cid ikkunoiden poisto??

Discussion in 'Virukset ja haittaohjelmat' started by after_, May 27, 2007.

Page 1 of 2
  1. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    cid mainosikkunoita ilmestyy koneelleni koko ajan. miten ne saisi poistettua?
     
    after_, May 27, 2007
    #1
  2. Auttaja

    Auttaja Guest

    näin


    -> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
    -> Tallenna hakemistoon C:\hjt
    ->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
    1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
    [​IMG]

    2. Valitse Uudelleennineä/ Rename.
    [​IMG]

    3. Kirjoita scanner.exe
    [​IMG]
    -> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
    -> Lähetä ilmestynyt logisi tähän ketjuun
     
    Auttaja, May 27, 2007
    #2
  3. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:10:11, on 27.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Npm\bin\NJEEVES.EXE
    C:\Program Files\Nvc\bin\nvcoas.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Npm\bin\ZLH.EXE
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Nvc\BIN\NIP.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Nvc\bin\cclaw.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\scanner.exe.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [rdr trust soap settings] C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust\TickNurb.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Npm\bin\ELOGSVC.EXE
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10679 bytes
     
    Last edited: May 27, 2007
    after_, May 27, 2007
    #3
  4. Auttaja

    Auttaja Guest

    Jees, lophan se siel

    ========

    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    http://www.spywareedge.net/nolop/NoLop.exe1
    http://www.spywaretimes.com/Tools/Download/Anti-malwareToolsLinkki
    http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16

    * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    * Tuplaklikkaa NoLop.exe ajaaksesi sen

    * Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    * Klikkaa "REBOOT"-painiketta.
    * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --

    =========

    Lataa ATF Cleaner
    http://www.atribune.org/ccount/click.php?id=1

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

    ========

    Poista

    C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust

    Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

    ======

    Uusi hijackthislogi
     
    Auttaja, May 27, 2007
    #4
  5. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    latasin NoLop:in ja se sanoi että infektiota ei löytynyt.
    "no infection files have been found" mutta sitä ennen päivällä tein juuri noin ku katsoin tältä sivustolta ohjeita miten muut ovat joutuneet tekemää(ja silloin siellä oli infektio.) mutta se kait poistui kun kone uudelleen käynnistyi jne? kun ei kerran enää näy? mutta en osannut tehdä sitä tietenkään sillon oikein loppuun ja vieläkin niitä mainoksia tuli sen jälkeen. joten mitenkäs nyt? locia en siis saanut kerran nyt ei ollut enää infektiota.
     
    after_, May 27, 2007
    #5
  6. Auttaja

    Auttaja Guest

    locia en siis saanut kerran nyt ei ollut enää infektiota.

    kyllä se sen loki vaan tuonne tekee, siin näkee ne kansiot.. teepp nyt noi ku neuvoin.
     
    Auttaja, May 27, 2007
    #6
  7. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    mahtaakohan tämä olla se loci?


    NoLop! Log by Skate_Punk_21

    Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

    Fix running from: C:\Documents and Settings\sini\Työpöytä
    [27.5.2007]
    [18:51:25]

    ---Infection Files Found/Removed---
    NO INFECTION FILES FOUND - Cleaning Aborted.

