Hijack logi apua

Jos joku kehtaisi vilkaista. Kone käy todella hitaasti, jo pelkkä internetinkin selailu nostaa suorituskyvyn 60%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:43, on 22.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O1 - Hosts: 62.146.66.181 dl1.avgate.net
O1 - Hosts: 62.146.66.182 dl2.avgate.net
O1 - Hosts: 62.146.66.183 dl3.avgate.net
O1 - Hosts: 62.146.66.184 dl4.avgate.net
O1 - Hosts: 80.190.143.23 dl5.avgate.net
O1 - Hosts: 80.190.143.23 dl6.avgate.net
O1 - Hosts: 62.146.66.178 dl7.avgate.net
O1 - Hosts: 62.146.66.179 dl8.avgate.net
O1 - Hosts: 80.190.143.239 dl9.avgate.net
O1 - Hosts: 80.190.143.230 dl10.avgate.ne
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soft bone] C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1\Rect noun.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AntivirusDoc] C:\Program Files\AntivirusDoc1.0\AntivirusDoc.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\FJS-PC\LOCALS~1\Temp\video1018.cfg.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}: NameServer = 85.255.113.109,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{6623328D-642B-4938-BA88-C022DE0848C2}: NameServer = 85.255.113.109,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}: NameServer = 85.255.113.109,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}: NameServer = 85.255.113.109,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9701 bytes

 

Eipä ihme sulla näkyy olevan melkoinen
örkki-armeija !!!

-----------------------------------------------------------------------

Your ip: 80.190.143.23
Network Owner: IP PARTNER
Country: Germany
Area: Bayern
City: Nuernberg

-------------------------

85.255.113.109
org-name: UkrTeleGroup Ltd.
address: UkrTeleGroup Ltd.
address: Mechnikova 58/5 65029 Odessa

---------------------------------------------------------

On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen

Lataa Lop S&D täältä

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

---------------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.
Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.


Sekä C:\lopR.txt raportti =>

.

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : FJS-PC ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.470.000 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:71 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( ke 22.07.2009|23:09 )

--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[14.02.2009|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
[14.02.2009|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
[16.01.2009|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16.01.2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[18.06.2007|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CITYAUDIOTWOWAIT
[14.02.2009|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[18.02.2009|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[22.07.2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15.03.2007|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[30.04.2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[28.09.2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[01.07.2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08.07.2007|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[27.04.2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[07.03.2007|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07.12.2006|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21.01.2007|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[12.02.2007|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[22|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[14.09.2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[07.12.2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[07.12.2006|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[5|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[22.04.2008|12:08] C:\DOCUME~1\FJS-PC\APPLIC~1\Adobe
[05.01.2008|09:57] C:\DOCUME~1\FJS-PC\APPLIC~1\AdobeUM
[16.01.2007|12:54] C:\DOCUME~1\FJS-PC\APPLIC~1\Ahead
[14.09.2008|19:34] C:\DOCUME~1\FJS-PC\APPLIC~1\ATI
[12.09.2007|10:45] C:\DOCUME~1\FJS-PC\APPLIC~1\BitTorrent
[17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\Common Files
[14.02.2009|17:03] C:\DOCUME~1\FJS-PC\APPLIC~1\Creative
[07.07.2009|01:00] C:\DOCUME~1\FJS-PC\APPLIC~1\DC++
[22.08.2007|23:49] C:\DOCUME~1\FJS-PC\APPLIC~1\DeleteScrLocks
[28.11.2007|01:18] C:\DOCUME~1\FJS-PC\APPLIC~1\fretsonfire
[19.01.2007|21:30] C:\DOCUME~1\FJS-PC\APPLIC~1\F-Secure
[21.01.2007|01:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Google
[29.04.2007|18:43] C:\DOCUME~1\FJS-PC\APPLIC~1\Help
[17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\HP
[07.12.2006|01:56] C:\DOCUME~1\FJS-PC\APPLIC~1\Identities
[16.01.2007|12:48] C:\DOCUME~1\FJS-PC\APPLIC~1\InterVideo
[19.01.2007|19:54] C:\DOCUME~1\FJS-PC\APPLIC~1\ispnews
[29.04.2007|22:52] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc
[30.04.2007|18:39] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc Software Inc
[12.03.2008|15:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Lavasoft
[10.03.2008|01:36] C:\DOCUME~1\FJS-PC\APPLIC~1\Leadertech
[22.07.2007|20:14] C:\DOCUME~1\FJS-PC\APPLIC~1\Macromedia
[17.02.2009|20:06] C:\DOCUME~1\FJS-PC\APPLIC~1\Microsoft
[31.05.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Mozilla
[27.07.2007|14:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Nokia
[07.08.2007|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\PC Suite
[22.07.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Samsung
[01.07.2007|15:04] C:\DOCUME~1\FJS-PC\APPLIC~1\SecuROM
[13.03.2007|12:42] C:\DOCUME~1\FJS-PC\APPLIC~1\SeekmoToolbar
[03.02.2007|16:37] C:\DOCUME~1\FJS-PC\APPLIC~1\Share-to-Web-latauskansio
[20.08.2007|19:59] C:\DOCUME~1\FJS-PC\APPLIC~1\Soldat
[21.01.2007|23:23] C:\DOCUME~1\FJS-PC\APPLIC~1\Sun
[28.01.2007|22:25] C:\DOCUME~1\FJS-PC\APPLIC~1\Template
[20.09.2008|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\ubi.com
[24.01.2009|12:16] C:\DOCUME~1\FJS-PC\APPLIC~1\vghd
[21.01.2007|13:10] C:\DOCUME~1\FJS-PC\APPLIC~1\WinRAR
[12.02.2007|17:39] C:\DOCUME~1\FJS-PC\APPLIC~1\yahoo!
[0|tiedosto(a)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua
[39|kansio(ta)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua vapaana

