\WINDOWS\System32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\system32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\system32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\system32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\Web\tip.htm tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\System32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\System32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.

Eli polut ja tiedostot on yllä.

Käynnistä kone vikasietotilaan ja etsi ja poista nuo.

Ad-Aware kirjoitti:

Pistä uusi HijackThis logi
.
.

Ad-Aware. Hienoa hoida tääkin kuntoon, niin seuraan ja opettelen.

juggis kirjoitti:

Mulla ei ole kokemuksia tuosta tapauksesta, kun "jotti" lähettää sähköpostina vastauksen joten en tiedä kauanko siinä menee.

Mielestäni nuo kolme ovat poistettava. Voi olla että nuo kaksi joista vastausta ei ole tullut ovat kytköksissä noihin kolmeen (ym) tai osaan niistä.

Kuinka muuten onko ollut aloitussivun kanssa ongelmia ennen kun login lähetit? Entäs sen jälkeen kun Escan:in ajoit?

Nuo ainakin voitaisiin poistaa mitkä escan nimesi, muttei voinut poistaa:

File C:\WINDOWS\System32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\system32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\system32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\system32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\Web\tip.htm tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\System32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\System32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.

Eli polut ja tiedostot on yllä.

Käynnistä kone vikasietotilaan ja etsi ja poista nuo.

Lue lisää

Nämä poistin:
File C:\WINDOWS\System32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\system32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\system32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\system32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\Web\tip.htm tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\System32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\System32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.


Oli aloitussivu vaihtunut jo ennen kuin kun lähetin login tänne.

Poistanko nämä myös??

C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
winupdate18987430[1].exe
C:\WINDOWS\System32\mstask.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\system32\shdocpl.dll

HiJack logi:
Logfile of HijackThis v1.99.0
Scan saved at 20:08:04, on 27.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Ad-Aware kirjoitti:

Pistä uusi HijackThis logi
.
.

versio 1.99.1
tuosta
http://koti.mbnet.fi/pattaya1/HijackThis.exe

ja pistä siitä se uusi logi.

Poista se vanha hijackthis.
.
.

Jylppy kirjoitti:

Nämä poistin:
File C:\WINDOWS\System32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\system32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\system32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\system32\vciewer.ocx tagged as not-a-virus:Porn-Downloader.Win32.Holistyc.a. No Action Taken.
File C:\WINDOWS\Web\tip.htm tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
File C:\WINDOWS\System32\fixmapirs.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\WINDOWS\System32\opensdl.exe tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.


Oli aloitussivu vaihtunut jo ennen kuin kun lähetin login tänne.

Poistanko nämä myös??

C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
winupdate18987430[1].exe
C:\WINDOWS\System32\mstask.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\system32\shdocpl.dll

HiJack logi:
Logfile of HijackThis v1.99.0
Scan saved at 20:08:04, on 27.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Lue lisää

Hae uusin versio 1.99.1
tuosta
http://koti.mbnet.fi/pattaya1/HijackThis.exe

ja pistä siitä se uusi logi.

Poista se vanha hijackthis.
.

Ad-Aware kirjoitti:

Hae uusin versio 1.99.1
tuosta
http://koti.mbnet.fi/pattaya1/HijackThis.exe

ja pistä siitä se uusi logi.

Poista se vanha hijackthis.
.

Lue lisää

Logfile of HijackThis v1.99.1
Scan saved at 20:38:33, on 27.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tomppa\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Jylppy kirjoitti:

Logfile of HijackThis v1.99.1
Scan saved at 20:38:33, on 27.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tomppa\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Lue lisää

Moi

Poista ensin se vanha versio sieltä C:\HJT2 kansiosta ja sitten siirrät tämän uuden sinne ja teet sieltä sitten seuraavan scannauksen.

Lopeta tehtävienhallinnan kautta seuraava prosessi

svcnut.exe

Pistä piilotiedostot näkyviin..ohje tuossa
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Varmista,että sulla on piilotiedostojen asetukset kuvan mukaiset.
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet

Jos otat ruksin pois niin tulee seuraava kuva...vastaa siihen Kyllä.
http://koti.mbnet.fi/pattaya1/kuvat/piilo1.jpg

Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

Tee sitten uusi scannaus HijackThissillä ja poista seuraavat rivit jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta. Sulje siis myös tämä ikkuna mitä nyt luet ennenkuin painat Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm

F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe

sitten jos et tunnista IP-osoitteita niin FIXaa myös seuraavat

O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37

Sammuta kone. Käynnistä VIKASIETOTILASSA.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Etsi ja POISTA vielä seuraavat tiedostot jos vielä löytyy. Muutamiin olen merkinnyt lisäksi tuon eScannin uudelleen nimetyn päätteen.

