HijackThis- Logi

Joffel · Mar 14, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:23, on 14.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Jonne\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Documents and Settings\Jonne\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\winsock32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsavaui.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsavgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Jonne\iTunesHelper.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9844 bytes

Hujo · Mar 14, 2008

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

==========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Joffel · Mar 14, 2008

ComboFix 08-03-14.2 - Jonne 2008-03-14 22:42:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT 2:00]
Running from: C:\Documents and Settings\Jonne\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jonne\Application Data\inst.exe
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-14 22:03 . 2008-03-14 22:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-14 21:15 . 2008-03-14 21:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 21:05 . 2008-03-14 21:12 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2008-03-14 18:49 . 2008-03-14 18:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 18:33 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-14 18:33 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-14 18:33 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-14 18:33 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-14 18:33 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-14 18:33 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-14 18:33 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-14 16:32 . 2008-03-14 16:32 <DIR> d-------- C:\Documents and Settings\Heikki\Application Data\F-Secure
2008-03-14 15:10 . 2008-03-14 19:28 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\BSplayer PRO
2008-03-14 14:45 . 2008-03-14 14:45 268 --ah----- C:\sqmdata02.sqm
2008-03-14 14:45 . 2008-03-14 14:45 244 --ah----- C:\sqmnoopt02.sqm
2008-03-11 16:36 . 2008-03-12 16:37 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\DivX
2008-03-11 16:35 . 2008-02-21 04:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-11 16:35 . 2008-02-21 04:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-11 16:35 . 2008-02-21 04:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-10 16:34 . 2008-03-10 16:34 <DIR> d-------- C:\Program Files\foobar2000
2008-03-10 16:18 . 2008-03-13 18:03 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\foobar2000
2008-03-10 14:54 . 2008-03-10 14:54 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-03-08 14:40 . 2008-03-08 14:40 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-03-07 20:32 . 2008-03-14 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-07 20:32 . 2008-03-07 20:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-07 17:41 . 2008-03-07 17:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-07 17:38 . 2008-03-07 17:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-06 22:01 . 2008-03-06 22:01 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\Image Zone Express
2008-03-06 21:30 . 2008-03-06 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-06 21:27 . 2008-03-06 21:27 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-06 21:22 . 2008-03-06 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-06 21:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-06 21:07 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-06 21:07 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-06 21:07 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-06 21:07 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-06 21:07 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-06 21:07 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-06 21:02 . 2008-03-06 21:27 <DIR> d-------- C:\Program Files\HP
2008-03-06 21:02 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-06 21:02 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-06 21:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-06 21:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-06 20:55 . 2008-03-06 21:58 113,043 --a------ C:\WINDOWS\hpoins07.dat
2008-03-06 20:55 . 2005-05-24 07:41 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-03-06 20:54 . 2008-03-06 22:01 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\HP
2008-03-06 14:06 . 2008-03-06 14:06 <DIR> d-------- C:\Documents and Settings\Jonne\components
2008-03-06 14:06 . 2008-03-06 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-03-06 14:02 . 2008-03-11 14:49 <DIR> d-------- C:\Documents and Settings\Jonne\Last.fm
2008-03-05 17:14 . 2008-03-05 17:14 398 --a------ C:\WINDOWS\ODBC.INI
