Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:51, on 29.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\wupeng.exe C:\Program Files\MalwareCrush\MalwareCrush.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AdVantage\AdVantage.exe C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\MalwareCrush\MalwareCrush.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BurstWriting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Application Data\services\services.dll O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: mxlivemedia browser optimizer - {313f3f39-9828-4d1b-63bd-edabd51a5427} - C:\WINDOWS\system32\lpqcwdkydfr.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [{ca14e1d6-18cc-b01c-e7b3-55901c1ee528}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lpqcwdkydfr.dll" DllStart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Suorita Nintendo Wi-Fi USB Connector -rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 8143 bytes
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
ComboFix logi: ComboFix 08-08-28.06 - Tero Ranta 2008-08-29 16:49:58.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.168 [GMT 3:00] Running from: C:\Documents and Settings\Tero Ranta\Työpöytä\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jaana Kinnari\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\#SharedObjects\8T7DL88Q\bin.clearspring.com C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\#SharedObjects\8T7DL88Q\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\#SharedObjects\8T7DL88Q\interclick.com C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\#SharedObjects\8T7DL88Q\interclick.com\ud.sol C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Tero Ranta\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Tero Ranta\Cookies\tero ranta@ad.yieldmanager[3].txt C:\Documents and Settings\Tero Ranta\Käynnistä-valikko\MalwareCrush 3.7.lnk C:\Documents and Settings\Tero Ranta\Käynnistä-valikko\Ohjelmat\MalwareCrush C:\Documents and Settings\Tero Ranta\Käynnistä-valikko\Ohjelmat\MalwareCrush\MalwareCrush 3.7 Website.lnk C:\Documents and Settings\Tero Ranta\Käynnistä-valikko\Ohjelmat\MalwareCrush\MalwareCrush 3.7.lnk C:\Documents and Settings\Tero Ranta\Käynnistä-valikko\Ohjelmat\MalwareCrush\Uninstall MalwareCrush 3.7.lnk C:\Program Files\MalwareCrush C:\Program Files\MalwareCrush\blacklist.txt C:\Program Files\MalwareCrush\Lang\English.ini C:\Program Files\MalwareCrush\MalwareCrush.exe C:\Program Files\MalwareCrush\MalwareCrush.url C:\Program Files\MalwareCrush\msvcp71.dll C:\Program Files\MalwareCrush\msvcr71.dll C:\Program Files\MalwareCrush\ref.dat C:\Program Files\MalwareCrush\uninst.exe C:\WINDOWS\system32\lpqcwdkydfr.dll C:\WINDOWS\system32\vsdatant.sys C:\WINDOWS\system32\wupeng.exe C:\WINDOWS\Temp\log.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VSDATANT -------\Service_vsdatant ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-28 to 2008-08-29 ))))))))))))))))) . 2008-08-29 16:44 . 2008-08-29 16:44 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-08-28 22:55 . 2008-08-28 22:55 71,168 --a------ C:\WINDOWS\system32\msvbcr40.dll 2008-08-28 22:48 . 2008-08-28 22:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SoftLand Ltd 2008-08-28 22:48 . 2008-08-28 22:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-28 22:48 . 2008-08-28 22:48 64,362 --a------ C:\WINDOWS\system32\lblkgdmnxwuxwgep.exe 2008-08-23 19:47 . 2008-08-23 19:47 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-08-04 12:46 . 2008-08-04 12:46 <KANSIO> d--hs---- C:\FOUND.007 . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-14 08:10 --------- d-----w C:\Documents and Settings\Tero Ranta\Application Data\ScanSoft 2008-07-14 08:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-14 08:09 --------- d-----w C:\Program Files\ScanSoft 2008-07-14 08:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared 2008-07-14 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-07-14 08:06 --------- d-----w C:\Program Files\ArcSoft 2008-07-14 08:04 --------- d--h--w C:\Program Files\CanonBJ 2008-07-14 08:03 --------- d-----w C:\Program Files\Canon 2008-07-14 08:01 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-13 06:49 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-07-13 06:49 --------- d-----w C:\Program Files\Hamachi 2008-07-13 06:49 --------- d-----w C:\Documents and Settings\Tero Ranta\Application Data\Hamachi 2008-07-13 06:41 --------- d-----w C:\Program Files\DuelMasters 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 16:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 18:12 884176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49 40960] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05 339968] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 15:29 32768] "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-19 14:45 69632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 10:47 245760] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 11:41 81920] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152] "eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-12-09 08:30 35328] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 16:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 15:18] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46] R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys [] *Newly Created Service* - INT15.SYS . - - - - ORPHANS REMOVED - - - - HKLM-Run-{ca14e1d6-18cc-b01c-e7b3-55901c1ee528} - C:\WINDOWS\system32\lpqcwdkydfr.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tero Ranta\Application Data\Mozilla\Firefox\Profiles\ugh5e7w1.default\ FF -: plugin - C:\Documents and Settings\Tero Ranta\Application Data\Mozilla\Firefox\Profiles\ugh5e7w1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 16:53:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\WINDOWS\SYSTEM32\WLTRAY.EXE C:\PROGRAM FILES\WIFICONNECTOR\NINTENDOWFCREG.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE . ************************************************************************** . Completion time: 2008-08-29 16:54:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-29 13:54:26 Pre-Run: 26,030,866,432 tavua vapaana Post-Run: 27,609,464,832 tavua vapaana 194 --- E O F --- 2008-08-13 06:11:07
