HijackThis logi, kone käynnistyy/toimii hitaasti

Vihtori_ · Apr 24, 2007

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:43:00, on 24.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis_v2.0.0.0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O17 - HKLM\System\CCS\Services\Tcpip\..\{567ECD84-725A-4346-A5CD-CF06007693A2}: NameServer = 192.168.11.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

Auttaja · Apr 25, 2007

Ensin lataa LSPfix.exe http://www.cexx.org/lspfix.htm sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä.

NewDotNetin poisto; Mene;

Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy;

New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net)

Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin.

Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan.

Ne saattavat estää New.Netin poiston.

Lataa NNuninstall.exe http://www.new.net/support/NNuninstall.exe

* Tallenna se työpöydällesi.
* Tupla-klikkaa NNuninstall.exe filua.
* Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat.
* Klikkaa Yes.
* Klikkaa poiston jälkeen OK.
* Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later).

Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai
osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä
ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja
NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja
vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen.

Tyhjennä roskakori.

JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa]

********

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

****

uusi hijackthis logi

Vihtori_ · May 25, 2007

"Omistaja" - 2007-05-25 19:51:53 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Program Files\Mozilla Firefox\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\NDNuninstall6_38.exe"
"C:\WINDOWS\system32\winsys.exe"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))

2007-05-25 14:57 <KANSIO> d-------- C:\Program Files\Super DVD Creator 9.30
2007-05-23 09:26 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Opera
2007-05-16 12:44 <KANSIO> d-------- C:\Program Files\Xilisoft
2007-05-16 12:20 <KANSIO> d-------- C:\Program Files\Dvd-cloner
2007-05-16 09:07 <KANSIO> d-------- C:\Program Files\Alice-soft any Video to DVD Converter
2007-05-15 13:12 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Help
2007-05-13 13:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-05-11 12:49 <KANSIO> d-------- C:\Uusi kansio (2)
2007-05-10 13:43 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\LEAPS
2007-05-10 13:38 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Pegasys Inc
2007-05-10 13:33 53,248 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-05-10 13:33 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-05-10 13:33 118,784 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2007-05-10 13:33 <KANSIO> d-------- C:\Program Files\Pegasys Inc
2007-05-10 12:28 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\StaxRip
2007-05-10 00:52 <KANSIO> d-------- C:\Program Files\MagicDVDRipper
2007-05-10 00:40 94,208 --a------ C:\WINDOWS\system32\mp4_lib.dll
2007-05-10 00:40 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2007-05-10 00:40 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2007-05-10 00:40 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2007-05-10 00:40 217,088 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-05-10 00:40 16,896 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-05-10 00:40 16,512 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2007-05-10 00:40 1,839,104 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-05-10 00:40 <KANSIO> d-------- C:\Program Files\XviD
2007-05-10 00:40 <KANSIO> d-------- C:\Program Files\AoA DVD Ripper
2007-05-10 00:33 <KANSIO> d-------- C:\Program Files\ImTOO
2007-05-10 00:01 <KANSIO> d-------- C:\Program Files\DVDx
2007-05-08 15:59 81,920 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-05-08 15:29 <KANSIO> d-------- C:\Program Files\Movie Label 2007
2007-05-08 15:29 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Movie Label
2007-05-06 23:23 654,848 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-05-06 23:23 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-05-06 23:23 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-06 23:23 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-05-06 23:23 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-05-06 23:23 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-06 23:23 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-05-06 23:23 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-05-06 23:23 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-06 23:23 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-06 23:23 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Real
2007-05-06 23:23 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-05-02 08:52 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Ulead Systems
2007-05-02 08:50 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2007-05-02 08:50 <KANSIO> d-------- C:\WINDOWS\system32\windows media
2007-05-02 08:50 <KANSIO> d-------- C:\Program Files\Windows Media Components
2007-05-02 08:49 <KANSIO> d-------- C:\Program Files\Ulead Systems
2007-05-02 08:49 <KANSIO> d-------- C:\Program Files\Common Files\Ulead Systems
2007-05-02 08:49 <KANSIO> d-------- C:\Program Files\Common Files\SONY Digital Images
2007-05-02 08:49 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-05-01 20:10 <KANSIO> d-------- C:\Program Files\Postal2STP
2007-05-01 13:24 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2007-05-01 13:24 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-05-01 13:24 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2007-05-01 13:24 <KANSIO> d-------- C:\Program Files\Folder Lock
2007-05-01 13:22 <KANSIO> d-------- C:\Program Files\Cartoon Maker
2007-04-27 03:00 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-04-26 21:39 <KANSIO> d-------- C:\Program Files\DVDSubber2
2007-04-26 12:20 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-04-26 12:20 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-26 12:20 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
2007-04-26 12:19 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-04-26 12:19 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-04-26 12:18 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-04-26 12:18 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-04-26 12:18 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-04-26 12:18 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-04-26 12:18 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-04-26 12:18 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-04-26 12:18 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-04-26 12:18 487,424 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-04-26 12:18 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-04-26 12:18 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-04-26 12:18 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-04-26 12:18 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-04-26 12:18 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-04-26 12:18 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-04-26 12:18 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-04-26 12:18 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-04-26 12:18 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-04-26 12:18 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-04-26 12:18 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-04-26 12:18 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-04-26 12:18 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-04-26 12:18 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-04-26 12:18 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-04-26 12:18 <KANSIO> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-04-26 12:16 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-04-26 12:16 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-04-26 12:16 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-04-26 12:16 <KANSIO> d-------- C:\Program Files\MAGIX
2007-04-26 12:15 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-04-26 12:15 <KANSIO> d-------- C:\WINDOWS\system32\MAGIX
2007-04-25 14:08 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-04-25 14:02 81,920 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\ezpinst.exe
2007-04-25 14:02 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-25 14:02 47,360 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\pcouffin.sys
2007-04-25 14:02 <KANSIO> d-------- C:\Program Files\CloneDVD
2007-04-25 14:02 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Vso
2007-04-25 03:32 <KANSIO> d-------- C:\Uusi kansio
2007-04-25 00:26 <KANSIO> d-------- C:\Program Files\SubtitleCreator
2007-04-25 00:12 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2007-04-25 00:12 <KANSIO> d-------- C:\Program Files\Gandalf Services