[24.06.2009|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[05.03.2007|23:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[07.12.2006|01:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[20.07.2009 11:24][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[15.09.2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[22.07.2009 22:55][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[09.02.2008|22:06] C:\Program Files\7-Zip
[07.12.2008|20:38] C:\Program Files\Activision
[04.12.2008|13:48] C:\Program Files\Activision Value
[16.01.2009|21:53] C:\Program Files\Adobe
[16.01.2007|10:37] C:\Program Files\Ahead
[31.10.2007|20:44] C:\Program Files\Alcohol Soft
[07.03.2007|22:00] C:\Program Files\Alwil Software
[14.08.2008|23:48] C:\Program Files\AntivirusDoc1.0
[17.02.2009|19:02] C:\Program Files\anysee
[14.09.2008|19:53] C:\Program Files\ATI Technologies
[14.02.2009|17:00] C:\Program Files\Audible
[07.02.2007|22:57] C:\Program Files\base
[15.02.2008|22:02] C:\Program Files\BUFFALO
[13.12.2008|21:59] C:\Program Files\Call of Duty
[08.01.2009|17:36] C:\Program Files\CCleaner
[14.04.2009|16:43] C:\Program Files\Common Files
[07.12.2006|01:51] C:\Program Files\ComPlus Applications
[09.07.2008|16:35] C:\Program Files\Conduit
[29.05.2007|22:17] C:\Program Files\CoolBasic
[14.02.2009|17:01] C:\Program Files\Creative
[24.12.2008|11:41] C:\Program Files\Creative Labs
[18.06.2007|15:05] C:\Program Files\DAEMON Tools
[22.04.2007|14:45] C:\Program Files\DaemonTools_WhenUSave_Installer
[11.06.2009|06:14] C:\Program Files\DC++
[12.03.2007|20:49] C:\Program Files\DeleteScrLocks
[27.04.2007|21:58] C:\Program Files\DIFX
[21.01.2007|15:22] C:\Program Files\directx
[07.02.2007|23:01] C:\Program Files\Docs
[24.05.2009|18:55] C:\Program Files\DOSBox-0.72
[31.01.2009|19:32] C:\Program Files\EA Games
[22.07.2009|11:18] C:\Program Files\EA SPORTS
[14.04.2009|16:36] C:\Program Files\Eidos Interactive
[24.12.2008|11:41] C:\Program Files\EidosNet
[07.06.2007|23:34] C:\Program Files\ePSXe
[07.02.2007|22:56] C:\Program Files\Extras
[09.02.2007|20:23] C:\Program Files\ffdshow
[01.09.2008|16:40] C:\Program Files\free-downloads.net
[07.02.2007|23:12] C:\Program Files\GameSpy Arcade
[22.07.2009|11:14] C:\Program Files\Google
[03.02.2007|16:53] C:\Program Files\Hewlett-Packard
[03.02.2007|16:55] C:\Program Files\HP
[08.12.2008|19:07] C:\Program Files\Infogrames
[22.07.2009|11:30] C:\Program Files\InstallShield Installation Information
[22.09.2008|03:01] C:\Program Files\Internet Explorer
[07.12.2006|02:50] C:\Program Files\InterVideo
[28.01.2007|00:32] C:\Program Files\IrfanView
[30.04.2007|18:39] C:\Program Files\Jasc Software Inc
[24.05.2009|18:06] C:\Program Files\Java
[02.04.2009|11:16] C:\Program Files\Lavasoft
[03.03.2007|11:06] C:\Program Files\MagicISO
[22.09.2008|03:03] C:\Program Files\Messenger
[07.12.2006|01:53] C:\Program Files\microsoft frontpage
[26.06.2000|09:37] C:\Program Files\Microsoft Office
[07.12.2006|02:50] C:\Program Files\Microsoft Works
[26.06.2000|09:37] C:\Program Files\Movie Maker
[04.04.2007|23:50] C:\Program Files\MovieBox
[22.07.2009|23:03] C:\Program Files\Mozilla Firefox
[26.06.2000|09:37] C:\Program Files\MSN Gaming Zone
[23.02.2007|08:20] C:\Program Files\MSN Messenger
[05.02.2007|03:13] C:\Program Files\MSXML 4.0
[09.03.2007|17:36] C:\Program Files\MuSoft Builders
[15.08.2008|00:21] C:\Program Files\netfilter
[26.06.2000|09:39] C:\Program Files\NetMeeting
[14.04.2009|16:43] C:\Program Files\Nokia
[26.06.2000|09:40] C:\Program Files\Online Services