    ---Listing AppData sub directories---

    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Amenremoterdrtrust
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Logitech
    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
    C:\Documents and Settings\All Users\Application Data\Sony Corporation
    C:\Documents and Settings\All Users\Application Data\Ulead Systems
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Sini\Application Data\Adobe
    C:\Documents and Settings\Sini\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Sini\Application Data\Ahead
    C:\Documents and Settings\Sini\Application Data\Creative
    C:\Documents and Settings\Sini\Application Data\Google -- EMPTY Directory
    C:\Documents and Settings\Sini\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Sini\Application Data\Identities
    C:\Documents and Settings\Sini\Application Data\Intervideo
    C:\Documents and Settings\Sini\Application Data\Macromedia
    C:\Documents and Settings\Sini\Application Data\Microsoft
    C:\Documents and Settings\Sini\Application Data\Openoffice.org2
    C:\Documents and Settings\Sini\Application Data\Screenshot Sender
    C:\Documents and Settings\Sini\Application Data\Sony Corporation
    C:\Documents and Settings\Sini\Application Data\Sun
    C:\Documents and Settings\Timo\Application Data\Adobe
    C:\Documents and Settings\Timo\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Timo\Application Data\Ahead
    C:\Documents and Settings\Timo\Application Data\Google
    C:\Documents and Settings\Timo\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Timo\Application Data\Identities
    C:\Documents and Settings\Timo\Application Data\Intervideo
    C:\Documents and Settings\Timo\Application Data\Macromedia
    C:\Documents and Settings\Timo\Application Data\Microsoft
    C:\Documents and Settings\Timo\Application Data\Openoffice.org2
    C:\Documents and Settings\Timo\Application Data\Sony Corporation
    C:\Documents and Settings\Timo\Application Data\Sun
    C:\Documents and Settings\Timo\Application Data\That Default
    C:\Documents and Settings\Timo\Application Data\Ulead Systems
    C:\Documents and Settings\Vieras\Application Data\Adobe
    C:\Documents and Settings\Vieras\Application Data\Google
    C:\Documents and Settings\Vieras\Application Data\Identities
    C:\Documents and Settings\Vieras\Application Data\Macromedia
    C:\Documents and Settings\Vieras\Application Data\Microsoft
    C:\Documents and Settings\Vieras\Application Data\Sony Corporation
    C:\Documents and Settings\Vieras\Application Data\Sun
     
    after_, May 27, 2007
    #7
  8. Auttaja

    Auttaja Guest

    C:\Documents and Settings\All Users\Application Data\Messenger Plus!

    Tuossa syy miks saat noita popuppeja, poista koko paska ja laita uusi Hijackthis logi
     
    Auttaja, May 27, 2007
    #8
  9. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    okei.. pitänee kait se sitten poistaa. kiitti avusta. :)
     
    Last edited: May 27, 2007
    after_, May 27, 2007
    #9
  10. Auttaja

    Auttaja Guest

    Pistä sitten uusi hijackthis logi nähää poistuko loppi.
     
    Auttaja, May 27, 2007
    #10
  11. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    poistin mese live plussa jutun.. normaalin mesen jätin tähän kuitenki. mikä tässä olikin. mahtoikohan auttaa nyt yhtään?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:05:51, on 27.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Npm\bin\NJEEVES.EXE
    C:\Program Files\Nvc\bin\nvcoas.exe
    C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Npm\bin\ZLH.EXE
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Nvc\BIN\NIP.EXE
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Nvc\bin\cclaw.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis_v2.0.0.0.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [rdr trust soap settings] C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust\TickNurb.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jy.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Npm\bin\ELOGSVC.EXE
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10712 bytes
     
    after_, May 27, 2007
    #11
  12. Auttaja

    Auttaja Guest

    Jees, lopit ei hävinny minnekkää

    =====

    Luo poistolista:

    * Avaa HiJackThis
    * Klikkaa "Configure" valintaa oikealla alhaalla
    * Klikkaa "Misc Tools"
    * Klikkaa boxia joka sanoo "Uninstall Manager"
    * Klikkaa valintaa "Save list"
    * Kopioi ja liitä kyseinen lista muistiosta postiisi


    Luo käynnistyslista

    * Avaa HiJackThis
    * Klikkaa "Configure" valintaa oikealla alhaalla
    * Klikkaa "Misc Tools"
    * Rastita 2 boxia boxin vierestä jossa lukee "Generate StartupList log"
    * Klikkaa valintaa "Generate StartupList log"
    * Kopioi ja liitä käynnistyslistasi muistiosta postiisi

    ======0

    Lataa Findlop niin tarkistetaan onko ajoitettu tehtävä
    Findlop by Metallica
    pura zippi, tuplaklikkaa findlop.bat
    loki on täällä -> C:\findlop.txt
    lähetä loki tänne

    =====

    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    http://www.spywareedge.net/nolop/NoLop.exe1
    http://www.spywaretimes.com/Tools/Download/Anti-malwareToolsLinkki
    http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16

    * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    * Tuplaklikkaa NoLop.exe ajaaksesi sen

    * Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    * Klikkaa "REBOOT"-painiketta.
    * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --

    ======

    Sitte tehää sellanen fixi että lähtee varmasti
     
    Last edited by a moderator: May 27, 2007
    Auttaja, May 27, 2007
    #12
  13. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    no nyt on tallessa se poistolista ja käynnistyslista. :) laitanko ne tänne vai? Findlop jutun latasin ja purin koneelle. niin mitäs sitten?
     
    after_, May 27, 2007
    #13
  14. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    findlop loki:

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'Tarkistetaan Windows Live -työkalurivin päivitykset.job
    '
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'sini'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 05/27/2007 23:43:00
    NextRun: 05/28/2007 0:43:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 02/05/2007
    EndDate: 00/00/0000
    StartTime: 12:43
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0
     
    after_, May 27, 2007
    #14
  15. Auttaja

    Auttaja Guest

    Jees, teetkö nuo muutkin logit :)
     
    Auttaja, May 27, 2007
    #15
  16. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    jeps.. tässä näin :)

    poistolista

    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.5 - Suomi
    Adobe Shockwave Player
    Automaattiset valikot (Windows Live Toolbar)
    DC++ 0.698
    EasyCleaner
    eMule Plus 1.2a
    Google Toolbar for Internet Explorer
    High Definition Audio - KB888111
    HijackThis 2.0.0
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix-päivitys Windows XP:lle (KB889527)
    Hotfix-päivitys Windows XP:lle (KB893357)
    Hotfix-päivitys Windows XP:lle (KB896256)
    Hotfix-päivitys Windows XP:lle (KB898900)
    Hotfix-päivitys Windows XP:lle (KB903234)
    Hotfix-päivitys Windows XP:lle (KB904412)
    Hotfix-päivitys Windows XP:lle (KB906569)
    Hotfix-päivitys Windows XP:lle (KB907865)
    Hotfix-päivitys Windows XP:lle (KB910728)
    Hotfix-päivitys Windows XP:lle (KB914440)
    InterVideo MediaOne Gallery
    J2SE Runtime Environment 5.0 Update 10
    Java(TM) SE Runtime Environment 6 Update 1
    Logitech Audio Echo Cancellation Component
    Logitech Desktop Messenger
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera -ohjain
    Macromedia Flash Player 8
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 -tuotteen Security Update (KB922770)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSXML 4.0 SP2 (KB927978)
    Nero OEM
    Norman Virus Control
    NVIDIA Drivers


    OpenMG Limited Patch 4.1-05-13-31-01
    OpenMG Secure Module 4.1.00
    OpenOffice.org 2.0
    Outlook-työkalurivi (Windows Live Toolbar)
    PhotoFiltre
    Päivitys Windows XP:lle (KB896427)
    Päivitys Windows XP:lle (KB897663)
    Päivitys Windows XP:lle (KB898461)
    Päivitys Windows XP:lle (KB900485)
    Päivitys Windows XP:lle (KB904942)
    Päivitys Windows XP:lle (KB908521)
    Päivitys Windows XP:lle (KB908531)
    Päivitys Windows XP:lle (KB910437)
    Päivitys Windows XP:lle (KB911280)
     
    after_, May 28, 2007
    #16
  17. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    ja tässä käynnistyslista:

    StartupList report, 27.5.2007, 23:47:13
    StartupList version: 1.52.2
    Started from : C:\HiJackThis_v2.0.0.0.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.6000.16441)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Npm\bin\NJEEVES.EXE
    C:\Program Files\Nvc\bin\nvcoas.exe
    C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Npm\bin\ZLH.EXE
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Nvc\BIN\NIP.EXE
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Nvc\bin\cclaw.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HiJackThis_v2.0.0.0.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    --------------------------------------------------
    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\sini\Käynnistä-valikko\Ohjelmat\Käynnistys]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*
    --------------------------------------------------
    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Norman ZANDA = C:\Program Files\Npm\bin\ZLH.EXE /LOAD /SPLASH
    SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    SoundMan = SOUNDMAN.EXE
    LogitechCommunicationsManager = "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    LVCOMSX = "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
    SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    rdr trust soap settings = C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust\TickNurb.exe
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
    swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*
    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*
    --------------------------------------------------
    file association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S
    --------------------------------------------------
    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
    --------------------------------------------------
    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
    --------------------------------------------------
    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    --------------------------------------------------
    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*
    --------------------------------------------------
    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present
    --------------------------------------------------
    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden
    --------------------------------------------------
    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Regedit.exe has no CompanyName property! It is either missing or named something else.
    - Regedit.exe has no OriginalFilename property! It is either missing or named something else.
    - Regedit.exe has no FileDescription property! It is either missing or named something else.

