HJT LOGI

EmppuKZ · Mar 14, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:23, on 14.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\AVAST!\aswUpdSv.exe
D:\AVAST!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\AVAST!\ashWebSv.exe
D:\AVAST!\ashMaiSv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\Icon Text Manager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\AVAST!\ashDisp.exe
G:\Ohjelmatiedostot\Winamp\Winampa.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
G:\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\aawservice.exe
D:\AVAST!\ashSimpl.exe
D:\CamStudio\Recorder.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.fi/client
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jippii.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {197D1ADE-33D4-4B01-80D2-50FF25D442E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Icon Text Manager] C:\WINDOWS\System32\Icon Text Manager.exe
O4 - HKLM\..\Run: [CloneCDTray] "H:\clone cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\AVAST!\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Ohjelmatiedostot\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WindowsUpdate52961[1].exe
O4 - Global Startup: Last.fm Helper.lnk = G:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Ohjelmatiedostot\Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\AVAST!\aswUpdSv.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\Macro Scheduler\autologonsvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - D:\AVAST!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\AVAST!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\AVAST!\ashWebSv.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\Macro Scheduler\msschedsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7426 bytes

Hujo · Mar 14, 2008

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

EmppuKZ · Mar 15, 2008

SDFix: Version 1.157

Run by Emppu on la 15.03.2008 at 11:51

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\HEIKKI~1\TYPYT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Folder C:\WINDOWS\system32\Sys32 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 11:57:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="G:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,0e,2b,f1,aa,7b,3d,65,5f,39,b5,3f,04,09,c5,e6,b1,8d,01,e4,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5f,67,8a,12,e4,09,56,1c,33,87,4f,07,e1,85,74,7a,81,..
"khjeh"=hex:cd,4c,71,42,c5,77,d5,8c,4f,2f,41,0d,53,06,27,25,66,c8,42,ab,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,fd,68,20,b1,bc,e4,55,a2,95,bb,77,58,bb,aa,29,1a,92,ac,e7,d1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="G:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,0e,2b,f1,aa,7b,3d,65,5f,39,b5,3f,04,09,c5,e6,b1,8d,01,e4,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5f,67,8a,12,e4,09,56,1c,33,87,4f,07,e1,85,74,7a,81,..
"khjeh"=hex:cd,4c,71,42,c5,77,d5,8c,4f,2f,41,0d,53,06,27,25,66,c8,42,ab,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,fd,68,20,b1,bc,e4,55,a2,95,bb,77,58,bb,aa,29,1a,92,ac,e7,d1,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

Remaining Files :

File Backups: - C:\DOCUME~1\HEIKKI~1\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 24 Jun 2004 2,932 A..H. --- "C:\WINDOWS\system32\aurl.dat.tmp"
Sat 15 Mar 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 15 Aug 2003 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Fri 15 Aug 2003 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"

Finished!

Hujo · Mar 15, 2008

scannaa uusi hjt:n loki

EmppuKZ · Mar 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:42, on 15.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
D:\AVAST!\aswUpdSv.exe
D:\AVAST!\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\AVAST!\ashMaiSv.exe
D:\AVAST!\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\Icon Text Manager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\AVAST!\ashDisp.exe
G:\Ohjelmatiedostot\Winamp\Winampa.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
G:\Last.fm\LastFMHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.fi/client
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jippii.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {197D1ADE-33D4-4B01-80D2-50FF25D442E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Icon Text Manager] C:\WINDOWS\System32\Icon Text Manager.exe
O4 - HKLM\..\Run: [CloneCDTray] "H:\clone cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\AVAST!\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Ohjelmatiedostot\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WindowsUpdate52961[1].exe
O4 - Global Startup: Last.fm Helper.lnk = G:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Ohjelmatiedostot\Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\AVAST!\aswUpdSv.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\Macro Scheduler\autologonsvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - D:\AVAST!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\AVAST!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\AVAST!\ashWebSv.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\Macro Scheduler\msschedsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7364 bytes

