Hijackthis log, kotisivunkaappaus

Discussion in 'Virukset ja haittaohjelmat' started by Xpboy, May 20, 2006.

  1. Xpboy

    Xpboy Guest

    Tervehdys!

    Ongelma ilmeni eilen konetta kayttäessäni, eli kun avaan Internet Explorerin kotisivun (Google.fi) niin aina ohjelma hyppää http://www.safetyuptodate.com/ sivulle, joka kehottaa lataamaan Malware wipe ohjelman. Oikeassa ala-laidassa näkyy myös väliajoin Virus Alert!:in tyyppisiä varoituksia ja käynnistettäessä heittää herjaa "runner error". Mielestäni koneellani on jonkin sortin kotisivunkaappaus ohjelma tai jotain.
    Löytyisiköhän apua? tässä HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:59:58, on 20.5.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\atmclk.exe
    D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\Program Files\F-Secure\Common\FSM32.EXE
    D:\WINDOWS\System32\LVComS.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    G:\Pelit\video\PDVDServ.exe
    D:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    D:\Program Files\F-Secure\Common\FSMA32.EXE
    D:\Program Files\F-Secure\Common\FSMB32.EXE
    D:\Program Files\F-Secure\Common\FCH32.EXE
    D:\WINDOWS\System32\snmp.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\F-Secure\Common\FAMEH32.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    D:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\WINDOWS\system32\drivers\etc\lt_lserv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    D:\Program Files\F-Secure\Common\FNRB32.EXE
    D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    D:\Program Files\F-Secure\Common\FIH32.EXE
    D:\WINDOWS\System32\alg.exe
    D:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    D:\Program Files\F-Secure\FSGUI\fsguidll.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    G:\Program Files\a-squared\a2guard.exe
    D:\Documents and Settings\Mika\Omat tiedostot\Uusi kansio\poisto ohjelma.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - D:\WINDOWS\system32\hpC0B1.tmp
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [DXM6Patch_981116] D:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] D:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] G:\Pelit\video\PDVDServ.exe
    O4 - HKLM\..\Run: [TemplateDongle] iesetupdll.exe
    O4 - HKLM\..\Run: [wormexe] EXE32EXE.exe
    O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SideWinderTrayV4] d:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [URemote] D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    O4 - HKLM\..\Run: [Presto! PVR Monitor] D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [a-squared] "G:\Program Files\a-squared\a2guard.exe"
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414CCFI
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854001.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\Documents and Settings\Arto\Local Settings\Temp\EI40_\msxml4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - F-Secure Automatic Update - D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - D:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing)
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: VERTEX License Server - Unknown owner - D:/WINDOWS/system32/drivers/etc/lt_lserv.exe
    ------------------------------------------------------------------

    Olisin kiitollinen jos kerkeäisitte tarkastaa!
     
    Xpboy, May 20, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Lataa SmitfraudFix (c) S!Ri
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.
     
    -kemisti-, May 20, 2006
    #2
  3. Xpboy

    Xpboy Guest

    Okei tällainen tuli:

    SmitFraudFix v2.45

    Scan done at 12:22:02.10, la 20.05.2006
    Run from D:\Documents and Settings\Mika\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    D:\WINDOWS\system32\atmclk.exe FOUND !
    D:\WINDOWS\system32\dcomcfg.exe FOUND !
    D:\WINDOWS\system32\hp????.tmp FOUND !
    D:\WINDOWS\system32\ld????.tmp FOUND !
    D:\WINDOWS\system32\ot.ico FOUND !
    D:\WINDOWS\system32\regperf.exe FOUND !
    D:\WINDOWS\system32\simpole.tlb FOUND !
    D:\WINDOWS\system32\stdole3.tlb FOUND !
    D:\WINDOWS\system32\ts.ico FOUND !
    D:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mika\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    D:\DOCUME~1\Mika\KYNNIS~1\Ohjelmat\MalwareWipe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Mika\Suosikit

    D:\DOCUME~1\Mika\Suosikit\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    Xpboy, May 20, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Tämän jälkeen:

    Avaa SmitfraudFix kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #4 - Generic Renos Fix kirjoittamalla 4 ja painamalla Enter.
    Ohjelma scannaa ja poistaa rekisteristä arvoja ja poistaa vastaavat saastuneet tiedostot koneeltasi. Tämä voi kestää, joten ole kärsivällinen .
    Työkalu luo lokin nimelt rapport.txt asemasi juurihakemistoon, esim.: Paikallinen levy C: tai siihen osioo, mihin käyttöjärjestelmä on asennettu. Käynnistä takaisin normaalitilaan ja lähetä kyseisen raportin sisältö vastaukseesi. Lähetä myös uusi HjT-loki.



