Koneessa jotain häikkää menee omille nettisivuille

Yritin mennä googlen kautta (http://www.bfbcs.com/)(Bad company 2 pelaajatiedot sivu). Selain yritti avata sivun (imagesackissa kuva)
Toisella kertaa tuli (h t t p/w w w1.security-masten53.co.co)Tää ohjelmisto joka on naamioitu näyttämään jonkunlaiselta viirus tarkistukselta. Lisäys vielä välillä kun klikkaa googlen tarjoomaa sivua niin ei mene sielle sivulle mille pitää vaan avaa uudestaan googlen aloitus sivun.

Selain jota käytän on Firefox 3.6.8 F-secure löysi pari päivä sitten windows temp kansiosta pari .tmp pääteistä viirusta. Toinen oli nwsoamecxr.tmp ja löytyy myös tuolta hjt logista.

Mites kannataa edetä

Hjt logi:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:09:10, on 15.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LCDATIInfo.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\Tommi\LOCALS~1\Temp\nwsoamecxr.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart -valitse - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SAMSUNG WiseLinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10567 bytes

 

.
Tämä sivu => http://www.bfbcs.com/ aukeaa ja on terveen kirjoissa !!!
(mulla ei ole accounttia tuonne)

Uudelleen ohjaus voi olla Serverilläkin (kaapattu).

Tämä varmuudeksi kuntoon =>

* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.


Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

-----------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

--------------------------------------------------------------------------

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.

Code:

:Processes
explorer.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]

* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\Tommi\LOCALS~1\Temp\nwsoamecxr.tmp
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

sekä sammuta ne.(fix Chekked) napista.

----------------------------------------------------

Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* OTMoveIt logi. raportti
* Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne.
* Testaile Auttoiko ???
*

 

Nonnii
Uusin logi hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:18, on 15.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LCDATIInfo.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart -valitse - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SAMSUNG WiseLinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9863 bytes

OTMovelt

OTMovelt raporttia en saanut koska se halusi käynnistää koneen uudestaan ja pelkkä ohjelma ikkuna oli auki niin ei pysynyt sitä kopioimaan.

Malwarebytes' Anti-Malware logi

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Tietokantaversio: 4433

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.8.2010 22:14:38
mbam-log-2010-08-15 (22-14-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistettuja kohteita: 441754
Kulunut aika: 1 tunti(a), 17 minuutti(a), 54 sekunti(a)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)

Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.

Saastuneita rekisteriarvoja:
(Ei haitallisia kohteita)

Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)

Saastuneita kansioita:
(Ei haitallisia kohteita)

Saastuneita tiedostoja:
D:\Lataukset\Power ISO v4.5\pwi.exe (Trojan.Agent) -> No action taken.
D:\Ohjelmat\ohjelmat\Norton Internet Security 2008\NIS081550SF.exe (Malware.Tool) -> No action taken.
D:\Pelit\EA GAMES\Command & Conquer 4 Tiberian Twilight\CNC4.exe (Hacktool.Gen) -> No action taken.
C:\Documents and Settings\Tommi\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.

Samaan aikaan kun toi ohjelma scannas tietokonetta läpi niin f-secure löysi kolme viirusta:FraudTool.Win32.AdwareRemover ja sitten kuvana kaksi

Nyt pääsin Googlen kautta sivulle.

Sitten ?

 

Vahinko tupla postaus :/
Eilen toimi hienosti, mutta menin tänään googlen kautta aamulehden sivuille niin tuli taas (h t t p/w w w1.security-masten53.co.co). Sitten kun kirjoitin suoraan osoite riviin osoitetteen niin sitten meni. Eli jotain häikkäää siellä vielä on.

 

.
Nuo kuvan kaapatut pöpöt oli =>

Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) puhdistetaan. Windows XP:ssä
(System Volume Information)

1 Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2 Valitse Properties/ominaisuudet (Järjestelmä)
3 Valitse System Restore/järjestelmän palauttaminen välilehti
4 Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5 Paina Apply/käytä
6 Paina OK
7 Käynnistä Tietokoneesi uudelleen

8 Laita System Restore taas päälle Kohdassa 4 ruxsi pois ruudusta.=> käytä => OK.

9 Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.

-------------------------------------------------------------

OTM logi löytyy => C:\_OTM kansiosta.

---------------------------------------------------------

Malwarebytes' Anti-Malware ei tainnut tehdä hommiansa => No action taken
Reilu tunti ja ruxit riveille. Poista kaikki.

-----------------------------------------------------

Voit kokeilla tekeekö se toisella selaimella samaa.