C:\WINDOWS\system32\sysobj.exe.mwt
C:\WINDOWS\system32\dwcrnt.exe.mwt
C:\WINDOWS\System32\fixmapirs.exe
C:\WINDOWS\System32\hdcby.dll.mwt
C:\WINDOWS\System32\hddok.dll.mwt
C:\WINDOWS\System32\hddrb.dll.mwt
C:\WINDOWS\System32\hdfij.dll.mwt
C:\WINDOWS\System32\hdfkv.dll.mwt
C:\WINDOWS\System32\hdtqs.dll.mwt
C:\WINDOWS\System32\hdwft.dll.mwt
C:\WINDOWS\System32\hdxof.dll.mwt
C:\WINDOWS\System32\hdydf.dll.mwt
C:\WINDOWS\System32\opensdl.exe
C:\WINDOWS\System32\thun32.dll
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
C:\WINDOWS\System32\mstask.exe
winupdate18987430[1].exe

Sitten tuo viimeinen winupdate18987430[1].exe löytyy polusta
C:\Documents and Settings\username\Start Menu\Programs\Startup

tai jos on suomenkielinen niin..
C:\Documents and Settings\Käyttäjän Nimi\Käynnistä-valikko\Ohjelmat\Käynnistys

Kysyit myös tästä
C:\WINDOWS\System32\msmsgs.exe

Kun katselin tarkemmin tuota eScannin logia niin se on jo poistettu...

Sitten tyhjennä temp-kansio seuraavasta polusta

C:\Documents and Settings\Tomppa\Local Settings\Temp

Sitten kirjoita Käynnistä-valikon Suorita kohtaan cleanmgr ja paina Ok.
Tarkista,että seuraavat on merkitty ja anna poistaa ne.

Temporary Files ( Tilapäiset tiedostot )
Temporary Internet Files
Recycle Bin ( Roskakori )

Paluu normaalitilaan.
Sitten käytä sitä eScannia vielä kerran. Muista päivittää se kuitenkin ennen käyttöä.
Liitä taas sen löytämät "örkit" seuraavaan viestiin mukaan.

Pistä myös uusi HijackThis logi.
.
.

Jylppy kirjoitti:

Logfile of HijackThis v1.99.1
Scan saved at 20:38:33, on 27.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tomppa\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Lue lisää

on tämä tuntematon prosessi

C:\WINDOWS\system32\svcnut.exe

Suosittelen sen sulkemista ennen muita toimenpiteitä, SEKÄ järjestelmän palautustoiminnon poistamista !!!

Ad-Aware kirjoitti:

Moi

Poista ensin se vanha versio sieltä C:\HJT2 kansiosta ja sitten siirrät tämän uuden sinne ja teet sieltä sitten seuraavan scannauksen.

Lopeta tehtävienhallinnan kautta seuraava prosessi

svcnut.exe

Pistä piilotiedostot näkyviin..ohje tuossa
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Varmista,että sulla on piilotiedostojen asetukset kuvan mukaiset.
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet

Jos otat ruksin pois niin tulee seuraava kuva...vastaa siihen Kyllä.
http://koti.mbnet.fi/pattaya1/kuvat/piilo1.jpg

Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

Tee sitten uusi scannaus HijackThissillä ja poista seuraavat rivit jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta. Sulje siis myös tämä ikkuna mitä nyt luet ennenkuin painat Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm

F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\6970.exe
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\System32\mstask.exe
O4 - Startup: winupdate18987430[1].exe

sitten jos et tunnista IP-osoitteita niin FIXaa myös seuraavat

O17 - HKLM\System\CCS\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD4D94E-7B48-4A4D-92E5-92A3DBB196D4}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C05EFD-9802-4D27-903E-1D5B17B77C0A}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE5DA09-5240-4EBF-B5F1-3E1FCC493747}: NameServer = 69.50.188.180,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{67D507B5-1DD3-4FB5-8C13-4610D3B12D2F}: NameServer = 69.50.188.180,195.225.176.37

Sammuta kone. Käynnistä VIKASIETOTILASSA.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Etsi ja POISTA vielä seuraavat tiedostot jos vielä löytyy. Muutamiin olen merkinnyt lisäksi tuon eScannin uudelleen nimetyn päätteen.