     
    -kemisti-, May 20, 2006
    #4
  5. Xpboy

    Xpboy Guest

    Tässä raportti:SmitFraudFix v2.45

    Scan done at 12:38:06.18, la 20.05.2006
    Run from D:\Documents and Settings\Mika\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Before GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» GenericRenosFix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» After GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @="D:\WINDOWS\system32\sbnudh.dll"





    ---------------------------------------------------------------------
    Ja tässä HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:43:07, on 20.5.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\Program Files\F-Secure\Common\FSM32.EXE
    D:\WINDOWS\System32\LVComS.exe
    G:\Pelit\video\PDVDServ.exe
    D:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\a-squared\a2guard.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    D:\Program Files\F-Secure\Common\FSMA32.EXE
    D:\Program Files\F-Secure\Common\FSMB32.EXE
    D:\Program Files\F-Secure\Common\FCH32.EXE
    D:\WINDOWS\System32\snmp.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\Program Files\F-Secure\Common\FAMEH32.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    D:\WINDOWS\system32\drivers\etc\lt_lserv.exe
    D:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    D:\WINDOWS\System32\wbem\wmiprvse.exe
    D:\Program Files\F-Secure\Common\FNRB32.EXE
    D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    D:\Program Files\F-Secure\Common\FIH32.EXE
    D:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    D:\Program Files\F-Secure\FSGUI\fsguidll.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Mika\Omat tiedostot\Uusi kansio\poisto ohjelma.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [DXM6Patch_981116] D:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] D:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [RemoteControl] G:\Pelit\video\PDVDServ.exe
    O4 - HKLM\..\Run: [TemplateDongle] iesetupdll.exe
    O4 - HKLM\..\Run: [wormexe] EXE32EXE.exe
    O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SideWinderTrayV4] d:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [URemote] D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    O4 - HKLM\..\Run: [Presto! PVR Monitor] D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [a-squared] "G:\Program Files\a-squared\a2guard.exe"
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\Load.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414CCFI
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854001.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\Documents and Settings\Arto\Local Settings\Temp\EI40_\msxml4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - F-Secure Automatic Update - D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - D:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing)
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: VERTEX License Server - Unknown owner - D:/WINDOWS/system32/drivers/etc/lt_lserv.exe

     
    Xpboy, May 20, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kokeilepa ajaa se General Renos fix (optio 4) uudestaan vikasietotilassa, koska ei toiminut ja lähetä sitten uusi rapport.txt-tiedoston sisältö.
     
    Last edited: May 20, 2006
    -kemisti-, May 20, 2006
    #6
  7. Xpboy

    Xpboy Guest

    2. valinnan raportti:

    SmitFraudFix v2.45

    Scan done at 12:36:05.20, la 20.05.2006
    Run from D:\Documents and Settings\Mika\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    D:\WINDOWS\system32\atmclk.exe Deleted
    D:\WINDOWS\system32\dcomcfg.exe Deleted
    D:\WINDOWS\system32\hp????.tmp Deleted
    D:\WINDOWS\system32\ld????.tmp Deleted
    D:\WINDOWS\system32\ot.ico Deleted
    D:\WINDOWS\system32\regperf.exe Deleted
    D:\WINDOWS\system32\simpole.tlb Deleted
    D:\WINDOWS\system32\stdole3.tlb Deleted
    D:\WINDOWS\system32\ts.ico Deleted
    D:\WINDOWS\system32\1024\ Deleted
    D:\DOCUME~1\Mika\Suosikit\Antivirus Test Online.url Deleted
    D:\DOCUME~1\Mika\KYNNIS~1\Ohjelmat\MalwareWipe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» End

    4. valinnan raportti:

