ELi kone tilttailee, netti toimii tunnin normaalisti, ja sen jälkeen pätkii ilman syytä(esim. yritin ladata ad-awarea downloadin sivulta, latasi nätisti 9xx kt/s mutta 99% kohalla lopetti lataamisen ja niin edes päin, joten piti bootata Linuxin puolelle(äitini "ei" tykkää Linuxista(tottunut windowsiin eikä suostu käyttämään mitään muuta, surullista imho)), kone on aika ruoska(iirc celereonin ~1ghz, 1gb ram(ennen oli 512mb, ei vaikuttanut mitenkäät)), mutta ennen toimi ihan ok.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58:45, on 28.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Game_Maker6\Game_Maker.exe C:\WINDOWS\system32\divxsm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {57D04AA8-FB35-4F95-BC6C-2B866A757F4C} - C:\WINDOWS\system32\cbXPfccD.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S3B9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pirjo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-21-2225589205-954458941-6109216-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193749647763 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\ O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6869 bytes
scannaa hjt:llä merkkaa pana Fix checked O2 - BHO: (no name) - {57D04AA8-FB35-4F95-BC6C-2B866A757F4C} - C:\WINDOWS\system32\cbXPfccD.dll (file missing) O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file) O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\ sammuta ja käynnistä ---- Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. Lataa täältä uusi java Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 17 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u17-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. --------- Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi ------- lataa ccleaner ja asenna aja puhdistaja tutki ja aja ccleaner aja rekisteri etsi rekisteri virheitä ja korjaa valitut rekisteri virheet
Tarkistin koneen ad-awarella(ennen kuin luin viestisi) : Logfile created: 28.11.2009 15:52:35 Lavasoft Ad-Aware version: 8.1.0 User performing scan: Pirjo *********************** Definitions database information *********************** Lavasoft definition file: 149.63 Genotype definition file version: 2009/09/30 07:18:14 ******************************** Scan results: ********************************* Scan profile name: Smart Scan (ID: smart) Objects scanned: 12477 Objects detected: 18 Type Detected ========================== Processes.......: 0 Registry entries: 1 Hostfile entries: 0 Files...........: 5 Folders.........: 0 LSPs............: 0 Cookies.........: 12 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0 Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0 Description: *.adform* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409300 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0 Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0 Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0 Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0 Quarantined items: Description: C:\Documents and Settings\Pirjo\Local Settings\Temp\igropmjd.dll Family Name: Win32.Trojan.Monder Engine: 1 Clean status: Success Item ID: 772574 Family ID: 3235 MD5: c35718170ae800b3ecbc3b3295c913f6 Description: C:\Documents and Settings\Pirjo\Local Settings\Temp\jusched.exe Family Name: Win32.Trojan.HackAV Engine: 1 Clean status: Success Item ID: 401686 Family ID: 5217 MD5: 9bacdee05bc51ed2a6bb9c1c7836f55a Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\epsxe160\PSXeven\PSXeven\PSXeven_v0.19.exe Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 141577 Family ID: 795 MD5: 50810a45a6901835bbc8eac932262482 Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\mp4PlayerSetup.exe Family Name: Win32.Backdoor.ForBot Engine: 1 Clean status: Success Item ID: 345270 Family ID: 1565 MD5: 7b013064e89ee28f41dc9af4d37dab99 Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\yy-chr.exe Family Name: Win32.Trojan.KillFiles Engine: 1 Clean status: Success Item ID: 585946 Family ID: 1506 MD5: 6e69d62b63cb0dbee1277ac0aad2e6cc Description: HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:Userinit Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 28364 Family ID: 795 Scan and cleaning complete: Finished correctly after 506 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Smart Scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:0, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:0, value: Daily 1 ID: time, enabled:0, value: Sat Nov 28 15:50:00 2009 ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:0 ID: monday, enabled:0, value: false ID: tuesday, enabled:0, value: false ID: wednesday, enabled:0, value: false ID: thursday, enabled:0, value: false ID: friday, enabled:0, value: false ID: saturday, enabled:0, value: false ID: sunday, enabled:0, value: false ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:0, value: ID: auto_deal_with_infections, enabled:0, value: false ID: updatedaily2, enabled:0, value: Daily 2 ID: time, enabled:0, value: Sat Nov 28 21:50:00 2009 ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:0 ID: monday, enabled:0, value: false ID: tuesday, enabled:0, value: false ID: wednesday, enabled:0, value: false ID: thursday, enabled:0, value: false ID: friday, enabled:0, value: false ID: saturday, enabled:0, value: false ID: sunday, enabled:0, value: false ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:0, value: ID: auto_deal_with_infections, enabled:0, value: false ID: updatedaily3, enabled:0, value: Daily 3 ID: time, enabled:0, value: Sat Nov 28 03:50:00 2009 ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:0 ID: monday, enabled:0, value: false ID: tuesday, enabled:0, value: false ID: wednesday, enabled:0, value: false ID: thursday, enabled:0, value: false ID: friday, enabled:0, value: false ID: saturday, enabled:0, value: false ID: sunday, enabled:0, value: false ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:0, value: ID: auto_deal_with_infections, enabled:0, value: false ID: updatedaily4, enabled:0, value: Daily 4 ID: time, enabled:0, value: Sat Nov 28 09:50:00 2009 ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:0 ID: monday, enabled:0, value: false ID: tuesday, enabled:0, value: false ID: wednesday, enabled:0, value: false ID: thursday, enabled:0, value: false ID: friday, enabled:0, value: false ID: saturday, enabled:0, value: false ID: sunday, enabled:0, value: false ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:0, value: ID: auto_deal_with_infections, enabled:0, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sat Nov 28 15:50:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: true ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: true ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:0, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ID: layers, enabled:1 ID: useantivirus, enabled:0, value: true ID: usespywareheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: CPQ61995584212 Processor name: Intel(R) Celeron(R) CPU 1.70GHz Processor identifier: x86 Family 15 Model 1 Stepping 3 Processor speed: ~1694MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 259, number of processors 1, processor features: [MMX,SSE,SSE2] Physical memory available: 433184768 bytes Physical memory total: 1064812544 bytes Virtual memory available: 1922899968 bytes Virtual memory total: 2147352576 bytes Memory load: 59% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 784 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT-HALLINTA PID: 872 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT-HALLINTA PID: 896 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT-HALLINTA PID: 940 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT-HALLINTA PID: 952 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT-HALLINTA PID: 1116 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-HALLINTA PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: Verkkopalve domain: NT-HALLINTA PID: 1268 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-HALLINTA PID: 1304 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-HALLINTA PID: 1420 name: C:\WINDOWS\System32\svchost.exe owner: Verkkopalve domain: NT-HALLINTA PID: 1456 name: C:\WINDOWS\System32\svchost.exe owner: Paikallinen palve domain: NT-HALLINTA PID: 1660 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT-HALLINTA PID: 1756 name: C:\WINDOWS\System32\svchost.exe owner: Paikallinen palve domain: NT-HALLINTA PID: 1792 name: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe owner: SYSTEM domain: NT-HALLINTA PID: 1804 name: C:\Program Files\Comodo\Firewall\cmdagent.exe owner: SYSTEM domain: NT-HALLINTA PID: 1820 name: C:\Program Files\ESET\ESET Smart Security\ekrn.exe owner: SYSTEM domain: NT-HALLINTA PID: 1984 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: NT-HALLINTA PID: 2024 name: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe owner: SYSTEM domain: NT-HALLINTA PID: 136 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-HALLINTA PID: 728 name: C:\WINDOWS\System32\alg.exe owner: Paikallinen palve domain: NT-HALLINTA PID: 640 name: C:\WINDOWS\Explorer.EXE owner: Pirjo domain: CPQ61995584212 PID: 176 name: C:\Program Files\Analog Devices\SoundMAX\Smtray.exe owner: Pirjo domain: CPQ61995584212 PID: 184 name: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe owner: Pirjo domain: CPQ61995584212 PID: 852 name: C:\Program Files\Winamp\winampa.exe owner: Pirjo domain: CPQ61995584212 PID: 864 name: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe owner: Pirjo domain: CPQ61995584212 PID: 876 name: C:\Program Files\Comodo\Firewall\CPF.exe owner: Pirjo domain: CPQ61995584212 PID: 1080 name: C:\Program Files\ESET\ESET Smart Security\egui.exe owner: Pirjo domain: CPQ61995584212 PID: 1132 name: C:\WINDOWS\system32\ctfmon.exe owner: Pirjo domain: CPQ61995584212 PID: 300 name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE owner: Pirjo domain: CPQ61995584212 PID: 448 