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O2 - BHO: BurstWriting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Application Data\services\services.dll O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll O2 - BHO: mxlivemedia browser optimizer - {313f3f39-9828-4d1b-63bd-edabd51a5427} - C:\WINDOWS\system32\lpqcwdkydfr.dll O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h O4 - HKLM\..\Run: [{ca14e1d6-18cc-b01c-e7b3-55901c1ee528}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lpqcwdkydfr.dll" DllStart O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti *
ComboFix 08-08-31.01 - Tero Ranta 2008-09-01 18:50:47.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.231 [GMT 3:00] Running from: C:\Documents and Settings\Tero Ranta\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Tero Ranta\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\All Users\Application Data\services\services.dll C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe C:\WINDOWS\system32\lblkgdmnxwuxwgep.exe C:\WINDOWS\system32\lpqcwdkydfr.dll C:\WINDOWS\system32\msvbcr40.dll . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\services . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-01 to 2008-09-01 ))))))))))))))))) . 2008-08-30 16:37 . 2008-08-30 16:37 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-29 16:57 . 2008-08-29 16:57 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-29 16:57 . 2008-08-29 16:57 <KANSIO> d-------- C:\Documents and Settings\Tero Ranta\Application Data\Malwarebytes 2008-08-29 16:57 . 2008-08-29 16:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-29 16:57 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-29 16:57 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-29 16:44 . 2008-08-29 16:44 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-08-23 19:47 . 2008-08-23 19:47 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-08-04 12:46 . 2008-08-04 12:46 <KANSIO> d--hs---- C:\FOUND.007 . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-14 08:10 --------- d-----w C:\Documents and Settings\Tero Ranta\Application Data\ScanSoft 2008-07-14 08:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-14 08:09 --------- d-----w C:\Program Files\ScanSoft 2008-07-14 08:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared 2008-07-14 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-07-14 08:06 --------- d-----w C:\Program Files\ArcSoft 2008-07-14 08:04 --------- d--h--w C:\Program Files\CanonBJ 2008-07-14 08:03 --------- d-----w C:\Program Files\Canon 2008-07-14 08:01 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-13 06:49 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-07-13 06:49 --------- d-----w C:\Program Files\Hamachi 2008-07-13 06:49 --------- d-----w C:\Documents and Settings\Tero Ranta\Application Data\Hamachi 2008-07-13 06:41 --------- d-----w C:\Program Files\DuelMasters 2008-07-13 06:37 42,622,181 ------w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-29_16.54.03.67 ))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 16:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 18:12 884176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49 40960] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05 339968] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 15:29 32768] "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-19 14:45 69632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 10:47 245760] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 11:41 81920] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152] "eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-12-09 08:30 35328] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 16:00 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Suorita Nintendo Wi-Fi USB Connector -rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-01-14 18:57:37 1073152] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 15:18] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46] R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys [] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 18:52:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-01 18:52:44 ComboFix-quarantined-files.txt 2008-09-01 15:52:42 ComboFix2.txt 2008-08-29 13:54:30 Pre-Run: 27,053,326,336 tavua vapaana Post-Run: 27,042,971,648 tavua vapaana 149 --- E O F --- 2008-08-13 06:11:07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:58:30, on 1.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Suorita Nintendo Wi-Fi USB Connector -rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6606 bytes
Javan päivitys ja välimuistin tyhjennys: Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: * Applications and Applets * Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