    SmitFraudFix v2.45

    Scan done at 12:56:45,09, la 20.05.2006
    Run from D:\Documents and Settings\J„rjestelm„nvalvoja\Ty”p”yt„\Uusi kansio
    OS: Microsoft Windows XP [versio 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Before GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"


    »»»»»»»»»»»»»»»»»»»»»»»» GenericRenosFix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» After GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"
    ---------------------------------------------------------------------

    Osaisitteko vielä sanoa että miksi käynnistettäessä tulee tällainen:
    runner error: Invalid BackWeb application id "7681197", johon on klikattava OK monta kertaa


     
    Xpboy, May 20, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Onko ehkä BackWeb poistettu SpyBotilla?

    Ja tuo ei ole vielä kunnossa:

    Ota ensin rekisteristä näin varmuuskopio:

    Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

    Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

    Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.
     
    Last edited: May 20, 2006
    -kemisti-, May 20, 2006
    #8
  9. Xpboy

    Xpboy Guest

    SmitFraudFix v2.45

    Scan done at 13:30:32.76, la 20.05.2006
    Run from D:\Documents and Settings\Mika\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mika\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Mika\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Tällainen tuli.
     
    Xpboy, May 20, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Selvä, tuo lähti.

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O4 - HKLM\..\Run: [TemplateDongle] iesetupdll.exe
    O4 - HKLM\..\Run: [wormexe] EXE32EXE.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414CCFI
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854001.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...[/b]

    Poista, jos löytyy:

    iesetupdll.exe
    EXE32EXE.exe

    Käynnistä uudelleen ja lähetä uusi HjT-loki.

    Vielä ongelmia kotisivukaappauksen kanssa?
     
    -kemisti-, May 20, 2006
    #10
  11. Xpboy

    Xpboy Guest

    Kotisivunkaappauksista ja pop-upeista ei ole enää näkynyt jälkeäkään, siitä kiitos sinulle.
    Tässä HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:57:55, on 20.5.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\Program Files\F-Secure\Common\FSM32.EXE
    D:\WINDOWS\System32\LVComS.exe
    G:\Pelit\video\PDVDServ.exe
    D:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    D:\Program Files\F-Secure\Common\FSMA32.EXE
    D:\Program Files\F-Secure\Common\FSMB32.EXE
    D:\Program Files\F-Secure\Common\FCH32.EXE
    D:\Program Files\F-Secure\Common\FAMEH32.EXE
    D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    D:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    D:\WINDOWS\System32\snmp.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\drivers\etc\lt_lserv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    D:\Program Files\F-Secure\Common\FNRB32.EXE
    D:\Program Files\F-Secure\Common\FIH32.EXE
    D:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    D:\Program Files\F-Secure\FSGUI\fsguidll.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\Mika\Omat tiedostot\Uusi kansio\poisto ohjelma.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [DXM6Patch_981116] D:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] D:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [RemoteControl] G:\Pelit\video\PDVDServ.exe
    O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SideWinderTrayV4] d:\PROGRA~1\MICROS~4\common\swtrayv4.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [URemote] D:\Program Files\NewSoft\Presto! PVR\URemote.exe
    O4 - HKLM\..\Run: [Presto! PVR Monitor] D:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\Documents and Settings\Arto\Local Settings\Temp\EI40_\msxml4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - F-Secure Automatic Update - D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - D:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing)
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - G:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: VERTEX License Server - Unknown owner - D:/WINDOWS/system32/drivers/etc/lt_lserv.exe


     
    Xpboy, May 20, 2006
    #11
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Loki näyttäisi olevan ok.

    Siitä BackWebistä:

    Jos ei löydy Spybotin varmuuskopioista BackWeb Liteä, niin helpoin tapa on asentaa F-secure uudestaan.
     
    -kemisti-, May 20, 2006
    #12
  13. Xpboy

    Xpboy Guest

    Niin tässä ajattelinkin, parasta rueta asentamaan se uudestaan niin meneepähän ainakin varman päälle.
    Ja todella paljon kiitoksia sinulle, kun autoit minua.
    Pelastit päivän :)
     
    Xpboy, May 20, 2006
    #13
  14. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Mukavaa, että tuli kuntoon :)
     
    -kemisti-, May 20, 2006
    #14

Share This Page