    Registry check failed!
    --------------------------------------------------
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    Tarkistetaan Windows Live -työkalurivin päivitykset.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://...spaces.live.com//PhotoUpload/MsnPUpld.cab

    [Java Plug-in 1.6.0_01]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    [Java Plug-in 1.5.0_10]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

    [Java Plug-in 1.6.0_01]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    [Java Plug-in 1.6.0_01]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
    CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    [Solitaire Showdown Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    --------------------------------------------------
    Enumerating Winsock LSP files:
    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
    --------------------------------------------------
    Enumerating Windows NT/2000/XP services
    61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
    Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
    Hälytys: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Sovelluskerroksen yhdyskäytäväpalvelu: %SystemRoot%\System32\alg.exe (manual start)
    AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
    Sovellusten hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP -asiakasprotokolla: system32\DRIVERS\arp1394.sys (manual start)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
    Standardi IDE/ESDI-kiintolevyohjain: system32\DRIVERS\atapi.sys (system)
    ATM ARP Client -protokolla: system32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
    AVC-laite: system32\DRIVERS\avc.sys (manual start)
    BITS-tausta-ajo (Background Intelligent Transfer Service): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Tietokoneiden selaus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
    CD-ROM-ohjain: system32\DRIVERS\cdrom.sys (system)
    Indeksointipalvelu: %SystemRoot%\system32\cisvc.exe (manual start)
    Leikekirja: %SystemRoot%\system32\clipsrv.exe (disabled)
    .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
    COM+-järjestelmäsovellus: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Salauspalvelut: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DCOM-palvelinprosessin käynnistys: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP-asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Levyohjain: system32\DRIVERS\disk.sys (system)
    Loogisen levyn hallinnan valvontapalvelu: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Loogisen levyn hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS-asiakas: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Norman eLogger service 6: C:\Program Files\Npm\bin\ELOGSVC.EXE (autostart)
    Virheraportointipalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Tapahtumaloki: %SystemRoot%\system32\services.exe (autostart)
    COM+-tapahtumajärjestelmä: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
    Nopean käyttäjän vaihdon yhteensopivuus: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    FltMgr: system32\DRIVERS\fltMgr.sys (system)
    Volume Manager -ohjain: system32\DRIVERS\ftdisk.sys (system)
    Yleinen paketinmääritys: system32\DRIVERS\msgpc.sys (manual start)
    Ohjeet ja tuotetuki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft HID -luokkaohjain: system32\DRIVERS\hidusb.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i8042-näppäimistö ja PS/2-hiiriohjain: system32\DRIVERS\i8042prt.sys (system)
    CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
    CD-levyjen kirjoittamisen IMAPI COM -palvelu: C:\WINDOWS\system32\imapi.exe (manual start)
    Windowsin IPv6-palomuurin ohjain: system32\DRIVERS\Ip6Fw.sys (manual start)
    IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
    IPSEC-ohjain: system32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA -väyläohjain: system32\DRIVERS\isapnp.sys (system)
    IVI ASPI Shell: system32\drivers\iviaspi.sys (manual start)
    Näppäimistön luokkaohjain: system32\DRIVERS\kbdclass.sys (system)
    Näppäimistön HID-ohjain: system32\DRIVERS\kbdhid.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Palvelin: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Työasema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Logitech AEC Driver: system32\DRIVERS\LVcKap.sys (manual start)
    Logitech Machine Vision Engine Loader: system32\DRIVERS\LVMVDrv.sys (manual start)
    Logitech LVPr2Mon Driver: system32\drivers\LVPr2Mon.sys (manual start)
    Logitech Process Monitor: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (autostart)
    LVSrvLauncher: C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (autostart)
    Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
    Viestinvälitys: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    NetMeeting etätyöpöydän jakaminen: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Hiiren luokkaohjain: system32\DRIVERS\mouclass.sys (system)
    Hiiren HID-ohjain: system32\DRIVERS\mouhid.sys (manual start)
    WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
    Windows Installer -ohjelma: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service -välityspalvelin: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft-järjestelmänhallinnan BIOS-ohjain: system32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink -muunnin: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
    Ndiskio: \??\C:\Program Files\Nse\bin\NDISKIO.SYS (autostart)
    Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O -protokolla: system32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS-käyttöliittymä: system32\DRIVERS\netbios.sys (system)
    NetBIOS TCP/IP:n päällä: system32\DRIVERS\netbt.sys (system)
    Verkon DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Verkon DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Verkkokirjautuminen: %SystemRoot%\system32\lsass.exe (manual start)
    Verkkoyhteydet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    1394-verkko-ohjain: system32\DRIVERS\nic1394.sys (manual start)
    NLA-nimiavaruus (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Norman NJeeves: C:\Program Files\Npm\bin\NJEEVES.EXE (manual start)