2008-03-05 17:12 . 2008-03-05 17:13 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-05 14:31 . 2008-03-13 18:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-05 14:02 . 2008-03-05 14:02 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-05 13:52 . 2008-03-05 13:52 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-05 13:52 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-05 13:52 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-05 13:52 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-05 13:52 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-05 13:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-05 13:52 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-05 13:52 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-05 13:52 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-05 13:49 . 2008-03-05 13:49 32 --a------ C:\WINDOWS\Setup_nero.INI
2008-03-05 13:42 . 2008-03-05 13:42 <DIR> d-------- C:\Documents and Settings\Jonne\Helpers
2008-03-05 13:39 . 2008-03-05 13:39 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-05 13:39 . 2008-03-05 13:39 <DIR> d-------- C:\Documents and Settings\Jonne\Scripting Guide
2008-03-05 13:39 . 2008-03-05 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-05 13:38 . 2008-03-05 13:44 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Documents and Settings\Jonne\Samples
2008-03-05 13:38 . 2008-03-05 13:42 <DIR> d-------- C:\Documents and Settings\Jonne\Required
2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Documents and Settings\Jonne\Presets
2008-03-05 13:38 . 2008-03-06 14:06 <DIR> d-------- C:\Documents and Settings\Jonne\Plug-Ins
2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Documents and Settings\Jonne\Legal
2008-03-05 13:38 . 2008-03-14 18:51 <DIR> d-------- C:\Documents and Settings\Jonne\Help
2008-03-05 13:38 . 2008-03-05 13:38 <DIR> d-------- C:\Documents and Settings\Jonne\Activation
2008-03-04 19:48 . 2008-03-04 19:48 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-03-04 18:03 . 2008-03-04 18:04 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-04 18:01 . 2008-03-04 18:10 <DIR> d-------- C:\Documents and Settings\Nea\Contacts
2008-03-03 16:48 . 2008-03-03 16:48 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\dvdcss
2008-03-03 14:50 . 2008-03-09 20:54 <DIR> d-------- C:\Lyrics
2008-03-03 14:40 . 2008-03-03 14:40 <DIR> d-------- C:\Program Files\VSO
2008-03-03 14:40 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-03 14:40 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-03 14:40 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-03 13:59 . 2008-03-03 13:59 61,952 --------- C:\WINDOWS\cals.0xe
2008-03-03 13:54 . 2008-03-03 14:38 <DIR> d-------- C:\Documents and Settings\Jonne\3
2008-03-02 18:15 . 2008-03-02 18:15 <DIR> d-------- C:\Program Files\free-downloads.net
2008-03-02 18:15 . 2008-03-02 18:15 <DIR> d-------- C:\Program Files\Conduit
2008-03-02 18:09 . 2008-03-02 18:09 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-02 18:04 . 2008-03-07 18:06 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\Vso
2008-03-02 18:04 . 2008-03-03 14:40 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-02 18:04 . 2008-03-03 14:40 47,360 --a------ C:\Documents and Settings\Jonne\Application Data\pcouffin.sys
2008-03-02 17:59 . 2008-03-02 17:59 <DIR> d-------- C:\Documents and Settings\Jonne\MagicDVDRipper
2008-03-02 17:47 . 2008-03-02 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-02 17:44 . 2008-03-02 17:46 24 ---hs---- C:\WINDOWS\S328C8E2E.tmp
2008-03-02 16:46 . 2008-03-02 16:46 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-02 15:19 . 2008-03-02 15:19 <DIR> d-------- C:\WINDOWS\Sun
2008-03-02 14:59 . 2008-03-02 14:59 <DIR> d-------- C:\Program Files\Minilyrics
2008-03-02 14:59 . 2008-03-06 17:45 <DIR> d-------- C:\Documents and Settings\Jonne\Application Data\MiniLyrics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 14:26 --------- d-----w C:\Program Files\Java
2008-03-07 16:06 --------- d-----w C:\Documents and Settings\Jonne\Application Data\Vso
2008-03-03 12:40 --------- d-----w C:\Program Files\VSO
2008-02-29 11:57 --------- d-----w C:\Documents and Settings\Jonne\Application Data\vlc
2008-02-28 17:22 --------- d-----w C:\Program Files\Google
2008-02-28 17:01 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
2008-02-28 17:01 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
2008-02-28 17:01 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
2008-02-28 17:01 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-02-28 17:01 20,152 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1
2008-02-28 17:01 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
2008-02-28 17:01 12,228 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
2008-02-28 17:01 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-02-28 16:58 --------- d-----w C:\Program Files\Bonjour
2008-02-28 16:58 --------- d-----w C:\Program Files\Apple Software Update
2008-02-28 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-28 15:34 --------- d-----w C:\Program Files\Windows XP MUI Pack
2008-02-28 15:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 15:19 --------- d-----w C:\Program Files\Common Files\Java
