Ongelmia koneessa HJT-logi (OK)

Onko adbrite vaaraksi, jos käyttää pankkiyhteyksiä?

Täytyykö Vistalla joka kerta mennä vikasietotilaan vai riittääkö kirjautuminen järjestelmänvalvojana.

AVG 8 löysi ja poisti adbriten tuomia tiedostoja, mutta Firefox 3 selaimen etusivu oli edelleen vaihtunut.

Ajoin Smitfraudfixin ja tein siivouksen sillä.

Tässä Smitfraudfix raportti:

SmitFraudFix v2.328

Scan done at 13:59:31,15, su 22.06.2008
Run from C:\Users\Sauli\Desktop\SmitfraudFix
OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 62.121.35.14
DNS Server Search Order: 62.121.33.75

HKLM\SYSTEM\CCS\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Tässä HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56, on 23.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7272 bytes


Kiitos auttajille.

HJT lisätty.

 

En tiedä miten saisi tämän Adbriten kokonaan pois, oisko neuvoja?

 

onkos koneessa vain 512 keskumuistia

 

Koneessa on giga muistia

E: Allekirjoituksessa oleva kone on eri.

Ongelma kone on alle puolivuotta vanha kannettava.

 

tehääs nyt eka homma

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

OTmoveIT sanoo, että Access denied, kun yritän vistassa siivota, kokeilen vikasietotilassa.

 

hmmm.. valvojan oikeudet...

 

Ei auttanut admin oikeukdetkaan, edes vikasietotilassa.

 

nooh sitten tuosta

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-06-20.4 - Sauli 2008-06-23 19:49:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1108 [GMT 3:00]
Running from: C:\Users\Sauli\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\KBL.LOG

----- BITS: Possible infected sites -----

hxxp://h30155.www3.hp.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-23 to 2008-06-23 )))))))))))))))))
.