[14.06.2007|03:02] C:\Program Files\Outlook Express
[27.04.2007|21:57] C:\Program Files\PC Connectivity Solution
[02.04.2009|17:24] C:\Program Files\ProPilkki2
[13.01.2009|10:39] C:\Program Files\Red Storm Entertainment
[17.03.2007|12:18] C:\Program Files\Registry Mechanic
[06.04.2009|15:48] C:\Program Files\Rockstar Games
[27.04.2007|22:01] C:\Program Files\SimpleCenter
[11.05.2007|07:04] C:\Program Files\Sonera
[05.01.2007|16:40] C:\Program Files\Sonera Installers
[05.01.2007|16:28] C:\Program Files\Sovellusten pikakuvakkeet
[06.04.2009|14:32] C:\Program Files\Sports Interactive
[21.07.2009|22:34] C:\Program Files\Steam
[15.08.2008|11:26] C:\Program Files\Sun
[18.07.2008|17:10] C:\Program Files\Thief2
[18.02.2009|19:18] C:\Program Files\THQ
[29.05.2007|22:17] C:\Program Files\Tilester
[22.07.2009|13:46] C:\Program Files\Trend Micro
[11.12.2008|18:48] C:\Program Files\TryMedia
[20.09.2008|22:02] C:\Program Files\Ubi Soft
[20.09.2008|22:10] C:\Program Files\ubi.com
[28.12.2008|14:54] C:\Program Files\Ubisoft
[07.02.2007|23:01] C:\Program Files\Uninstall
[07.12.2006|01:56] C:\Program Files\Uninstall Information
[02.03.2007|00:58] C:\Program Files\URUSoft
[07.10.2008|12:14] C:\Program Files\Valve
[25.01.2009|18:17] C:\Program Files\vghd
[04.04.2007|23:59] C:\Program Files\Video Access ActiveX Object
[24.05.2007|01:54] C:\Program Files\Video ActiveX Access
[29.03.2009|19:14] C:\Program Files\viewsonic
[12.02.2007|17:50] C:\Program Files\Windows Live Toolbar
[08.03.2007|18:40] C:\Program Files\Windows Media Connect 2
[05.03.2007|23:12] C:\Program Files\Windows Media Player
[26.06.2000|09:38] C:\Program Files\Windows NT
[07.12.2006|01:52] C:\Program Files\WindowsUpdate
[21.01.2007|13:10] C:\Program Files\WinRAR
[04.04.2007|21:29] C:\Program Files\WON
[07.12.2006|01:53] C:\Program Files\xerox
[21.01.2007|00:42] C:\Program Files\Xvid
[08.05.2009|13:33] C:\Program Files\Yahoo!
[07.03.2007|23:21] C:\Program Files\Zone Labs
[16.01.2008|11:43] C:\Program Files\ZoneAlarmSB
[0|tiedosto(a)] C:\Program Files\tavua
[108|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[16.01.2009|21:53] C:\Program Files\Common Files\Adobe
[16.01.2007|10:36] C:\Program Files\Common Files\Ahead
[03.02.2007|16:54] C:\Program Files\Common Files\Hewlett-Packard
[03.02.2007|16:48] C:\Program Files\Common Files\HP
[27.04.2007|22:01] C:\Program Files\Common Files\i4j_jres
[20.05.2008|23:47] C:\Program Files\Common Files\InstallShield
[17.02.2009|19:02] C:\Program Files\Common Files\IviSDK
[30.04.2007|18:40] C:\Program Files\Common Files\Jasc Software Inc
[21.01.2007|23:19] C:\Program Files\Common Files\Java
[24.06.2009|14:54] C:\Program Files\Common Files\Microsoft Shared
[07.12.2006|01:51] C:\Program Files\Common Files\MSSoap
[28.11.2007|18:03] C:\Program Files\Common Files\Nero
[07.12.2006|03:47] C:\Program Files\Common Files\ODBC
[20.09.2008|22:10] C:\Program Files\Common Files\PocketSoft
[26.06.2000|09:37] C:\Program Files\Common Files\Services
[07.12.2006|03:47] C:\Program Files\Common Files\SpeechEngines
[19.01.2007|19:18] C:\Program Files\Common Files\SupportSoft
[02.10.2007|07:42] C:\Program Files\Common Files\Symantec Shared
[14.06.2007|03:02] C:\Program Files\Common Files\System
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpl surf multi]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\FJS-PC\\APPLIC~1\\DELETE~1\\Rect noun.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Soft bone"="C:\\DOCUME~1\\FJS-PC\\APPLIC~1\\DELETE~1\\Rect noun.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto SAASTUNUT