2008-02-28 15:13 --------- d-----w C:\Program Files\Windows Plus
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-12-21 02:51 3,337,000 ----a-w C:\Documents and Settings\Jonne\Safari.exe
2007-12-21 02:27 47,616 ----a-w C:\Documents and Settings\Jonne\pthreadVC2.dll
2007-12-21 02:27 4,141,056 ----a-w C:\Documents and Settings\Jonne\WebKit.dll
2007-12-21 02:27 1,055,744 ----a-w C:\Documents and Settings\Jonne\libxml2.dll
2007-12-21 02:26 479,232 ----a-w C:\Documents and Settings\Jonne\SpellChecker.dll
2007-12-21 02:25 679,936 ----a-w C:\Documents and Settings\Jonne\icuin36.dll
2007-12-21 02:25 62,464 ----a-w C:\Documents and Settings\Jonne\zlib1.dll
2007-12-21 02:25 532,480 ----a-w C:\Documents and Settings\Jonne\PubSubDLL.dll
2007-12-21 02:25 462,848 ----a-w C:\Documents and Settings\Jonne\CoreFoundation.dll
2007-12-21 02:25 434,176 ----a-w C:\Documents and Settings\Jonne\CFNetwork.dll
2007-12-21 02:25 352,256 ----a-w C:\Documents and Settings\Jonne\SQLite3.dll
2007-12-21 02:25 319,488 ----a-w C:\Documents and Settings\Jonne\libtidy.dll
2007-12-21 02:25 3,801,088 ----a-w C:\Documents and Settings\Jonne\CoreGraphics.dll
2007-12-21 02:25 290,816 ----a-w C:\Documents and Settings\Jonne\Search.dll
2007-12-21 02:25 253,952 ----a-w C:\Documents and Settings\Jonne\SafariTheme.dll
2007-12-21 02:25 197,632 ----a-w C:\Documents and Settings\Jonne\libxslt.dll
2007-12-21 02:25 1,028,096 ----a-w C:\Documents and Settings\Jonne\icuuc36.dll
2007-12-21 02:24 8,912,896 ----a-w C:\Documents and Settings\Jonne\icudt36.dll
2005-03-22 03:49 287,232 ----a-w C:\Documents and Settings\Jonne\Adobelmsvc Installer.dll
2005-03-22 02:29 19,533,824 ----a-w C:\Documents and Settings\Jonne\Photoshop.exe
2005-03-22 01:48 2,142,208 ----a-w C:\Documents and Settings\Jonne\PSArt.dll
2005-03-22 01:48 1,748,992 ----a-w C:\Documents and Settings\Jonne\PSViews.dll
2005-03-22 01:48 1,323,008 ----a-w C:\Documents and Settings\Jonne\Photoshop.dll
2005-03-22 01:43 1,144,622 ----a-w C:\Documents and Settings\Jonne\Tw10122.dat
2005-03-22 01:41 19,980,288 ----a-w C:\Documents and Settings\Jonne\ImageReady.exe
2005-03-22 01:13 41,984 ----a-w C:\Documents and Settings\Jonne\Plugin.dll
2005-03-16 16:57 61,440 ----a-w C:\Documents and Settings\Jonne\regsresen_US.dll
2005-03-13 11:10 4,096,000 ----a-w C:\Documents and Settings\Jonne\PDFL70.dll
2005-03-13 10:01 1,805,824 ----a-w C:\Documents and Settings\Jonne\AGM.dll
2005-03-10 18:31 3,715,072 ----a-w C:\Documents and Settings\Jonne\MPS.dll
2005-03-09 15:59 1,560,169 ----a-w C:\Documents and Settings\Jonne\AdobeLM.dll
2005-03-09 02:32 151,552 ----a-w C:\Documents and Settings\Jonne\AXE8SharedExpat.dll
2005-03-09 02:32 151,552 ----a-w C:\Documents and Settings\Jonne\AXE16SharedExpat.dll
2005-03-09 02:17 475,136 ----a-w C:\Documents and Settings\Jonne\AdobeXMP.dll
2005-03-09 02:07 630,784 ----a-w C:\Documents and Settings\Jonne\ACE.dll
2005-03-09 02:07 266,240 ----a-w C:\Documents and Settings\Jonne\ARE.dll
2005-03-09 02:07 217,088 ----a-w C:\Documents and Settings\Jonne\BIBUtils.dll
2005-03-09 02:07 2,162,688 ----a-w C:\Documents and Settings\Jonne\CoolType.dll
2005-03-09 02:07 180,224 ----a-w C:\Documents and Settings\Jonne\Bib.dll
2005-03-08 05:23 4,153,344 ----a-w C:\Documents and Settings\Jonne\VersionCue.dll
2005-03-08 05:23 3,170,304 ----a-w C:\Documents and Settings\Jonne\VersionCueUI.dll
2005-03-03 13:39 425,984 ----a-w C:\Documents and Settings\Jonne\AdobeUpdater.dll
2005-02-17 09:28 663,552 ----a-w C:\Documents and Settings\Jonne\FileInfo.dll
2005-02-15 00:03 561,152 ----a-w C:\Documents and Settings\Jonne\JP2KLib.dll
2005-02-10 11:36 143,360 ----a-w C:\Documents and Settings\Jonne\epic_eula.dll
2005-02-08 11:43 49,152 ----a-w C:\Documents and Settings\Jonne\persresen_US.dll
2005-02-08 11:43 45,056 ----a-w C:\Documents and Settings\Jonne\eularesen_US.dll
2005-02-07 06:45 5,632 ----a-w C:\Documents and Settings\Jonne\agldt28l.dll
2005-01-19 12:31 155,648 ----a-w C:\Documents and Settings\Jonne\epic_regs.dll
2005-01-18 10:31 114,688 ----a-w C:\Documents and Settings\Jonne\epic_pers.dll
2005-01-12 12:23 180,224 ----a-w C:\Documents and Settings\Jonne\pdfsettings.dll
2004-08-24 13:55 126,976 ----a-w C:\Documents and Settings\Jonne\asneu.dll
2004-06-22 10:57 589,824 ----a-w C:\Documents and Settings\Jonne\libagluc28.dll
2003-05-08 16:34 499,712 ----a-w C:\Documents and Settings\Jonne\msvcp71.dll
2003-05-08 16:32 348,160 ----a-w C:\Documents and Settings\Jonne\msvcr71.dll
2000-08-28 22:19 401,462 ----a-w C:\Documents and Settings\Jonne\MSVCP60.DLL
1999-12-03 04:01 22,800 ----a-w C:\Documents and Settings\Jonne\Shfolder.dll
1999-02-01 22:00 266,293 ----a-w C:\Documents and Settings\Jonne\Msvcrt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Documents and Settings\Jonne\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 12:10 450560]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 08:22 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]