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 16:55:54 -------- d-----w C:\Program Files\Steam
2007-05-25 16:53:42 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent
2007-05-25 16:51:58 83,294 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-05-25 16:51:58 393,432 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-05-25 16:49:02 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-25 16:45:58 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\foobar2000
2007-05-25 16:39:48 -------- d-----w C:\Program Files\mIRC
2007-05-20 21:30:27 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\dvdcss
2007-05-13 10:32:37 -------- d-----w C:\Program Files\DScaler
2007-05-06 20:23:06 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
2007-05-06 13:46:09 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\OpenOffice.org2
2007-05-04 11:41:26 -------- d-----w C:\Program Files\DVDAuthorGUI
2007-05-02 05:49:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 09:26:36 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\CyberLink
2007-04-24 14:29:34 -------- d-----w C:\Program Files\Image Grabber II
2007-04-21 14:42:16 -------- d-----w C:\Program Files\DC++
2007-04-20 10:07:44 -------- d-----w C:\Program Files\Empire Interactive
2007-04-19 07:57:37 -------- d-----w C:\Program Files\Hide IP Platinum
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:14:18 -------- d-----w C:\Program Files\BitrateView
2007-04-16 13:54:50 -------- d-----w C:\Program Files\DVDlab
2007-04-16 08:42:53 -------- d-----w C:\Program Files\URUSoft
2007-04-15 21:47:01 5 ----a-w C:\WINDOWS\system32\SySatwma.dat
2007-04-12 16:24:55 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-04-12 16:02:03 -------- d-----w C:\Program Files\101 AVI MPEG WMV Converter
2007-04-12 15:20:18 -------- d-----w C:\Program Files\Crystal Software
2007-04-12 14:53:04 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\Sony
2007-04-12 14:51:10 -------- d-----w C:\Program Files\Sony
2007-04-12 14:50:54 -------- d-----w C:\Program Files\Sony Setup
2007-04-12 14:45:45 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\Publish Providers
2007-04-12 14:37:00 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-04-12 14:36:08 -------- d-----w C:\Program Files\Vstplugins
2007-04-09 19:59:10 -------- d-----w C:\Program Files\Lavalys
2007-04-02 18:12:23 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\TrueCrypt
2007-04-02 18:11:27 -------- d-----w C:\Program Files\TrueCrypt
2007-03-31 14:02:09 -------- d-----w C:\Program Files\iuLAB
2007-03-31 14:00:14 -------- d-----w C:\Program Files\Common Files\iulab
2007-03-29 11:14:44 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-27 18:58:15 -------- d-----w C:\Program Files\GeoVid
2007-03-27 18:48:18 -------- d-----w C:\Program Files\Winamp
2007-03-27 18:48:04 -------- d-----w C:\Program Files\DivX
2007-03-27 18:03:36 -------- d-----w C:\Program Files\HyCam2
2007-03-25 16:21:19 -------- d-----w C:\Program Files\SpeedFan
2007-03-19 13:25:36 188,576 ----a-w C:\WINDOWS\system32\drivers\truecrypt.sys
2007-03-18 17:16:18 -------- d-----w C:\Program Files\KC Softwares
2007-03-18 11:39:32 -------- d-----w C:\Program Files\uTorrent
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 17:46:33 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\Media Player Classic
2007-03-09 14:46:40 -------- d-----w C:\DOCUME~1\Omistaja\APPLIC~1\Google
2007-03-09 14:45:31 -------- d-----w C:\Program Files\Google
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 04:29:52 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-02-23 04:29:52 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 04:29:52 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-27 18:00]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-08 09:54]
"nwiz"="nwiz.exe" [2006-08-08 09:54 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-06-01 12:22]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-06-01 12:22]
"NvMediaCenter"="NvMCTray.dll" [2006-08-08 09:54 C:\WINDOWS\system32\nvmctray.dll]
"SkyTel"="SkyTel.EXE" []
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-03 01:37]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 16:38]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 15:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-01-11 23:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"PowerBar"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-02-12 02:51]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 23:17]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:44]
"Hide IP Platinum"="C:\Program Files\Hide IP Platinum\hideippla.exe" [2007-02-12 16:09]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