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 82 [ 70 ## added by CiD ]

/!\ 11 Not 127.0.0.1 !!

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 23:11:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Tarkistaa muita infektioita

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{6623328D-642B-4938-BA88-C022DE0848C2}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
NameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}]
DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212
==> WAREOUT <==



[F:14][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\FJS-PC\Cookies
[F:14][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ke 22.07.2009|23:12 - Option : [1]

--------------------\\ Tarkistus valmistui 23:12:50

 

Ja tässä tämä, laitan vielä sen HJTlogin

Malwarebytes' Anti-Malware 1.39
Tietokantaversio: 2421
Windows 5.1.2600 Service Pack 2

23.7.2009 0:24:52
mbam-log-2009-07-23 (00-24-52).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 174199
Kulunut aika: 1 hour(s), 3 minute(s), 20 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 15
Saastuneita rekisteriarvoja: 5
Saastuneita rekisterikohteita: 20
Saastuneita hakemistoja: 16
Saastuneita tiedostoja: 5

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiVirusDoc (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirusDoc (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Program Files\video access activex object (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\SeekmoToolbar (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\IESkins (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOI (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOI\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOL (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOL\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoToolbar (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\2 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\AntivirusDoc1.0 (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
c:\win servicepack crack\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\sys33\kill.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sys33\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\FJS-PC\application data\seekmotoolbar\skbar.log (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\el32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