Muuten tämä näyttäisi ihan hyvältä

 

HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:04:36, on 17.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LCDATIInfo.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart -valitse - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SAMSUNG WiseLinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9737 bytes

OTM logi

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pete
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tommi
->Temp folder emptied: 748267 bytes
->Temporary Internet Files folder emptied: 9313785 bytes
->Java cache emptied: 467196 bytes
->FireFox cache emptied: 40207745 bytes
->Flash cache emptied: 7965 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2626240 bytes
%systemroot%\System32 .tmp files removed: 3238240 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 250435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20118838 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74,00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08152010_222815

Malwarebytes' Anti-Malware Nyt on poistettu kaikki

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Tietokantaversio: 4435

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

16.8.2010 14:02:20
mbam-log-2010-08-16 (14-02-20).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistettuja kohteita: 445356
Kulunut aika: 1 tunti(a), 49 minuutti(a), 31 sekunti(a)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)

Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)

Saastuneita rekisteriavaimia:
(Ei haitallisia kohteita)

Saastuneita rekisteriarvoja:
(Ei haitallisia kohteita)

Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)

Saastuneita kansioita:
(Ei haitallisia kohteita)

Saastuneita tiedostoja:
(Ei haitallisia kohteita)


System restore
Nyt on tyhjätty ja Tehty uusi palautuspiste. Tossa on vielä kaikki logit ja poistin ne sieltä Anti-Malwareenistä kaikki.
Tekee muuten molemmilla selaimilla internet exploreilla ja firefox uuden ohjaa noihin sivuihin explorer menee tohon toiseen ja firefox menee tohon huijaus viirustorjuntaan.
Mitäs sitten???

 

Tommonen valtasi koneen nyt http://img205.imageshack.us/i/centerok.jpg/
Vittu ihan sama mitä linkki painat googlesta tai jostain sivusta niin aina menee väärille sivuille javaa käytti hyväkseen että pysty asentuun. Ajoin uudestaan Malwaren ja löysi ton ja poisti, ajoin spyware doctorin löysi 3 trojalaista. eli kyllä niitä siellä enemmäkin on vieläkin Koska menee kumpaa tahansa selainta käytän ja jos haen jonkun hakukoneen kautta niin mitä tahansa niin ei mee sinne minne pitää, mutta jos kirjoitain osoitteen suoraan osoiteriviin niin homma toimii ok postasin tämän viestin 17.08:4.28 ja afterdawn oma kello on maanantai 16.8.2010 20:26 ???? ei kellon ajat täsmää.

Uusin hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:01, on 17.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LCDATIInfo.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Voddler\service\voddler.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SAMSUNG WiseLinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9440 bytes

Combofix löysi kaikkee kivaa

ComboFix 10-08-16.03 - Tommi 17.08.2010 5:19.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.3327.2723 [GMT 3:00]
Sijainti: c:\documents and settings\Tommi\Työpöytä\Combo-Fix.exe
AV: F-Secure Client Security 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tommi\Application Data\inst.exe
c:\documents and settings\Tommi\Local Settings\Application Data\Windows Server
c:\documents and settings\Tommi\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Tommi\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Tommi\Local Settings\Application Data\Windows Server\uses32.dat

Saastunut kopio tiedostosta c:\windows\system32\winlogon.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\windows\ServicePackFiles\i386\winlogon.exe

Saastunut kopio tiedostosta c:\windows\explorer.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2010-07-17 to 2010-08-17 )))))))))))))))))
.