    Norman ZANDA: "C:\Program Files\Npm\Bin\Zanda.exe" (autostart)
    NT LM -suojaustuen toimittaja: %SystemRoot%\system32\lsass.exe (manual start)
    Siirrettävät tallennusvälineet: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: system32\DRIVERS\nv4_mini.sys (manual start)
    nvata: system32\DRIVERS\nvata.sys (system)
    nvcfsr: \??\C:\Program Files\Nvc\bin\nvcfsr.sys (manual start)
    NvcMFlt: system32\DRIVERS\nvcw32mf.sys (manual start)
    nvcoafl51: \??\C:\Program Files\Nvc\bin\nvcoafl51.sys (manual start)
    nvcoaft51: \??\C:\Program Files\Nvc\bin\nvcoaft51.sys (manual start)
    nvcoarc51: \??\C:\Program Files\Nvc\bin\nvcoarc51.sys (manual start)
    Norman Virus Control on-access component: C:\Program Files\Nvc\bin\nvcoas.exe (manual start)
    Norman Virus Control Scheduler: C:\Program Files\Nvc\BIN\NVCSCHED.EXE (manual start)
    NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start)
    NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)
    NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
    IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
    VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
    PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
    Rinnakkaisporttiohjain: system32\DRIVERS\parport.sys (manual start)
    PCI-väyläohjain: system32\DRIVERS\pci.sys (system)
    PCIIde: system32\DRIVERS\pciide.sys (system)
    Volume Adapter: system32\DRIVERS\lv302af.sys (manual start)
    Logitech QuickCam IM(PID_08A0): system32\DRIVERS\LV302AV.SYS (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-palvelut: %SystemRoot%\system32\lsass.exe (autostart)
    WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: system32\DRIVERS\processr.sys (system)
    Suojattu tallennuspaikka: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-paketinajoitus: system32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    Remote Access Auto Connection -ohjain: system32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection -hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Etäkäytön (RAS) yhteyksienhallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
    Suora rinnakkainen: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
    Reititys ja etäkäyttö: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Etäproseduurikutsujen (RPC) paikannin: %SystemRoot%\system32\locator.exe (manual start)
    Etäproseduurikutsu (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Käyttöoikeustilien hallinta: %SystemRoot%\system32\lsass.exe (autostart)
    Älykortti: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Tehtävien ajoitus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: system32\DRIVERS\secdrv.sys (manual start)
    Toissijainen kirjautuminen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Järjestelmätapahtuman ilmoitus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter -ohjain: system32\DRIVERS\serenum.sys (manual start)
    Sarjaporttiohjain: system32\DRIVERS\serial.sys (system)
    Windowsin palomuuri / Internet-yhteyden jakaminen (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Käyttöliittymän laitteistotunnistus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Taustatulostusohjain: %SystemRoot%\system32\spoolsv.exe (autostart)
    Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
    Järjestelmän palautussuodatin -ohjain: system32\DRIVERS\sr.sys (system)
    Järjestelmän palauttaminen -palvelu: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Srv: system32\DRIVERS\srv.sys (manual start)
    SSDP-palvelu (Simple Service Discovery Protocol): %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
    WIA (Windows Image Acquisition): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    Ohjelmistoväyläohjain: system32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{BF355DB1-1B57-4FDA-BA02-398ED1198EB9} (manual start)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Resurssilokit ja -hälytykset: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Puhelin: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP-protokollaohjain: system32\DRIVERS\tcpip.sys (system)
    Päätelaiteohjain: system32\DRIVERS\termdd.sys (system)
    Päätepalvelut: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Teemat: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Tiedostolinkkijäljityksen asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Ulead Burning Helper: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
    Microcode Update -ohjain: system32\DRIVERS\update.sys (manual start)
    Universal Plug & Play -laiteisäntä: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    UPS: %SystemRoot%\System32\ups.exe (manual start)
    USB-ääniohjain (WDM): system32\drivers\usbaudio.sys (manual start)
    Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
    USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
    USB-massamuistiohjain: system32\DRIVERS\USBSTOR.SYS (manual start)
    USB-videolaite (WDM): System32\Drivers\usbvideo.sys (manual start)
    Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    Aseman tilannevedos: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    WMI-palvelu (Windows Management Instrumentation): %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Kannettavan mediasoittimen sarjanumeropalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI resurssisovitin: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Windows Media Playerin verkkojakamispalvelu: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
    WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
    Tietoturvakeskus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automaattiset päivitykset: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Verkon käyttöönottopalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    --------------------------------------------------
    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*
    --------------------------------------------------
    End of report, 37 341 bytes
    Report generated in 0,125 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    Last edited: May 28, 2007
    after_, May 28, 2007
    #17
  18. Auttaja