2008-06-23 19:32 . 2008-06-23 19:32 <KANSIO> d-------- C:\_OTMoveIt
2008-06-23 14:15 . 2008-06-23 14:16 <KANSIO> d-------- C:\Kirjanmerkit
2008-06-23 13:16 . 2008-06-23 13:16 <KANSIO> d-------- C:\Users\Koti\AppData\Roaming\HP
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Videos
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Searches
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Saved Games
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Pictures
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Music
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Links
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Downloads
2008-06-23 13:15 . 2008-06-23 17:49 <KANSIO> dr------- C:\Users\Koti\Documents
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Contacts
2008-06-23 13:15 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Koti\AppData\Roaming\Media Center Programs
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> d--h----- C:\Users\Koti\AppData
2008-06-23 13:15 . 2008-06-23 13:33 <KANSIO> d-------- C:\Users\Koti
2008-06-23 12:19 . 2008-06-23 12:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-22 18:09 . 2008-06-22 18:29 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-22 18:09 . 2008-06-22 18:29 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-22 18:09 . 2008-06-22 18:09 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-22 14:49 . 2008-06-22 14:49 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-22 13:46 . 2008-06-22 13:59 5,096 --a------ C:\Windows\System32\tmp.reg
2008-06-22 13:46 . 2008-06-22 13:59 691 --a------ C:\Users\Sauli\AppData\Roaming\GetValue.vbs
2008-06-22 13:46 . 2008-06-22 13:59 35 --a------ C:\Users\Sauli\AppData\Roaming\SetValue.bat
2008-06-15 12:40 . 2008-06-15 12:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-14 19:20 . 2008-06-14 19:20 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-14 17:54 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 17:53 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:53 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:53 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:29 . 2008-06-14 17:29 <KANSIO> d-------- C:\PerfLogs
2008-06-14 16:38 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-06-14 16:38 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-06-14 16:37 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-06-14 16:37 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-06-14 16:37 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-06-14 16:24 . 2008-01-18 22:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-12 03:03 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-12 03:03 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-12 03:03 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-12 03:03 . 2008-01-19 08:53 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys
2008-06-12 03:02 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 03:02 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 03:01 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 03:01 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-08 14:04 . 2008-06-08 14:24 <KANSIO> d-------- C:\Program Files\RegCure
2008-06-08 09:38 . 2008-06-22 10:43 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\Users\All Users\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\ProgramData\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\Program Files\NCH Software
2008-06-07 14:19 . 2008-06-07 14:56 262,144 --a------ C:\Windows\SPInstall.etl
2008-06-07 12:38 . 2008-06-22 13:26 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-06-07 11:15 . 2008-06-07 11:15 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Bullzip
2008-06-07 11:13 . 2008-06-07 11:13 <KANSIO> d-------- C:\Program Files\Bullzip
2008-06-07 11:13 . 2007-03-25 14:03 192,512 --a------ C:\Windows\System32\bzpdf.dll
2008-06-07 11:13 . 1999-05-07 00:00 140,288 --a------ C:\Windows\System32\COMDLG32.OCX
2008-06-07 11:11 . 2008-06-07 11:12 <KANSIO> d-------- C:\Program Files\gs
2008-06-05 22:34 . 2008-06-05 22:34 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Printer Info Cache
2008-06-05 22:34 . 2008-06-07 20:55 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Image Zone Express
2008-06-05 21:35 . 2008-06-05 21:35 <KANSIO> d-------- C:\Users\All Users\WEBREG
2008-06-05 21:35 . 2008-06-05 21:35 <KANSIO> d-------- C:\ProgramData\WEBREG
2008-06-05 21:29 . 2008-06-05 21:29 <KANSIO> d-------- C:\Users\All Users\HPSSUPPLY
2008-06-05 21:29 . 2008-06-05 21:29 <KANSIO> d-------- C:\ProgramData\HPSSUPPLY
2008-06-05 21:26 . 2008-06-05 21:28 <KANSIO> d-------- C:\Program Files\Common Files\HP
2008-06-05 21:26 . 2008-06-05 21:26 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-05 21:20 . 2006-12-16 09:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
2008-06-05 21:20 . 2006-12-16 09:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll
2008-06-05 21:20 . 2006-12-16 09:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-06-05 21:20 . 2006-11-21 00:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-06-05 21:20 . 2008-06-05 21:35 161,844 --a------ C:\Windows\hpoins19.dat
2008-06-05 21:20 . 2007-03-13 22:55 26,952 --a------ C:\Windows\hpomdl19.dat
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Users\All Users\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\ProgramData\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-06-01 17:33 . 2008-06-23 19:35 12 --a------ C:\Windows\bthservsdp.dat
2008-05-31 19:58 . 2008-06-07 14:42 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\HP
2008-05-31 19:58 . 2008-05-31 19:59 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\CyberLink
2008-05-31 19:58 . 2008-06-08 09:41 <KANSIO> d-------- C:\Users\Public\CyberLink
2008-05-31 19:58 . 2008-06-05 22:05 <KANSIO> d-------- C:\Users\All Users\HP
2008-05-31 19:58 . 2008-06-05 22:05 <KANSIO> d-------- C:\ProgramData\HP
2008-05-31 18:02 . 2008-06-01 13:37 <KANSIO> d-------- C:\Data
2008-05-31 17:55 . 2003-06-19 01:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-05-31 17:55 . 2008-06-23 17:54 390 --a------ C:\Windows\ODBC.INI
2008-05-31 17:52 . 2008-05-31 17:52 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-05-31 17:49 . 2008-05-31 17:49 <KANSIO> dr-h----- C:\MSOCache
2008-05-31 17:16 . 2008-05-31 17:16 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Talkback
2008-05-31 17:09 . 2008-06-23 16:28 <KANSIO> d-------- C:\Windows\System32\drivers\Avg
2008-05-31 17:09 . 2008-05-31 17:09 <KANSIO> d-------- C:\Program Files\AVG
2008-05-31 17:09 . 2008-05-31 17:09 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-31 17:09 . 2008-05-31 17:09 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-31 17:09 . 2008-05-31 17:09 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-31 16:19 . 2008-05-31 17:09 <KANSIO> d-------- C:\Users\All Users\avg8
2008-05-31 16:19 . 2008-05-31 17:09 <KANSIO> d-------- C:\ProgramData\avg8
2008-05-31 15:16 . 2008-06-12 16:28 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\OpenOffice.org2
2008-05-31 15:13 . 2008-05-31 15:14 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-31 14:14 . 2008-05-31 14:14 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-31 14:14 . 2008-05-31 14:14 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-31 14:14 . 2008-05-31 14:14 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-31 14:14 . 2008-05-31 14:14 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-31 14:14 . 2008-05-31 14:14 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-31 14:14 . 2008-05-31 14:14 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-31 14:14 . 2008-05-31 14:14 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-31 14:14 . 2008-05-31 14:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-31 14:14 . 2008-05-31 14:14 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-31 14:14 . 2008-05-31 14:14 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-31 14:12 . 2008-05-31 14:12 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-31 14:12 . 2008-05-31 14:12 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-31 14:11 . 2008-05-31 14:11 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-31 14:11 . 2008-05-31 14:11 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-31 14:07 . 2008-05-31 14:07 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-05-31 13:55 . 2008-05-31 13:55 0 --a------ C:\Windows\nsreg.dat
2008-05-31 11:50 . 2008-05-31 11:50 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Symantec
2008-05-31 11:49 . 2008-05-31 11:49 <KANSIO> dr------- C:\Users\Sauli\Searches
2008-05-31 11:49 . 2008-06-23 12:22 <KANSIO> dr------- C:\Users\Sauli\Contacts
2008-05-31 11:49 . 2008-05-31 11:49 81 --a------ C:\Windows\System32\LOG
2008-05-31 11:49 . 2008-05-31 11:49 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-05-31 11:46 . 2008-05-31 11:46 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Hewlett-Packard
2008-05-31 11:43 . 2008-05-31 11:44 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-05-31 11:41 . 2008-05-31 11:42 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-05-31 11:41 . 2008-05-31 11:41 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 11:40 . 2008-05-31 11:40 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-05-31 11:40 . 2008-05-31 11:40 <KANSIO> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 13:17 --------- d-----w C:\ProgramData\CyberLink
2008-06-14 15:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 15:07 --------- d-----w C:\ProgramData\Symantec
2008-06-14 14:46 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Mail
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 14:34 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 13:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 13:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-05 18:29 --------- d-----w C:\Program Files\HP
2008-05-31 12:31 --------- d-----w C:\Program Files\Java
2008-05-31 11:11 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-31 11:11 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-31 11:11 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-31 11:11 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-31 11:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 15:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 15:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 15:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-30 13:14 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-04 02:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 06:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 03:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 03:32 222504]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-04 02:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-31 17:09 1177368]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{577FEC15-A0F4-4C80-860F-3CCB85ED53FD}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B88EF623-385B-4DA1-8778-CEC272E7F6EF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{FBB7EA80-5877-4C7A-98E3-667D4F8AA7EF}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8C6C151C-4B79-4FD6-AE58-AB4088EAF467}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{66EDB52B-2CD5-4C95-A259-F6EE8129C643}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AD0C00B5-ECCB-4036-A3D8-B27C56A08F8B}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-31 17:09]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-31 17:09]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-31 17:09]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-31 17:09]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 06:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 15:25]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-28 04:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 19:52:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-23 19:53:56
ComboFix-quarantined-files.txt 2008-06-23 16:53:47

