mozillalla surffaillessa eplorer aukeaa ja syytää vaikka mitä mainoksia yms.

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by juha3105, Nov 30, 2008.

  1. juha3105

    juha3105 Guest

    eli joku pöpö on koneella... oon googlettanut ja ajanut vaikka mitä ohjelmia läpi.nyt ei mikään ohjelma löydä mitään mutta silti vaan pomppii mainokset. järjestelmän palauttaminen on ollut pois päältä jo jonkun aikaa. nyt saa auttaa miestä mäessä tai kohta on kone mäessä!

    ja tossa olis loki hijackiltä

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53:15, on 30.11.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\Acer TV-FM\PCMService.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web01.ifi.fi/Webupload/app_support/ActiveX/IfiUploader.cab
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
    O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172639833453
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O20 - AppInit_DLLs: qocldt.dll uhpvku.dll txozzo.dll tomiaj.dll zqtabe.dll wzhbgd.dll wmlikg.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11297 bytes
     
    juha3105, Nov 30, 2008
    #1
  2. juha3105

    juha3105 Guest

    niin ja tosta vielä malwaren loki perään

    Malwarebytes' Anti-Malware 1.30
    Tietokantaversio: 1306
    Windows 5.1.2600 Service Pack 3

    29.11.2008 17:41:13
    mbam-log-2008-11-29 (17-41-13).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 115287
    Kulunut aika: 50 minute(s), 54 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 3
    Saastuneita rekisteriavaimia: 14
    Saastuneita rekisteriarvoja: 3
    Saastuneita rekisterikohteita: 6
    Saastuneita hakemistoja: 1
    Saastuneita tiedostoja: 13

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\aiearkiv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\rqRJYrPI.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\hgGYSjgG.dll (Trojan.Vundo.H) -> Delete on reboot.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{946f1049-d421-4329-ae84-69f286365eeb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{946f1049-d421-4329-ae84-69f286365eeb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggysjgg (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0} (Rogue.SpyHeal) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\DLP.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c041f44a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\ (Adware.WebDir) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrjyrpi -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdtri.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrjyrpi -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5ffdc977-cfcc-4023-a645-6e81fb77c384}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.113;85.255.112.73 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5ffdc977-cfcc-4023-a645-6e81fb77c384}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.113;85.255.112.73 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5ffdc977-cfcc-4023-a645-6e81fb77c384}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.113;85.255.112.73 -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    C:\resycled (Trojan.DNSChanger) -> Delete on reboot.

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\rqRJYrPI.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\IPrYJRqr.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\IPrYJRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGYSjgG.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\aiearkiv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vikraeia.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gbebbdfs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sfdbbebg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nljcudig.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\giducjln.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kdtri.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
    C:\WINDOWS\system32\urqNGxur.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.


    tänään viimeksi kun ajoin kasa päin noita ohjelmia läpi niin kaikki väittäs konetta puhtaaksi
     
    juha3105, Nov 30, 2008
    #2
  3. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    Spyware Terminator


    Poiata kansio vikasiedossa

    C:\Program Files\Spyware Terminator

    ================

    1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
    Combofix1
    Combofix2

    2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    =============

    scannaa viimisenä uusi hjt:n loki
     
    Last edited by a moderator: Nov 30, 2008
    Hujo, Nov 30, 2008
    #3
  4. juha3105

    juha3105 Guest

    tossa on combon logi

    ComboFix 08-11-30.01 - Päivi ja Juha 2008-12-01 8:44:00.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.159 [GMT 2:00]
    Sijainti: c:\documents and settings\Päivi ja Juha\Työpöytä\ComboFix.exe
    * Uusi palautuspiste luotu
    * Resident AV is active


    VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\dnbywnpe.ini
    c:\windows\system32\jgscbxdk.dll
    c:\windows\system32\jrgpbmvy.dll
    c:\windows\system32\lkjumlap.dll
    c:\windows\system32\micr0st.dll
    c:\windows\system32\njrypqdo.dll
    c:\windows\system32\pejubpxv.dll
    c:\windows\system32\qdtdmxpn.dll
    c:\windows\system32\qravmxai.dll
    c:\windows\system32\qugtnj.dll
    c:\windows\system32\wmlikg.dll
    D:\resycled
    d:\resycled\boot.com

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-01 to 2008-12-01 )))))))))))))))))
    .