    Auttaja Guest

    Hijackthissillä muut ohjelmat suljettuna!

    O4 - HKLM\..\Run: [rdr trust soap settings] C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust\TickNurb.exe


    Merkkaa nuo rivit ja paina FIX CHECKED


    =========

    Lataa ATF Cleaner
    http://www.atribune.org/ccount/click.php?id=1

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

    ==========

    Hanki palomuuri muuten koneelle esim zonealarm!

    =======

    Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


    Poista nämä kansiot/tiedostot

    C:\Documents and Settings\All Users\Application Data\AmenRemoteRdrTrust


    =========
    '
    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi

    =========

    Poista ohjauspaneelin lisää/poista sovelluksen kautta

    Trend Micro HijackThis v2.0.0 (BETA)

    Sitten lataat viimeisen vakaan version tästä

    asenna naputtele numero järjestyksessä

    1.Unzip
    2.OK
    3.Close

    Se ilmestyy tuonne C:\hjt\HiJackThis.exe ja ota sitten uusi hjt loki

    Myös uusi HIJACKTHISlogi
     
    Auttaja, May 28, 2007
    #18
  19. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    hijackthis loki tässä nyt...

    Logfile of HijackThis v1.99.1
    Scan saved at 20:52:38, on 29.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Npm\bin\ZLH.EXE
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Npm\bin\NJEEVES.EXE
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Nvc\BIN\NIP.EXE
    C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Nvc\bin\nvcoas.exe
    C:\Program Files\Nvc\bin\cclaw.exe
    C:\DOCUME~1\sini\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    C:\DOCUME~1\sini\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://....spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Npm\bin\ELOGSVC.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
    Last edited: May 29, 2007
    after_, May 29, 2007
    #19
  20. after_

    after_ Member

    Joined:
    May 27, 2007
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Scanning Report
    Tuesday, May 29, 2007 18:31:05 - 20:45:38
    Computer name: CINDY
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\