HjT logi uudestaan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:47:46, on 23.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O1 - Hosts: 62.146.66.181 dl1.avgate.net
O1 - Hosts: 62.146.66.182 dl2.avgate.net
O1 - Hosts: 62.146.66.183 dl3.avgate.net
O1 - Hosts: 62.146.66.184 dl4.avgate.net
O1 - Hosts: 80.190.143.23 dl5.avgate.net
O1 - Hosts: 80.190.143.23 dl6.avgate.net
O1 - Hosts: 62.146.66.178 dl7.avgate.net
O1 - Hosts: 62.146.66.179 dl8.avgate.net
O1 - Hosts: 80.190.143.239 dl9.avgate.net
O1 - Hosts: 80.190.143.230 dl10.avgate.ne
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soft bone] C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1\Rect noun.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8983 bytes

 

Jatketaan =>

Käynnistä Lop S&D

Valitse Optio 2 (Korjaa + Hosts) painamalla 2 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
ja Uusi HJT:n logi
.

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : FJS-PC ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.470.000 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:70 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( to 23.07.2009|14:06 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

Poistettu! - C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1
Poistettu! - C:\Program Files\DELETE~1
-
[ Hosts-tiedosto ] .. Palautettu !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[14.02.2009|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
[14.02.2009|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
[16.01.2009|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16.01.2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[18.06.2007|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CITYAUDIOTWOWAIT
[14.02.2009|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[18.02.2009|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[22.07.2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15.03.2007|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[30.04.2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[28.09.2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[22.07.2009|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01.07.2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08.07.2007|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[27.04.2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[07.03.2007|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07.12.2006|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21.01.2007|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[12.02.2007|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[23|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[14.09.2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[07.12.2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[07.12.2006|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[5|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[22.04.2008|12:08] C:\DOCUME~1\FJS-PC\APPLIC~1\Adobe
[05.01.2008|09:57] C:\DOCUME~1\FJS-PC\APPLIC~1\AdobeUM
[16.01.2007|12:54] C:\DOCUME~1\FJS-PC\APPLIC~1\Ahead
[14.09.2008|19:34] C:\DOCUME~1\FJS-PC\APPLIC~1\ATI
[12.09.2007|10:45] C:\DOCUME~1\FJS-PC\APPLIC~1\BitTorrent
[17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\Common Files
[14.02.2009|17:03] C:\DOCUME~1\FJS-PC\APPLIC~1\Creative
[07.07.2009|01:00] C:\DOCUME~1\FJS-PC\APPLIC~1\DC++
[28.11.2007|01:18] C:\DOCUME~1\FJS-PC\APPLIC~1\fretsonfire
[19.01.2007|21:30] C:\DOCUME~1\FJS-PC\APPLIC~1\F-Secure
[21.01.2007|01:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Google
[29.04.2007|18:43] C:\DOCUME~1\FJS-PC\APPLIC~1\Help
[17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\HP
[07.12.2006|01:56] C:\DOCUME~1\FJS-PC\APPLIC~1\Identities
[16.01.2007|12:48] C:\DOCUME~1\FJS-PC\APPLIC~1\InterVideo
[19.01.2007|19:54] C:\DOCUME~1\FJS-PC\APPLIC~1\ispnews
[29.04.2007|22:52] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc
[30.04.2007|18:39] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc Software Inc
[12.03.2008|15:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Lavasoft
[10.03.2008|01:36] C:\DOCUME~1\FJS-PC\APPLIC~1\Leadertech
[22.07.2007|20:14] C:\DOCUME~1\FJS-PC\APPLIC~1\Macromedia
[22.07.2009|23:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Malwarebytes
[17.02.2009|20:06] C:\DOCUME~1\FJS-PC\APPLIC~1\Microsoft
[31.05.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Mozilla
[27.07.2007|14:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Nokia
[07.08.2007|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\PC Suite
[22.07.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Samsung
[01.07.2007|15:04] C:\DOCUME~1\FJS-PC\APPLIC~1\SecuROM
[03.02.2007|16:37] C:\DOCUME~1\FJS-PC\APPLIC~1\Share-to-Web-latauskansio
[20.08.2007|19:59] C:\DOCUME~1\FJS-PC\APPLIC~1\Soldat
[21.01.2007|23:23] C:\DOCUME~1\FJS-PC\APPLIC~1\Sun
[28.01.2007|22:25] C:\DOCUME~1\FJS-PC\APPLIC~1\Template
[20.09.2008|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\ubi.com
[24.01.2009|12:16] C:\DOCUME~1\FJS-PC\APPLIC~1\vghd
[21.01.2007|13:10] C:\DOCUME~1\FJS-PC\APPLIC~1\WinRAR
[12.02.2007|17:39] C:\DOCUME~1\FJS-PC\APPLIC~1\yahoo!
[0|tiedosto(a)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua
[38|kansio(ta)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua vapaana