    2008-11-30 20:29 . 2008-11-30 20:29 <KANSIO> d-------- c:\program files\Java
    2008-11-30 20:29 . 2008-11-30 20:29 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-30 20:29 . 2008-11-30 20:29 73,728 --a------ c:\windows\system32\javacpl.cpl
    2008-11-30 13:49 . 2008-11-30 13:49 <KANSIO> d-------- c:\program files\Trend Micro
    2008-11-30 11:29 . 2008-11-30 11:30 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy
    2008-11-30 11:29 . 2008-12-01 08:41 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-30 11:05 . 2004-09-15 22:00 18,944 --a------ c:\windows\system32\simptcp.dll
    2008-11-30 11:05 . 2004-09-15 22:00 18,944 --a------ c:\windows\system32\dllcache\simptcp.dll
    2008-11-29 18:30 . 2008-11-29 18:54 <KANSIO> d-------- C:\Lop SD
    2008-11-29 16:37 . 2008-11-29 16:37 <KANSIO> d-------- c:\documents and settings\Päivi ja Juha\Application Data\Malwarebytes
    2008-11-29 16:36 . 2008-11-29 16:37 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-29 16:36 . 2008-11-29 16:36 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-29 16:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-29 16:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-28 13:12 . 2008-11-28 13:12 <KANSIO> d-------- c:\program files\CCleaner
    2008-11-27 15:05 . 2008-11-27 15:05 <KANSIO> d-------- c:\documents and settings\Päivi ja Juha\Application Data\TrojanHunter
    2008-11-23 15:53 . 2008-11-23 15:53 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
    2008-11-22 22:22 . 2008-11-22 22:22 <KANSIO> d-------- c:\program files\Common Files\Invictus
    2008-11-19 10:46 . 2008-11-19 10:46 <KANSIO> d-------- c:\program files\Alcohol Soft
    2008-11-17 09:13 . 2008-11-22 23:20 <KANSIO> d-------- c:\program files\Activision Value
    2008-11-14 16:22 . 2008-10-24 13:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-14 16:18 . 2008-09-04 19:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-25 19:43 --------- d-----w c:\documents and settings\Päivi ja Juha\Application Data\uTorrent
    2008-11-25 16:50 --------- d-----w c:\documents and settings\Päivi ja Juha\Application Data\Lavasoft
    2008-11-21 11:14 --------- d-----w c:\program files\DC++
    2008-11-02 13:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-01 07:42 --------- d-----w c:\program files\Super DVD Ripper
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 16:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 15:27 1,846,656 ------w c:\windows\system32\dllcache\win32k.sys
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-15 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-15 455168]
    "PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-15 208952]
    "F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]
    "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-06-03 122929]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
    "AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-30 136600]
    "SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-10-12 45056]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    F-Secure Automatic Update.lnk - c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-10-12 32807]
    Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-10-12 262144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv31"= c:\windows\system32\ir32_32.dll
    "vidc.iv32"= c:\windows\system32\ir32_32.dll
    "VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
    "VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
    "VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
    "VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
    "VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
    "VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
    "VIDC.FFDS"= c:\progra~1\K-LITE~1\ffdshow\ff_vfw.dll
    "msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
    "msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
    "c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
    "c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "c:\\Program Files\\Activision Value\\Street Legal Racing Redline\\StreetLegal_Redline.exe"=
    "d:\\musaa\\PELIT\\Command&Conquer-Red_Alert_2\\Game.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-12 70224]
    R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2006-12-05 1984]
    R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-12 32807]
    R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2006-10-12 48720]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2006-10-12 46800]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2006-10-12 16848]
    S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\PIVIJA~1\LOCALS~1\Temp\Fadpu16E.sys []
    S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-23 27904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b69da51-59c4-11db-a92a-0016ec89eea0}]
    \Shell\AutoRun\command - J:\LaunchU3.exe
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

    2008-12-01 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2005-05-24 16:42]
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    HKLM-Run-NWEReboot - (no file)
    MSConfigStartUp-kdtri - c:\windows\system32\kdtri.exe


    .
    ------- Täydentävä tarkistus -------
    .
    FireFox -: Profile - c:\documents and settings\Päivi ja Juha\Application Data\Mozilla\Firefox\Profiles\h4ob4vs2.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fi
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-01 08:51:14
    Windows 5.1.2600 Service Pack 3 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\program files\Acer\Acer eConsole\MediaServerService.exe
    c:\acer\Empowering Technology\ePerformance\MemCheck.exe
    c:\windows\system32\drivers\CDANTSRV.EXE
    c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    c:\program files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
    c:\program files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    c:\program files\F-Secure\Anti-Virus\fsgk32.exe
    c:\program files\F-Secure\common\FSMA32.EXE
    c:\program files\F-Secure\Anti-Virus\fssm32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\F-Secure\common\FSMB32.EXE
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\F-Secure\common\FCH32.EXE
    c:\program files\F-Secure\Anti-Virus\fsqh.exe
    c:\program files\F-Secure\common\FAMEH32.EXE
    c:\program files\F-Secure\Anti-Virus\FSRW.exe
    c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe
    c:\program files\F-Secure\common\FNRB32.exe
    c:\program files\F-Secure\FWES\program\fsdfwd.exe
    c:\program files\F-Secure\common\FIH32.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\F-Secure\Anti-Virus\FSAV32.exe
    c:\progra~1\F-Secure\ANTI-S~1\FSAW.exe
    c:\program files\F-Secure\FSGUI\fsguidll.exe
    c:\program files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2008-12-01 9:00:31 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2008-12-01 07:00:24

    Ennen ajoa: 57 068 584 960 tavua vapaana
    Ajon jälkeen: 57,047,347,200 tavua vapaana

    229 --- E O F --- 2008-11-14 15:48:18




    ja tosta vielä hijack kyytipojaksi

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:23:43, on 1.12.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Acer TV-FM\PCMService.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web01.ifi.fi/Webupload/app_support/ActiveX/IfiUploader.cab
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
    O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172639833453
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11279 bytes
     
    juha3105, Dec 1, 2008
    #4
  5. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ===============

    Lataa Tästä Ccleaner
    CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
    Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    Asennuksen jälkeen aukaise CCleaneri.
    Valitse vasemmalta pystyrivistä Options.
    Valitse viereisestä pystyrivistä Settings.
    Language kohtaan valitse Suomi.

    Puhdistaja
    Valitse vasemmalta pystyrivistä Puhdistaja.
    Paina alhaalta Tutki.
    Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
    Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

    Rekisterin virheiden korjaus
    Valitse vasemmalta pystyrivistä Rekisteri.
    Paina alhaalta Etsi rekisterin virheitä.
    Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
    Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
    Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
    Saat vielä varmistus kysymyksen, paina Ok.
    Kun virheet on korjattu, paina Sulje.
    Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
     
    Hujo, Dec 1, 2008
    #5
  6. juha3105

    juha3105 Guest

    Tuhannet kiitokset gurulle ja iso käsipäivää.
    Tuntuu että kone ei ollu edes uutena näin reipas!

     
    juha3105, Dec 2, 2008
    #6

Share This Page