    --------------------------------------------------------------------------------

    Result: 10 malware found
    Tracking Cookie (spyware)
    System (Disinfected)
    System
    System
    System
    System
    System
    Trojan.Win32.Obfuscated.en (virus)
    C:\Documents and Settings\timo\Application Data\that default\hole aim less.exe (Renamed & Submitted)
    C:\Documents and Settings\timo\Application Data\that default\Move Lies Ace Ping.exe (Renamed & Submitted)
    C:\Documents and Settings\timo\Application Data\that default\oqedvmmw.exe (Renamed & Submitted)
    C:\Documents and Settings\timo\Application Data\that default\TOOL MAGS.exe (Renamed & Submitted)

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 235867
    System: 4305
    Not scanned: 72
    Actions:
    Disinfected: 1
    Renamed: 4
    Deleted: 0
    None: 5
    Submitted: 4
    Files not scanned:
    hG&#65533;&#65533;&#65533;&#65533;IBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\TEMP\~DF8776.TMP
    C:\WINDOWS\TEMP\~DF877E.TMP
    C:\WINDOWS\TEMP\~DFD69D.TMP
    C:\WINDOWS\TEMP\~DFD6A5.TMP
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    bios1.rom
    C:\RECYCLER\S-1-5-21-3738339789-877746526-1228179973-1006\DC5.HTM
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\SINI\DATA\CHANDIR.DAT
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\SINI\DATA\L0000003.FCS
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\SINI\DATA\PRS.DAT
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\USERS\SINI\DATA\STORYDB.DAT
    C:\DOCUMENTS AND SETTINGS\SINI\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\SINI\TY&#65533;P&#65533;YT&#65533;\OMAT MUSIIKKITIEDOSTOT\RAPPI\PISMI-TOSISSAAN L&#65533;P&#65533;LL&#65533; EP-SAMPLERI.MP3
    C:\DOCUMENTS AND SETTINGS\SINI\TY&#65533;P&#65533;YT&#65533;\OMAT MUSIIKKITIEDOSTOT\RAP\PADRE & PISMI-MUN MAMI.MP3
    C:\DOCUMENTS AND SETTINGS\SINI\TY&#65533;P&#65533;YT&#65533;\OMAT MUSIIKKITIEDOSTOT\CASCADA\CASCADA - A NEVERENDING DREAM (EXTENDED VERSION).MP3
    C:\DOCUMENTS AND SETTINGS\SINI\TY&#65533;P&#65533;YT&#65533;\OMAT MUSIIKKITIEDOSTOT\CASCADA\CASCADA - HURRICANE.MP3
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BMEPK1F1\ARCHIVE[1].HTM
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF3D56.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF4A0A.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF53DA.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF549A.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF62B8.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF7EE9.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DF9B2A.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DFABD.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DFACB7.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DFADE.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\TEMP\~DFFE14.TMP
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\@HOTMAIL.COM\SHARINGMETADATA\PENDING.DAT
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_7238_80A7_3880_6BC3\DFSR.DB
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_7238_80A7_3880_6BC3\FSR.LOG
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_7238_80A7_3880_6BC3\FSRTMP.LOG
    C:\DOCUMENTS AND SETTINGS\SINI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_7238_80A7_3880_6BC3\TMP.EDB
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ULEAD SYSTEMS\ULEAD VIDEOSTUDIO SE\9.0\U32BASE.CFG
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ULEAD SYSTEMS\PRODUCTNAME\VER\U32BASE.CFG
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#1CA074E8F297.DAT
    C:\DOCUMENTSD&#65533;&#65533;a
    C:\HIBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\TEMP\~DF8776.TMP
    C:\WINDOWS\TEMP\~DF877E.TMP
    C:\WINDOWS\TEMP\~DFD69D.TMP
    C:\WINDOWS\TEMP\~DFD6A5.TMP
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYST&#65533; \
    ---------------------------------------------------------------------Options
    Scanning engines:
    F-Secure Libra: 2.4.2, 2007-05-26
    F-Secure AVP: 7.0.171, 2007-05-29
    F-Secure Orion: 1.2.37, 2007-05-29
    F-Secure Blacklight: 1.0.53
    F-Secure Draco: 1.0.35, 2007-05-14
    F-Secure Pegasus: 1.19.0, 2007-04-28
    Scanning options:
    Scan all files
    Scan inside archives
    Use Advanced heuristics
     
    after_, May 29, 2007
    #20
Page 1 of 2

Share This Page