Pre-Run: 108,326,952,960 tavua vapaana
Post-Run: 108,864,450,560 tavua vapaana

242 --- E O F --- 2008-06-20 06:31:33

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===========

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

=========

Poista vikasiedossa

C:\Program Files\Common Files\Symantec Shared
C:\ProgramData\Symantec

==========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 883

22:27:33 23.6.2008
mbam-log-6-23-2008 (22-27-33).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 149976
Kulunut aika: 36 minute(s), 53 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56, on 23.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7272 bytes

 

poista vanhat hjt:n lokit ja scannaa uusi

 

En löytänyt vanhoja hjt-logeja muuta kuin asentamalla hjt:n uudestaan, siten sain uuden login otettua.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:43, on 24.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-1592013934-4205449133-1000282854-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Koti')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7769 bytes

 

Lokit löytyy tuolta mistä HijackThis.exe löytyy
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

==========

Loki ok
mites kone toimii

 

Hyvin toimii, selaimen etusivu oli vaihtunut ja siksi otin yhteyttä tänne että saadaan kone siivottua.

Onko nyt myös Vistan backupit siivottu, kun vikasietotilaan valittaessa on valikko, josta koneen saisi korjattua. Sitä tuskin kannattaa nyt käyttää.

 

niin eipä kannata ei tuo Malwarebytes' Anti-Malware löytänyt sieltä mitään.
Jätetään tällä kertaa rauhaan

 

Kannattaako laittaa palautuspiste tähän kohtaan?

 

niin sen voi kyllä tyhjätä niin alkaa alusta.
jos siellä jotain kuitenkin on

 

Netti hidastui modeemi yhteyden tasolle, voisko tällä olla jotain yhteyttä vanhaan ongelmaan.