name: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe owner: Pirjo domain: CPQ61995584212 PID: 2372 name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe owner: SYSTEM domain: NT-HALLINTA PID: 2484 name: C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe owner: SYSTEM domain: NT-HALLINTA PID: 2516 name: C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe owner: SYSTEM domain: NT-HALLINTA PID: 3168 name: C:\WINDOWS\System32\msiexec.exe owner: SYSTEM domain: NT-HALLINTA PID: 3600 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Pirjo domain: CPQ61995584212 PID: 3636 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-HALLINTA PID: 3704 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-HALLINTA PID: 3732 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT-HALLINTA PID: 3924 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Pirjo domain: CPQ61995584212 Startup items: Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: Smapp imagepath: C:\Program Files\Analog Devices\SoundMAX\Smtray.exe Name: DrvLsnr imagepath: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe Name: AutoLogon Name: IgfxTray imagepath: C:\WINDOWS\System32\igfxtray.exe Name: WinampAgent imagepath: "C:\Program Files\Winamp\winampa.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" Name: COMODO Firewall Pro imagepath: "C:\Program Files\Comodo\Firewall\CPF.exe" /background Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Name: egui imagepath: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice Name: CTFMON.EXE imagepath: C:\WINDOWS\System32\CTFMON.EXE Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: ALG displayname: Sovelluskerroksen yhdyskäytäväpalvelu Name: AudioSrv displayname: Windows Audio Name: BITS displayname: BITS-tausta-ajo (Background Intelligent Transfer Service) Name: BlueSoleil Hid Service displayname: BlueSoleil Hid Service Name: Browser displayname: Tietokoneiden selaus Name: CmdAgent displayname: Comodo Application Agent Name: CryptSvc displayname: Salauspalvelut Name: DcomLaunch displayname: DCOM-palvelinprosessin käynnistys Name: Dhcp displayname: DHCP-asiakas Name: Dnscache displayname: DNS-asiakas Name: ekrn displayname: Eset Service Name: ERSvc displayname: Virheraportointipalvelut Name: Eventlog displayname: Tapahtumaloki Name: EventSystem displayname: COM+-tapahtumajärjestelmä Name: FastUserSwitchingCompatibility displayname: Nopean käyttäjän vaihdon yhteensopivuus Name: helpsvc displayname: Ohjeet ja tuotetuki Name: HidServ displayname: HID Input Service Name: lanmanserver displayname: Palvelin Name: lanmanworkstation displayname: Työasema Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSIServer displayname: Windows Installer Name: Netman displayname: Verkkoyhteydet Name: Nla displayname: NLA-nimiavaruus (Network Location Awareness) Name: PlugPlay displayname: Plug and Play Name: PnkBstrA displayname: PnkBstrA Name: PolicyAgent displayname: IPSEC-palvelut Name: ProtectedStorage displayname: Suojattu tallennuspaikka Name: RasMan displayname: Etäkäytön (RAS) yhteyksienhallinta Name: RpcSs displayname: Etäproseduurikutsu (RPC) Name: SamSs displayname: Käyttöoikeustilien hallinta Name: Schedule displayname: Tehtävien ajoitus Name: seclogon displayname: Toissijainen kirjautuminen Name: SENS displayname: Järjestelmätapahtuman ilmoitus Name: ServiceLayer displayname: ServiceLayer Name: SharedAccess displayname: Windowsin palomuuri / Internet-yhteyden jakaminen (ICS) Name: ShellHWDetection displayname: Käyttöliittymän laitteistotunnistus Name: SoundMAX Agent Service (default) displayname: SoundMAX Agent Service Name: Spooler displayname: Taustatulostusohjain Name: srservice displayname: Järjestelmän palauttaminen -palvelu Name: SSDPSRV displayname: SSDP-palvelu (Simple Service Discovery Protocol) Name: stisvc displayname: WIA (Windows Image Acquisition) Name: TapiSrv displayname: Puhelin Name: TermService displayname: Päätepalvelut Name: Themes displayname: Teemat Name: TrkWks displayname: Tiedostolinkkijäljityksen asiakas Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: WMI-palvelu (Windows Management Instrumentation) Name: wscsvc displayname: Tietoturvakeskus Name: wuauserv displayname: Automaattiset päivitykset Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Wireless Zero Configuration Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service hjt-logi(merkkasin ja painoin fix checkd mitä sanoit, tai ainakin ne mitkä löysin): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:10:59, on 28.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S3B9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pirjo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193749647763 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\ O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6330 bytes kone on huomattavasti nopeampi, teen loput paremmalla ajalla(nyt on vähän kiire IRL:in kanssa)
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file) O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\