Hujo · Mar 15, 2008

scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {197D1ADE-33D4-4B01-80D2-50FF25D442E7} - (no file)
O3 - Toolbar: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WindowsUpdate52961[1].exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

sammuta ja käynnistä

==============

Onkos irki poistettu ja Torrent poistettu koneelta

==========

Uusi hjt:n loki

EmppuKZ · Mar 15, 2008

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 11:57:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="G:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,0e,2b,f1,aa,7b,3d,65,5f,39,b5,3f,04,09,c5,e6,b1,8d,01,e4,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5f,67,8a,12,e4,09,56,1c,33,87,4f,07,e1,85,74,7a,81,..
"khjeh"=hex:cd,4c,71,42,c5,77,d5,8c,4f,2f,41,0d,53,06,27,25,66,c8,42,ab,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,fd,68,20,b1,bc,e4,55,a2,95,bb,77,58,bb,aa,29,1a,92,ac,e7,d1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="G:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,0e,2b,f1,aa,7b,3d,65,5f,39,b5,3f,04,09,c5,e6,b1,8d,01,e4,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5f,67,8a,12,e4,09,56,1c,33,87,4f,07,e1,85,74,7a,81,..
"khjeh"=hex:cd,4c,71,42,c5,77,d5,8c,4f,2f,41,0d,53,06,27,25,66,c8,42,ab,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,fd,68,20,b1,bc,e4,55,a2,95,bb,77,58,bb,aa,29,1a,92,ac,e7,d1,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

EmppuKZ · Mar 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:54, on 15.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
D:\AVAST!\aswUpdSv.exe
D:\AVAST!\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\AVAST!\ashMaiSv.exe
D:\AVAST!\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\Icon Text Manager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\AVAST!\ashDisp.exe
G:\Ohjelmatiedostot\Winamp\Winampa.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
G:\Last.fm\LastFMHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.fi/client
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jippii.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Icon Text Manager] C:\WINDOWS\System32\Icon Text Manager.exe
O4 - HKLM\..\Run: [CloneCDTray] "H:\clone cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\AVAST!\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Ohjelmatiedostot\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WindowsUpdate52961[1].exe
O4 - Global Startup: Last.fm Helper.lnk = G:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Ohjelmatiedostot\Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\AVAST!\aswUpdSv.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\Macro Scheduler\autologonsvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - D:\AVAST!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\AVAST!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\AVAST!\ashWebSv.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\Macro Scheduler\msschedsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6741 bytes

EmppuKZ · Mar 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:54, on 15.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
D:\AVAST!\aswUpdSv.exe
D:\AVAST!\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\AVAST!\ashMaiSv.exe
D:\AVAST!\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\Icon Text Manager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\AVAST!\ashDisp.exe
G:\Ohjelmatiedostot\Winamp\Winampa.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
G:\Last.fm\LastFMHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.habbo.fi/client
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jippii.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Icon Text Manager] C:\WINDOWS\System32\Icon Text Manager.exe
O4 - HKLM\..\Run: [CloneCDTray] "H:\clone cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\AVAST!\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Ohjelmatiedostot\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WindowsUpdate52961[1].exe
O4 - Global Startup: Last.fm Helper.lnk = G:\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Ohjelmatiedostot\Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\AVAST!\aswUpdSv.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\Macro Scheduler\autologonsvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - D:\AVAST!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\AVAST!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\AVAST!\ashWebSv.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\Macro Scheduler\msschedsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6741 bytes

Hujo · Mar 15, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=============

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u5

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==============

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

===========

SP2 koneelle

EmppuKZ · Mar 15, 2008

ComboFix 08-03-14.4 - Heikki Haanpää 2008-03-15 12:56:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1035.18.28 [GMT 2:00]
Running from: D:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ncase.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-15 to 2008-03-15 )))))))))))))))))
.