[24.06.2009|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[05.03.2007|23:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[07.12.2006|01:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[23.07.2009 11:25][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[15.09.2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[23.07.2009 03:20][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[09.02.2008|22:06] C:\Program Files\7-Zip
[07.12.2008|20:38] C:\Program Files\Activision
[04.12.2008|13:48] C:\Program Files\Activision Value
[16.01.2009|21:53] C:\Program Files\Adobe
[16.01.2007|10:37] C:\Program Files\Ahead
[31.10.2007|20:44] C:\Program Files\Alcohol Soft
[07.03.2007|22:00] C:\Program Files\Alwil Software
[17.02.2009|19:02] C:\Program Files\anysee
[14.09.2008|19:53] C:\Program Files\ATI Technologies
[14.02.2009|17:00] C:\Program Files\Audible
[07.02.2007|22:57] C:\Program Files\base
[15.02.2008|22:02] C:\Program Files\BUFFALO
[13.12.2008|21:59] C:\Program Files\Call of Duty
[08.01.2009|17:36] C:\Program Files\CCleaner
[14.04.2009|16:43] C:\Program Files\Common Files
[07.12.2006|01:51] C:\Program Files\ComPlus Applications
[09.07.2008|16:35] C:\Program Files\Conduit
[29.05.2007|22:17] C:\Program Files\CoolBasic
[14.02.2009|17:01] C:\Program Files\Creative
[24.12.2008|11:41] C:\Program Files\Creative Labs
[18.06.2007|15:05] C:\Program Files\DAEMON Tools
[22.04.2007|14:45] C:\Program Files\DaemonTools_WhenUSave_Installer
[11.06.2009|06:14] C:\Program Files\DC++
[27.04.2007|21:58] C:\Program Files\DIFX
[21.01.2007|15:22] C:\Program Files\directx
[07.02.2007|23:01] C:\Program Files\Docs
[24.05.2009|18:55] C:\Program Files\DOSBox-0.72
[31.01.2009|19:32] C:\Program Files\EA Games
[22.07.2009|11:18] C:\Program Files\EA SPORTS
[14.04.2009|16:36] C:\Program Files\Eidos Interactive
[24.12.2008|11:41] C:\Program Files\EidosNet
[07.06.2007|23:34] C:\Program Files\ePSXe
[07.02.2007|22:56] C:\Program Files\Extras
[09.02.2007|20:23] C:\Program Files\ffdshow
[01.09.2008|16:40] C:\Program Files\free-downloads.net
[07.02.2007|23:12] C:\Program Files\GameSpy Arcade
[22.07.2009|11:14] C:\Program Files\Google
[03.02.2007|16:53] C:\Program Files\Hewlett-Packard
[03.02.2007|16:55] C:\Program Files\HP
[08.12.2008|19:07] C:\Program Files\Infogrames
[22.07.2009|11:30] C:\Program Files\InstallShield Installation Information
[23.07.2009|03:09] C:\Program Files\Internet Explorer
[07.12.2006|02:50] C:\Program Files\InterVideo
[28.01.2007|00:32] C:\Program Files\IrfanView
[30.04.2007|18:39] C:\Program Files\Jasc Software Inc
[24.05.2009|18:06] C:\Program Files\Java
[02.04.2009|11:16] C:\Program Files\Lavasoft
[03.03.2007|11:06] C:\Program Files\MagicISO
[22.07.2009|23:17] C:\Program Files\Malwarebytes' Anti-Malware
[22.09.2008|03:03] C:\Program Files\Messenger
[07.12.2006|01:53] C:\Program Files\microsoft frontpage
[26.06.2000|09:37] C:\Program Files\Microsoft Office
[07.12.2006|02:50] C:\Program Files\Microsoft Works
[26.06.2000|09:37] C:\Program Files\Movie Maker
[04.04.2007|23:50] C:\Program Files\MovieBox
[23.07.2009|14:01] C:\Program Files\Mozilla Firefox
[26.06.2000|09:37] C:\Program Files\MSN Gaming Zone
[23.02.2007|08:20] C:\Program Files\MSN Messenger
[05.02.2007|03:13] C:\Program Files\MSXML 4.0
[09.03.2007|17:36] C:\Program Files\MuSoft Builders
[15.08.2008|00:21] C:\Program Files\netfilter
[26.06.2000|09:39] C:\Program Files\NetMeeting
