Hjt-logi, mikä pielessä?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Caniz, Feb 6, 2008.

  1. Caniz

    Caniz Member

    Joined:
    Sep 11, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Elikkä, nyt olis pienimuotonen ongelma. Kyseessä on nyt veljen kone, joka yrittää tällä Maplestoryä pelata =/ Pukkaa GameGuard erroria, ja mitä ny tutkin, ni väittää että "haittaohjelmia" on koneella, juuri vähän aikaa sitten asennettu winukka uusiks, ja muutenki puhtaana luulis pysyneen. Scannattua kahteen otteeseen Nortonilla, ja mitään ei näkyny =/ Logia en osaa lukea, joten luotan teihin.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:41:50, on 6.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 8334 bytes
     
    Caniz, Feb 6, 2008
    #1
  2. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...p1.0.0.15-3.cab

    ==============

    lataa startuplite

    tallena tiedosto työpöydälle. Tuplalikkaa StartUpLitenn.exe:ä
    sitten voi valita mitä jätät käynnistyviin ja paina sitten continue.

    ================

    Lataa: RegSeeker.zip työpöydälle:

    Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
    Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
    Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
    Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
    Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
    klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
    Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
    Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
    Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
    Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

    ==============

    Lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v2.03.532- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
    aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

    ===========

    Ohje AVG:n Anti-Spyware 7.5:n käyttöön
    Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG:n Anti-Spyware 7.5:n
    ja tallenna ohjelma työpöydällesi.
    o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    o Käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

    o Sitten "Reports" valikon alta:
    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    o "Resident shield is", muuta tila active:sta inactive:ksi
    o Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä koneesi vikasietotilaan,
    sammuta ja käynnistä
    käynnistyksen yhteydessä naputtele F8
    valitse nuoli näppäimellä vikasietotila
    paina enter ja enter

    Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

    HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
    o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
     
    Hujo, Feb 6, 2008
    #2
  3. Caniz

    Caniz Member

    Joined:
    Sep 11, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Selevä, laitan huomenna tulokset, kuha pääsen himaan, ny en jaksa mennä pomppimaan tonne alas, ku tää muu perhe nukkuu. Kahtellaan huomenna lisää :>
     
    Caniz, Feb 6, 2008
    #3
  4. Caniz

    Caniz Member

    Joined:
    Sep 11, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:56:08 8.2.2008

    + Scan result:



    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@edsa.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ehg-sanomadata.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Mika\Cookies\mika@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Luukas\Cookies\luukas@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Linda\Cookies\linda@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    Tollasta tuli, faija teki ton, ku olin ite kaverilla, ohjeet annoin, ja luulisin et oikein meni.
     
    Caniz, Feb 8, 2008
    #4
  5. Hujo

    Hujo Guest

    laitas hjt:n loki uusi scannaten
     
    Hujo, Feb 8, 2008
    #5
  6. Caniz

    Caniz Member

    Joined:
    Sep 11, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:29:30, on 9.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
    O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 7915 bytes
     
    Caniz, Feb 9, 2008
    #6
  7. Hujo

    Hujo Guest

    loki ok
     
    Hujo, Feb 10, 2008
    #7

Share This Page