C:\Documents and Settings\Jonne\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Last.fm Helper.lnk - C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe [2008-03-06 14:02:48 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\DOCUME~1\Jonne\WINDOW~1\fastload.dll 2001-12-20 22:34 24576 C:\DOCUME~1\Jonne\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\DOCUME~1\Jonne\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\DOCUME~1\Jonne\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Jonne\\iTunes.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-02-28 22:27]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 08:05:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 20:24:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 22:46:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 22:51:54
ComboFix-quarantined-files.txt 2008-03-14 20:51:43
.
2008-03-12 19:44:27 --- E O F ---

Hujo · Mar 14, 2008

Poista lisää poista sovelutuksesta

free-downloads.net

Poista vikasiedossa kansio

:\Program Files\free-downloads.net

==========

aja tuo sdfix

Joffel · Mar 15, 2008

SDFix: Version 1.157

Run by Jonne on la 15.03.2008 at 09:10

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Jonne\Desktop\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 09:22:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:fb,89,68,0b,58,0e,88,c4,a3,15,de,0c,cd,ea,43,17,41,1e,f5,52,fb,..
"p0"="C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:fb,89,68,0b,58,0e,88,c4,a3,15,de,0c,cd,ea,43,17,41,1e,f5,52,fb,..
"p0"="C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Jonne\\iTunes.exe"="C:\\Documents and Settings\\Jonne\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Jonne\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 2 Mar 2008 24 ..SH. --- "C:\WINDOWS\S328C8E2E.tmp"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 28 Feb 2008 6,219,320 A..H. --- "C:\Documents and Settings\Heikki\My Documents\Picasa2\setup.exe"
Wed 13 Jun 2007 1,561,600 A.SHR --- "C:\Program Files\EMCO Malware Destroyer\Quarantine\JONNE-BF56DF828\NMC.SPYBOT.AKKC\Files\WINDOWS\System32\winsock32.exe"

Finished!