[14.04.2009|16:43] C:\Program Files\Nokia
[26.06.2000|09:40] C:\Program Files\Online Services
[14.06.2007|03:02] C:\Program Files\Outlook Express
[27.04.2007|21:57] C:\Program Files\PC Connectivity Solution
[02.04.2009|17:24] C:\Program Files\ProPilkki2
[13.01.2009|10:39] C:\Program Files\Red Storm Entertainment
[17.03.2007|12:18] C:\Program Files\Registry Mechanic
[06.04.2009|15:48] C:\Program Files\Rockstar Games
[27.04.2007|22:01] C:\Program Files\SimpleCenter
[11.05.2007|07:04] C:\Program Files\Sonera
[05.01.2007|16:40] C:\Program Files\Sonera Installers
[05.01.2007|16:28] C:\Program Files\Sovellusten pikakuvakkeet
[06.04.2009|14:32] C:\Program Files\Sports Interactive
[23.07.2009|00:56] C:\Program Files\Steam
[15.08.2008|11:26] C:\Program Files\Sun
[18.07.2008|17:10] C:\Program Files\Thief2
[18.02.2009|19:18] C:\Program Files\THQ
[29.05.2007|22:17] C:\Program Files\Tilester
[22.07.2009|13:46] C:\Program Files\Trend Micro
[11.12.2008|18:48] C:\Program Files\TryMedia
[20.09.2008|22:02] C:\Program Files\Ubi Soft
[20.09.2008|22:10] C:\Program Files\ubi.com
[28.12.2008|14:54] C:\Program Files\Ubisoft
[07.02.2007|23:01] C:\Program Files\Uninstall
[07.12.2006|01:56] C:\Program Files\Uninstall Information
[02.03.2007|00:58] C:\Program Files\URUSoft
[07.10.2008|12:14] C:\Program Files\Valve
[25.01.2009|18:17] C:\Program Files\vghd
[29.03.2009|19:14] C:\Program Files\viewsonic
[12.02.2007|17:50] C:\Program Files\Windows Live Toolbar
[08.03.2007|18:40] C:\Program Files\Windows Media Connect 2
[05.03.2007|23:12] C:\Program Files\Windows Media Player
[26.06.2000|09:38] C:\Program Files\Windows NT
[07.12.2006|01:52] C:\Program Files\WindowsUpdate
[21.01.2007|13:10] C:\Program Files\WinRAR
[04.04.2007|21:29] C:\Program Files\WON
[07.12.2006|01:53] C:\Program Files\xerox
[21.01.2007|00:42] C:\Program Files\Xvid
[08.05.2009|13:33] C:\Program Files\Yahoo!
[07.03.2007|23:21] C:\Program Files\Zone Labs
[16.01.2008|11:43] C:\Program Files\ZoneAlarmSB
[0|tiedosto(a)] C:\Program Files\tavua
[105|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[16.01.2009|21:53] C:\Program Files\Common Files\Adobe
[16.01.2007|10:36] C:\Program Files\Common Files\Ahead
[03.02.2007|16:54] C:\Program Files\Common Files\Hewlett-Packard
[03.02.2007|16:48] C:\Program Files\Common Files\HP
[27.04.2007|22:01] C:\Program Files\Common Files\i4j_jres
[20.05.2008|23:47] C:\Program Files\Common Files\InstallShield
[17.02.2009|19:02] C:\Program Files\Common Files\IviSDK
[30.04.2007|18:40] C:\Program Files\Common Files\Jasc Software Inc
[21.01.2007|23:19] C:\Program Files\Common Files\Java
[24.06.2009|14:54] C:\Program Files\Common Files\Microsoft Shared
[07.12.2006|01:51] C:\Program Files\Common Files\MSSoap
[28.11.2007|18:03] C:\Program Files\Common Files\Nero
[07.12.2006|03:47] C:\Program Files\Common Files\ODBC
[20.09.2008|22:10] C:\Program Files\Common Files\PocketSoft
[26.06.2000|09:37] C:\Program Files\Common Files\Services
[07.12.2006|03:47] C:\Program Files\Common Files\SpeechEngines
[19.01.2007|19:18] C:\Program Files\Common Files\SupportSoft
[02.10.2007|07:42] C:\Program Files\Common Files\Symantec Shared
[14.06.2007|03:02] C:\Program Files\Common Files\System
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 55 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 14:08:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Tarkistaa muita infektioita