2010-08-16 23:12 . 2010-08-16 23:12 -------- d-----w- c:\documents and settings\LocalService\Työpöytä
2010-08-16 22:59 . 2010-08-16 22:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-15 19:28 . 2010-08-15 19:28 -------- d-----w- C:\_OTM
2010-08-15 17:54 . 2010-08-15 17:54 -------- d-----w- c:\documents and settings\Tommi\Application Data\Malwarebytes
2010-08-15 17:53 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 17:53 . 2010-08-15 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 17:53 . 2010-08-15 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 17:53 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 11:08 . 2010-08-15 11:08 388096 ----a-r- c:\documents and settings\Tommi\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 11:08 . 2010-08-15 11:08 -------- d-----w- C:\HJT
2010-08-09 02:07 . 2010-08-11 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2010-08-09 01:57 . 2010-08-09 01:57 49152 ----a-r- c:\documents and settings\Tommi\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-08-01 21:55 . 2010-08-01 21:55 -------- d-----w- c:\program files\Common Files\DirectX
2010-07-30 15:28 . 2010-07-30 15:36 -------- d-----w- c:\documents and settings\Tommi\Application Data\Mount&Blade Warband
2010-07-30 09:01 . 2010-07-30 09:01 -------- d-----w- c:\program files\Lavalys
2010-07-30 01:11 . 2010-05-12 13:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-30 01:11 . 2010-07-30 01:11 -------- d-----w- c:\program files\ffdshow
2010-07-30 00:37 . 2010-07-30 00:37 -------- d-----w- c:\documents and settings\Tommi\Application Data\VDownloader
2010-07-30 00:36 . 2010-07-30 11:34 -------- d-----w- c:\program files\VDownloader
2010-07-30 00:23 . 2010-07-30 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2010-07-30 00:23 . 2010-02-10 13:18 201616 ----a-w- c:\program files\Common Files\AskInstallChecker.exe
2010-07-24 19:35 . 2010-07-24 19:35 -------- d-----w- c:\documents and settings\Tommi\Local Settings\Application Data\LAG
2010-07-24 19:35 . 2010-07-24 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\LAG
2010-07-23 23:08 . 2010-07-23 23:08 -------- d-----w- c:\program files\TeamViewer
2010-07-23 22:49 . 2010-07-23 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-07-18 16:29 . 2010-08-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-18 16:29 . 2010-07-18 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 00:51 . 2010-06-02 10:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 00:50 . 2008-10-06 23:51 -------- d-----w- c:\documents and settings\Tommi\Application Data\Media Player Classic
2010-08-17 00:42 . 2010-02-22 01:56 -------- d-----w- c:\program files\Audiconverter
2010-08-16 23:03 . 2008-12-07 04:17 -------- d-----w- c:\documents and settings\Tommi\Application Data\uTorrent
2010-08-16 23:00 . 2008-09-20 09:46 -------- d-----w- c:\program files\Utorrent
2010-08-16 22:01 . 2010-04-06 23:54 -------- d-----w- c:\program files\Cheat Engine
2010-08-16 19:36 . 2008-10-23 12:14 -------- d-----w- c:\program files\Steam
2010-08-16 13:44 . 2004-09-15 12:00 92132 ----a-w- c:\windows\system32\perfc00B.dat
2010-08-16 13:44 . 2004-09-15 12:00 430372 ----a-w- c:\windows\system32\perfh00B.dat
2010-08-15 17:26 . 2008-09-17 16:55 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 13:24 . 2008-09-17 16:55 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-11 11:39 . 2010-03-15 20:21 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-06 02:43 . 2010-02-12 11:52 -------- d-----w- c:\program files\World of Warcraft
2010-08-04 01:03 . 2010-07-11 01:33 339008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-01 21:45 . 2009-09-05 00:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-30 08:46 . 2008-09-15 22:10 -------- d-----w- c:\program files\SpeedFan
2010-07-29 12:20 . 2009-08-02 17:23 -------- d-----w- c:\documents and settings\Tommi\Application Data\Xfire
2010-07-29 12:09 . 2009-08-02 17:22 -------- d-----w- c:\program files\Xfire
2010-07-24 19:35 . 2009-08-15 01:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 11:57 . 2010-07-10 03:22 -------- d-----w- c:\documents and settings\Tommi\Application Data\ImgBurn
2010-07-23 22:44 . 2008-12-15 09:30 -------- d-----w- c:\program files\ATI Technologies
2010-07-17 07:29 . 2010-07-17 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-07-15 20:32 . 2008-09-30 23:11 -------- d-----w- c:\program files\CCleaner
2010-07-15 20:29 . 2010-07-15 20:22 -------- d-----w- c:\documents and settings\Tommi\Application Data\TeamViewer
2010-07-13 12:09 . 2009-07-02 16:43 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-07-10 03:21 . 2010-07-10 03:21 -------- d-----w- c:\program files\ImgBurn
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-06-30 17:34 . 2010-06-30 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-30 17:24 . 2009-07-02 16:24 -------- d-----w- c:\program files\F-Secure
2010-06-30 12:32 . 2004-09-15 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:26 . 2004-09-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-09-15 12:00 1852160 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-09-15 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-09-15 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-15 20:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-09-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 01:55 . 2010-06-09 22:07 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 01:55 . 2010-06-09 22:07 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 01:55 . 2010-06-09 22:07 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 08:41 . 2010-06-09 22:07 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 08:41 . 2010-06-09 22:07 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 08:41 . 2010-06-09 22:07 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 08:41 . 2010-06-09 22:07 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 08:41 . 2010-06-09 22:07 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-25 08:42 . 2010-05-25 08:42 680 ---ha-w- c:\documents and settings\Tommi\hpothb07.dat
2010-05-20 22:30 . 2010-05-20 22:27 47360 ----a-w- c:\documents and settings\Tommi\Application Data\pcouffin.sys
2010-05-20 22:30 . 2010-05-20 22:27 47360 ----a-w- c:\documents and settings\Tommi\Application Data\pcouffin.sys
2010-05-20 22:27 . 2010-05-20 22:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-19 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-02 04:00 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 16:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 18:17 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 13:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 16:40 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoddlerNet Manager]
2010-05-19 12:22 579784 ----a-w- c:\program files\Voddler\service\VNetManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Pelit\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Pelit\\cs1.6\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Ohjelmat\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"d:\\Ohjelmat\\RevConnect\\DCPlusPlus.exe"=
"c:\\Program Files\\Utorrent\\utorrent.exe"=
"d:\\Pelit\\Red Alert 3\\Data\\ra3_1.0.game"=
"d:\\Pelit\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Pelit\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Pelit\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\jamppafin\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Pelit\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Pelit\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Pelit\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\pelit\Combat Arms EU\CombatArms.exe"= d:\pelit\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"d:\pelit\Combat Arms EU\Engine.exe"= d:\pelit\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"d:\\Pelit\\Combat Arms EU\\NMService.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Pelit\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Voddler\\service\\voddler.exe"=
"c:\\Program Files\\Steam\\SteamApps\\jamppafin\\zombie panic! source\\hl2.exe"=
"d:\\Pelit\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Pelit\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26.9.2008 14:40 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2.7.2009 19:43 41256]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2.7.2009 19:25 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2.7.2009 19:25 67808]
R2 WiselinkPro;SAMSUNG WiseLinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [17.2.2010 18:19 3007488]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2.7.2009 19:24 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2.7.2009 19:25 55904]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [14.7.2009 16:35 19720]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys --> c:\windows\system32\DRIVERS\mv61xx.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.7.2009 2:22 1684736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.12.2009 22:42 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.12.2009 22:42 8320]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 17:33 13952]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26.9.2008 14:40 160640]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2.7.2009 19:24 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2.7.2009 19:24 25184]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2009 19:29 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8222346266.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Tommi\Application Data\Mozilla\Firefox\Profiles\zdc2eqy4.default\
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Voddler\plugin\npvoddler.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe



**************************************************************************
tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot:

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-220523388-706699826-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:9e,eb,0e,47,e3,7a,8d,24,2a,b2,68,92,61,c9,cf,8c,51,3a,a4,42,9e,6e,87,
74,12,36,69,b0,e0,6f,26,85,7a,63,04,9e,52,dd,22,47,54,a8,19,b7,f2,1d,4c,02,\
"??"=hex:85,b4,f4,b7,17,71,a1,49,db,f3,f4,06,bd,42,62,e6

[HKEY_USERS\S-1-5-21-220523388-706699826-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:42,8e,0b,6a,95,a8,32,b4,58,8c,55,c4,c6,28,3f,1c,24,0f,63,5e,ca,
52,18,cc,c8,d0,2a,0e,8b,e7,d6,a9,9f,01,94,82,60,4f,d9,a0,b8,9a,3b,08,4e,ec,\
"rkeysecu"=hex:41,b7,e7,11,0f,92,c5,62,9a,b6,48,4d,bd,e4,39,48

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4020)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Voddler\service\voddler.exe
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\F-Secure\FSGUI\fsguidll.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Teamspeak2_RC2\G15_TeamSpeak\G15_TeamSpeak.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Logitech\GamePanel Software\G-series Software\LCDATIInfo.exe
c:\program files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\program files\F-Secure\FSGUI\fsavgui.exe
.
**************************************************************************
.
Valmistumisajankohta: 2010-08-17 05:27:19 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2010-08-17 02:27

Ennen ajoa: 43 690 971 136 tavua vapaana
Ajon jälkeen: 43 650 056 192 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D6F5FFF726F11A1A1E505B2A2DE5284C

 

.
Yxi kuva kertoo enemmän kuin tuhat sanaa !!!

Privacy Center on pahemmanlaatuinen Rogue (virus)
mukamas codekki videoille HI HI

Mistä tuo on tullut, kun logeilla ei näy mitään ???

Oliko ComboFixin ajon jälkeen parannusta ???

 

Java asensi sen tota ohjetta käyntin että sain pois http://www.bleepingcomputer.com/virus-removal/remove-privacy-center

On nyt menee suoraan hakukoneiden kautta sinne minne pitääkin eli auttoi jonkun verran. Oli explorer.exe ja winlogon saastuneet sen verran tajusin ton combofix raportista. Nyt menee tosiaan oikeille sivuille mutta oikee aika on nyt 17:07 kun tämän viestin laitan niin afterdawn kello on sielti 09:07 Milläs kannattai varmistaaa vielä että sais varmasti kaikki pöpöt pois kerralla

 

*************************************************************

Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

**********************************************************

Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

*************************************************************

Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTM.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

------------------------------------------------------------

Varmistetaan tällä =>

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi
* jos se löyti jotain

.

 

Joo o nyt on puhdas Format c: Laitoin Windows 7 Kun on jo siihen pitänyt jonkin aikaa siirtyä. Otin vaan parit tärkeät tiedostot c:asemalta talteen. Mutta kiitos sulle vaivannäöstä. Aatelin että on parempi ratkaisu kun niitä trojalaisia vaan löyty joka kerta kun jollain haku ohjelma niitä haki