C:\WINDOWS\system32\sysobj.exe.mwt
C:\WINDOWS\system32\dwcrnt.exe.mwt
C:\WINDOWS\System32\fixmapirs.exe
C:\WINDOWS\System32\hdcby.dll.mwt
C:\WINDOWS\System32\hddok.dll.mwt
C:\WINDOWS\System32\hddrb.dll.mwt
C:\WINDOWS\System32\hdfij.dll.mwt
C:\WINDOWS\System32\hdfkv.dll.mwt
C:\WINDOWS\System32\hdtqs.dll.mwt
C:\WINDOWS\System32\hdwft.dll.mwt
C:\WINDOWS\System32\hdxof.dll.mwt
C:\WINDOWS\System32\hdydf.dll.mwt
C:\WINDOWS\System32\opensdl.exe
C:\WINDOWS\System32\thun32.dll
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\6970.exe
C:\WINDOWS\System32\mstask.exe
winupdate18987430[1].exe

Sitten tuo viimeinen winupdate18987430[1].exe löytyy polusta
C:\Documents and Settings\username\Start Menu\Programs\Startup

tai jos on suomenkielinen niin..
C:\Documents and Settings\Käyttäjän Nimi\Käynnistä-valikko\Ohjelmat\Käynnistys

Kysyit myös tästä
C:\WINDOWS\System32\msmsgs.exe

Kun katselin tarkemmin tuota eScannin logia niin se on jo poistettu...

Sitten tyhjennä temp-kansio seuraavasta polusta

C:\Documents and Settings\Tomppa\Local Settings\Temp

Sitten kirjoita Käynnistä-valikon Suorita kohtaan cleanmgr ja paina Ok.
Tarkista,että seuraavat on merkitty ja anna poistaa ne.

Temporary Files ( Tilapäiset tiedostot )
Temporary Internet Files
Recycle Bin ( Roskakori )

Paluu normaalitilaan.
Sitten käytä sitä eScannia vielä kerran. Muista päivittää se kuitenkin ennen käyttöä.
Liitä taas sen löytämät "örkit" seuraavaan viestiin mukaan.

Pistä myös uusi HijackThis logi.
.
.

Lue lisää

Jätä varmuuden vuoksi vielä poistamatta tiedosto

C:\WINDOWS\System32\mstask.exe

Sen rivin voit kyllä FIXata siitä HijackThis logista.
.
.

Ad-Aware kirjoitti:

Jätä varmuuden vuoksi vielä poistamatta tiedosto

C:\WINDOWS\System32\mstask.exe

Sen rivin voit kyllä FIXata siitä HijackThis logista.
.
.

Logfile of HijackThis v1.99.1
Scan saved at 17:51:00, on 28.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Norman\bin\ZANDA.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\HjT2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




C:\WINDOWS\System32\fixmapirs.exe >>löyty fixmapi.exe>löyty thun.dll

Jylppy kirjoitti:

Logfile of HijackThis v1.99.1
Scan saved at 17:51:00, on 28.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Norman\bin\ZANDA.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\HjT2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




C:\WINDOWS\System32\fixmapirs.exe >>löyty fixmapi.exe>löyty thun.dll

Lue lisää

Logi näyttää olevan OK.

>>>>>
C:\WINDOWS\System32\fixmapirs.exe >>löyty fixmapi.exe
C:\WINDOWS\System32\thun32.dll >>löyty thun.dll

Ad-Aware kirjoitti:

Logi näyttää olevan OK.

>>>>>
C:\WINDOWS\System32\fixmapirs.exe >>löyty fixmapi.exe
C:\WINDOWS\System32\thun32.dll >>löyty thun.dll

Omasta sähköpostistako se lähetetään??

Jylppy kirjoitti:

Omasta sähköpostistako se lähetetään??

Jep.
.
.

Ad-Aware kirjoitti:

Logi näyttää olevan OK.

>>>>>
C:\WINDOWS\System32\fixmapirs.exe >>löyty fixmapi.exe
C:\WINDOWS\System32\thun32.dll >>löyty thun.dll

Ei löytänyt tuo scanneri mitään

Jylppy kirjoitti:

Ei löytänyt tuo scanneri mitään

Hyvä niin :)