2008-03-15 11:50 . 2005-03-02 20:21 561,664 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-03-15 11:49 . 2008-03-15 11:49 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-03-15 11:47 . 2002-11-14 19:59 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-03-15 11:47 . 2002-11-14 19:59 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-03-15 11:47 . 2002-11-14 19:47 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-03-14 21:46 . 2008-03-14 10:32 <KANSIO> d----c--- C:\SDFix
2008-03-14 21:02 . 2008-03-14 21:02 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-03-14 14:24 . 2008-03-14 14:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 14:21 . 2008-03-14 14:21 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 13:58 . 2008-03-14 13:58 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-03-12 21:44 . 2002-08-29 01:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-05-25 16:24 19,488 -c--a-w C:\Documents and Settings\Heikki Haanpää\Application Data\GDIPFONTCACHEV1.DAT
2003-04-16 19:47 461 -c--a-w C:\Program Files\INSTALL.LOG
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClockSync"="C:\PROGRA~1\CLOCKS~1\Sync.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDElbyCDFL"="D:\CloneCD\ElbyCheck.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 19:04 196608]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 13:16 741376 C:\WINDOWS\system32\nwiz.exe]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2001-11-07 14:43 147456]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Icon Text Manager"="C:\WINDOWS\System32\Icon Text Manager.exe" [2000-02-08 15:37 32768]
"CloneCDTray"="H:\clone cd\CloneCD\CloneCDTray.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="D:\AVAST!\ashDisp.exe" [2007-12-04 15:00 79224]
"WinampAgent"="G:\Ohjelmatiedostot\Winamp\Winampa.exe" [2003-04-02 04:20 12288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 14:13 13312]

C:\Documents and Settings\Heikki Haanp„„\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
WindowsUpdate52961[1].exe [2004-10-31 10:39:56 0]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Last.fm Helper.lnk - G:\Last.fm\LastFMHelper.exe [2007-12-02 17:09:10 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\System32\Drivers\mchInjDrv.sys [2007-12-06 17:06]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-11-16 15:16]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\System32\drivers\SSHDRV65.sys [2004-04-19 17:11]
R1 SSHDRV77;SSHDRV77;C:\WINDOWS\System32\drivers\SSHDRV77.sys [2004-04-20 15:15]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 12:41]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
R3 WFsys;WinFox Control I/O Driver;C:\WINDOWS\System32\DRIVERS\wfsys.sys [2002-04-22 15:15]
S3 AutoLogon;Auto Logon Service;C:\Program Files\Macro Scheduler\autologonsvc.exe []
S3 ldiskl;ldiskl;C:\DOCUME~1\HEIKKI~1\LOCALS~1\Temp\ldiskl.sys []
S3 mschedsvc;Macro Scheduler Service;C:\Program Files\Macro Scheduler\msschedsvc.exe []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-15 09:56:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-13 01:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-15 10:58:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 12:59:04
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-15 13:02:29
ComboFix-quarantined-files.txt 2008-03-15 11:02:05

Hujo · Mar 15, 2008

jatka ja laita viimisenä uusi hjt:n loki

EmppuKZ · Mar 15, 2008

Se java lataus ei toimi : Notice: We're Offline for System Upgrades

Our site is currently offline for maintenance. We ask that you please try again later. Be assured that we continue enhancing our system in order to provide you with the best possible service.

We appreciate your patronage and patience. otanko jonku toisen ?

Hujo · Mar 15, 2008

Linkki ota tästä

EmppuKZ · Mar 15, 2008

Tälläi tuli ku yritin asentaa sit javaa , Error-Java(TM) Update : Neither Command line parameter specified is an existing . . . ,
ku painoin Ok tuli : Update fails to apply changes to your system , eli mitä teen ?

EmppuKZ · Mar 15, 2008

Niin mitä teen ?

EmppuKZ · Mar 15, 2008

Hujoo ?

Hujo · Mar 15, 2008

niin tuo linkki minkä tuossa ylhäällä on eikö siintäkään onnistu.

EmppuKZ · Mar 15, 2008

onnistu , mut ku asensin sitä tuli error..

Hujo · Mar 15, 2008

onkos tuola C:\Program Files\Java kansio

Log in or Sign up

HJT LOGI

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

EmppuKZ Member

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

EmppuKZ Member

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

Share This Page

Log in or Sign up

HJT LOGI

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

EmppuKZ Member

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

EmppuKZ Member

EmppuKZ Member

EmppuKZ Member

Hujo Guest

EmppuKZ Member

Hujo Guest

Share This Page

Useful Searches