Contents of the 'Scheduled Tasks' folder
2007-05-25 00:01:28 C:\WINDOWS\tasks\Scheduled scanning task.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 19:55:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? pt??6~????????????????wQ%?????N???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

Completion time: 2007-05-25 19:56:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 19:56

--- E O F ---

Auttaja · May 25, 2007

Moi laitatko uuden HJTlogin.

Vihtori_ · May 26, 2007

Logfile of HijackThis v1.99.1
Scan saved at 13:55:05, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\hijackthis_sfx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{567ECD84-725A-4346-A5CD-CF06007693A2}: NameServer = 192.168.11.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Auttaja · May 26, 2007

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Tässä ohje miten merkataan:

==========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.1):

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi Hijackthis logi ja onko ongelmia?

Vihtori_ · May 27, 2007

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:05:54 28.5.2007

+ Scan result:

C:\System Volume Information\_restore{844A82E3-DDEB-4F91-A9BA-E46FD3C96412}\RP154\A0030373.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{844A82E3-DDEB-4F91-A9BA-E46FD3C96412}\RP154\A0030374.EXE -> Adware.NewDotNet : Cleaned.
:mozilla.197:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.904:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.90:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.91:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.92:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.93:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.523:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.456:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.726:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.552:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.636:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.862:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.746:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.747:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.748:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.468:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.32:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.33:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.34:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.266:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.499:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.500:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.501:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.502:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.985:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.582:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.228:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.230:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.242:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.243:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.244:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.246:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.255:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.257:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.258:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.6:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.56:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.594:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.595:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.596:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.902:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.275:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.959:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.960:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.274:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.270:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\duo6r4oi.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.

::Report end

Vihtori_ · May 27, 2007

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:30:40, on 28.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis_v2.0.0.0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.65.93.88:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{567ECD84-725A-4346-A5CD-CF06007693A2}: NameServer = 192.168.11.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9786 bytes

Auttaja · May 28, 2007

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.65.93.88:80
'
jos ite laittanu, no problem

========

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

Log in or Sign up

HijackThis logi, kone käynnistyy/toimii hitaasti

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Vihtori_ Guest

Auttaja Guest

Share This Page

Log in or Sign up

HijackThis logi, kone käynnistyy/toimii hitaasti

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Auttaja Guest

Vihtori_ Guest

Vihtori_ Guest

Auttaja Guest

Share This Page

Useful Searches