kaverin kone

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by p2pman, Aug 28, 2009.

  1. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    kaverin kone josta löyty alkuviikolla viruksia...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:29:49, on 28.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\stacsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\TuneUp Utilities 2009\DiskDoctor.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure\FSAUA\program\fsus.exe
    C:\Program Files\Trend Micro\HijackThis\g.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=91&bd=minipavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fi-FI\local\search.html
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5D8791-7166-41D2-9E39-4AB0D96E1B7E}: NameServer = 81.209.27.12,81.209.27.20
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 9583 bytes
     
    p2pman, Aug 28, 2009
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Eipä näy jämiäkään !!!!

    Lataa Atribunen ATF Cleaner

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.

    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

    ----------------------------------------------

    Skannaa koneesi Kaspersky Online Skannerilla

    * Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
    * Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
    * Kun lataus on valmis, klikkaa Settings.
    * Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases

    * Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
    * Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
    * Näet listan saastuneista kohteista. Klikkaa Save Report As....
    * Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

    * Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

    .
     
    kalminen, Aug 28, 2009
    #2
  3. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    ei onnistu kaspersky... jotain vaan valittaa että launch of the java application is interrupted....
     
    p2pman, Aug 28, 2009
    #3
  4. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Java tukeahan se kaipailee !!!

    Tämän pitäisi sitten mennä =>

    Tarkista koneesi F-Securen online skannerilla
    * Rastita I have read and accepted the license term ja paina install.

    * Jos käytät firefoxia, sinua pyydetään asentamaan F-securen lisäosa. Asenna se ja valitse
    "Käynnistä selain uudelleen" kun lisäosa on asennettu.
    * Jos käytät Internet Exploreria, sinua pyydetään asentamaan Active X komponentti, asenna se.

    * Paina Start. Sivusto lataa hetken ja F-secure Online Scanner -ikkuna aukeaa.
    * Valitse My scan ja paina sen alla Show option.
    * Valitse Select file types for scanning -kohtaan "all file types" ja rastita myös sen alla oleva "Scan inside compressed files (zip, rar, lzh, ...)" ja paina Ok.
    * Paina Start. Ohjelma lataa tarvittavat tiedostot ja aloittaa skannauksen. Skannauksessa voi kestää jonkin aikaa.
    * Kun skannaus valmis, varmista että Clean the files -kohdan merkki on kohdassa: "Automatically (recommended)" ja paina "Next".
    * Kun puhdistus on suoritettu paina "Full report...". Raportti aukeaa selaimeesi. Mene raportti sivulle ja paina Ctrl ja A maalataksesi koko sivuston tekstin ja paina Ctrl ja C kopioidaksesi maalatun tekstin.
    * Liitä F-securen skannaus raportti seuraavaan viestiisi painamalla Ctrl ja V vastaus kenttään.

    --
     
    kalminen, Aug 29, 2009
    #4
  5. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    Scanning Report
    Saturday, August 29, 2009 22:50:55 - 23:41:25
    Computer name: PC453592607129
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\


    --------------------------------------------------------------------------------

    No malware found

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 144685
    System: 2932
    Not scanned: 54
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0
    Files not scanned:
    C:\PAGEFILE.SYS
    C:\WINDOWS\TEMP\PERFLIB_PERFDATA_520.DAT
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\DOCUMENTS AND SETTINGS\TEMP\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\TEMP\NTUSER.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\TEMP\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\TEMP\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\X\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\X\NTUSER.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_3D0.DAT
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF14FD.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF27A1.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF27EA.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF68A7.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF15C0.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF7F0F.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF893A.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF894D.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF8B21.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF8B39.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF8C7F.TMP
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\TEMP\~DF8CE9.TMP
    C:\Documents and Settings\X\Local Settings\Temp\OnlineScanner\updates\aquawin32\emalware.353
    C:\Documents and Settings\X\Local Settings\Temp\OnlineScanner\updates\aquawin32\emalware.351
    C:\Documents and Settings\X\Local Settings\Temp\OnlineScanner\updates\aquawin32\emalware.352
    C:\Documents and Settings\X\Local Settings\Temp\OnlineScanner\updates\aquawin32\emalware.349
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\X\SHARINGMETADATA\PENDING.DAT
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\X\SHARINGMETADATA\WORKING\DATABASE_6AC_EC0C_689D_26EB\DFSR.DB
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\X\SHARINGMETADATA\WORKING\DATABASE_6AC_EC0C_689D_26EB\FSR.LOG
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\X\SHARINGMETADATA\WORKING\DATABASE_6AC_EC0C_689D_26EB\TMP.EDB
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{3A09B25E-94DB-11DE-B318-00242BAE5A4F}.DAT
    C:\DOCUMENTS AND SETTINGS\X\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{47B810CC-94DB-11DE-B318-00242BAE5A4F}.DAT
    C:\Documents and Settings\X\Application Data\Messenger Detect\UserData\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A313036315D.log\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A313036315D.log.tmp
    C:\Documents and Settings\X\Application Data\Messenger Detect\UserData\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A313036345D.log\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A313036345D.log.tmp
    C:\Documents and Settings\X\Application Data\Messenger Detect\UserData\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343639345D.log\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343639345D.log.tmp
    C:\Documents and Settings\X\Application Data\Messenger Detect\UserData\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343734315D.log\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343734315D.log.tmp
    C:\Documents and Settings\X\Application Data\Messenger Detect\UserData\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343734375D.log\2009-07-22_7063343533353932363037313239205B3139322E3136382E312E323A343734375D.log.tmp

    --------------------------------------------------------------------------------

    Options
    Scanning engines:
    Scanning options:
    Scan all files
    Scan inside archives
    Use advanced heuristics

    --------------------------------------------------------------------------------

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



    HijackThis vielä


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:59:54, on 29.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\stacsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\F-Secure\FSAUA\program\fsus.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\DOCUME~1\X~1\LOCALS~1\Temp\fsonlinescanner.exe
    C:\DOCUME~1\X~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    C:\DOCUME~1\X~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\TuneUpDefragService.exe
    C:\Program Files\Volumouse\volumouse.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Safari\Safari.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\g.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=91&bd=minipavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fi-FI\local\search.html
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5D8791-7166-41D2-9E39-4AB0D96E1B7E}: NameServer = 81.209.27.12,81.209.27.20
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 9522 bytes


    Taitaa kone olla puhdas?
     
    Last edited: Aug 15, 2010
    p2pman, Aug 29, 2009
    #5
  6. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Puhdasta on !!!
    :D
     
    kalminen, Aug 30, 2009
    #6
  7. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    juu kiitti :)
     
    p2pman, Aug 30, 2009
    #7

Share This Page