Muita infektiota ei löytynyt !

[F:15][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\FJS-PC\Cookies
[F:730][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ke 22.07.2009|23:12 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - to 23.07.2009|14:09 - Option : [2]

--------------------\\ Tarkistus valmistui 14:09:59

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:01, on 23.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8683 bytes

Siinäpä ne taas=)

 

SRI

En muistanut pyytää HJT logia =>

SRI
Onhan se tuossa
.

 

Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
Symantec Lic NetConnect service

Klikkaa rivi aktiiviseksi ja
Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers
josta muutat Käynnistystapa Ei käytössä. => Oikeasta alakulmasta Klikkaa käytä ja OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu . Poistu ohjelmasta.

----------------------------------------------------------------------------------

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

free-downloads.net Toolbar
ZoneAlarm Spy Blocker BHO


-----------------------------------------------------------------------------------

Lataa Atribunen ATF Cleaner

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

----------------------------------------------

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

-------------------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Poista kansio/t, jos löytyy:
C:\Program Files\Common Files\Symantec Shared\
C:\Program Files\free-downloads.net\
C:\Program Files\ZoneAlarmSB\

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kaperskyn raportti
*
* Kerro mikä on tilanne ???
.

 

Se on moro, en ole päässyt koneella käymään vähään aikaan, muuta kiireitä. =) Joo elikkä tuossa yksipäivä kokeilin tuota Kasperskya, mutta se tilttasi johonkin 32%. Eikä suostunut enää jatkamaan vaikka oli ruksattamassa koko yön, joten jouduin lopettamaan sen. Nyt se ei sitten anna skannata ollenkaan. Ei voi valita sitä acceptia siinä. Ja ohjauspaneelin kautta kun piti poistaa free-downloads.net Toolbar
ZoneAlarm Spy Blocker BHO
niin ei antanut poistaa kuin zone alarmin, tuota free downloadsia kun yrittää poistaa niin sanoo vain could not open INSTALL.LOG file

 

Menepä Järjestelmänvalvojan tunnuksilla vikasieto tilaan
tee siellä
Käynnistä kone vikasietotilaan => OHJE
.

 

Juu, anteeksi en ole joutanut taaskaan tämän koneen kimppuun aikaisemmin.... Semmonen ongelma, että kone ei laske minua vikasietotilaan. Ruutu jää mustaksi ja jokin kursori vilkkuu vasemmassa yläkulmassa. ei siis käynnistä windowsia vikasietotilassa...=(

 

Apua edelleen kaivataan

 

Laita logia välillä
.