Tosiaan, nyt ei enää F-Securekaan valita mistään. Ajoin EMCO Malmware Destroyerin läpi ja se sanoi löytäneensä joitain haittaohjelmia --> annoin sen poistaa ne.

Hujo · Mar 15, 2008

scannaa uusi hjt:n loki

Joffel · Mar 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:55, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Documents and Settings\Jonne\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Jonne\iTunesHelper.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Documents and Settings\Heikki\My Documents\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-2000478354-162531612-839522115-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Jonne')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-162531612-839522115-1008 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Jonne')
O4 - S-1-5-21-2000478354-162531612-839522115-1008 Startup: Last.fm Helper.lnk = C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe (User 'Jonne')
O4 - S-1-5-21-2000478354-162531612-839522115-1008 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Jonne')
O4 - S-1-5-21-2000478354-162531612-839522115-1008 User Startup: Last.fm Helper.lnk = C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe (User 'Jonne')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 9897 bytes

Scanni on tehty eri käyttäjätunnuksella ku viimeks, se ei varmaan kuitenkaan vaikuta mihinkään

Hujo · Mar 15, 2008

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing

Joffel · Mar 15, 2008

Tein ohjeiden mukaisesti ja sen jälkeen scannasin uudestaan. Noi kyseiset kohdat oli mun mielestä kadonnu siitä sit. Loki tässä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:10, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Jonne\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Documents and Settings\Jonne\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Jonne\iTunesHelper.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-2000478354-162531612-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Heikki')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Documents and Settings\Jonne\Last.fm\LastFMHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Jonne\My Documents\ohjelmii\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9141 bytes

Hujo · Mar 15, 2008

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

============

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

Joffel · Mar 15, 2008

File C:\WINDOWS\cals.0xe infected by "Backdoor.Win32.Agent.fhx" Virus. Action Taken: File Renamed.
File C:\RECYCLER\S-1-5-21-2000478354-162531612-839522115-1008\Dc123.0at infected by "Trojan.BAT.Regger.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{DC89648A-EE6F-4902-A20E-206B9F18498C}\RP105\A0009149.0xe infected by "Backdoor.Win32.Agent.fhx" Virus. Action Taken: File Renamed.

Hujo · Mar 15, 2008

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

Joffel · Mar 15, 2008

Itselläni ainoa mitä tossa voi ruksittaa on:

Poista järjestelmän palauttaminen käytöstä. Kun laitan siihen ruksin ja painan Käytä, heittää Windows tälläsen palkin tohon:

Järjestelmän palautus poistetaan käytöstä. Kaikki nykyiset palautuspisteet poistetaan, eikä järjestelmään tehtyjä muutoksia voida seurata tai palauttaa. Poistetaanko järjestelmän palautus käytöstä?

Laitanko siis tuohon kuitenkin ruksin ja toimin ohjeiden mukaan? Ajattelin varmistaa, etten kuse tätä hommaa.

Hujo · Mar 15, 2008

kyllä sitten sammutat ja käynnistät ja otat ruksin taas pois

Joffel · Mar 15, 2008

Noin, nyt on tehty ohjeiden mukaisesti. Mitä seuraavaksi?

Hujo · Mar 15, 2008

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

Joffel · Mar 15, 2008

Nonniin, nyt on toikin laitettu. Pistänkö vielä jonkun lokin tähän?

Hujo · Mar 15, 2008

Miltäs kone tuntuu pärjääkö sillä

Joffel · Mar 15, 2008

Hyvältä tuntuu, ei mitään vikaa mielestäni Paljon kiitoksia Hujo !

Log in or Sign up

HijackThis- Logi

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Share This Page

Log in or Sign up

HijackThis- Logi

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Hujo Guest

Joffel Member

Share This Page

Useful Searches