Tässäpä tämä: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:10:54, on 24.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16735) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\system32\wscntfy.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Eraser\Eraser.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\windows\System32\svchost.exe C:\windows\system32\wuauclt.exe C:\Program Files\TrueCrypt\TrueCrypt.exe Z:\Vuze\Azureus.exe C:\Documents and Settings\Reijo Urtti\Työpöytä\HiJackThis_v2.0.2.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.6 cexx.org O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.21 kephyr.com O1 - Hosts: 127.0.0.24 lurkhere.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.26 merijn.org O1 - Hosts: 127.0.0.27 mjc1.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.32 no-spybot.com O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.34 pchell.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.39 security.kolla.de O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.41 spychecker.com O1 - Hosts: 127.0.0.42 spychecker.com O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.46 spyware.co.uk O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.53 sunbelt-software.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.55 tomcoyote.org O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.61 www.cexx.org O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.69 www.grc.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.75 www.kephyr.com O1 - Hosts: 127.0.0.78 www.lurkhere.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.80 www.merijn.org O1 - Hosts: 127.0.0.81 www.mjc1.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.86 www.no-spybot.com O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.88 www.pchell.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.92 www.security.kolla.de O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.94 www.spychecker.com O1 - Hosts: 127.0.0.95 www.spychecker.com O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\FAST KIND.exe O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [CFDStart] C:\WINDOWS\WinMuschi.exe -m O4 - HKCU\..\Run: [test acid] C:\DOCUME~1\REIJOU~1\APPLIC~1\DRAWEX~1\CopyBindSeek.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Policies\Explorer\Run: [{0C559C6A-0872-1035-1006-030309040166}] "C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe" te-110-12-0000073 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21cabb0f17737246e606/netzip/RdxIE601.cab O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://217.6.60.101/international/webinstall.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: Domain = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: NameServer = 194.241.250.90,194.241.250.162 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = arenanet.fi O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe (file missing) O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12230 bytes Mitä tosta löytyy? Ainakin kone heittää mulla välillä jotain nettipelejä IE ikkunaan, vaikka mulla ei IE edes ole käytössä. Jotain "CiD" niissä ikkunoissa yleensä lukee.
Moi, Mene: Käynnistä -> Asetukset -> Ohjauspaneeli -> Lisää tai poista sovellus Etsi listasta seuraavat ja poista ne: Ask Toolbar CFDStart DialerWeb Netster WINMUSCHI Älä huolestu jos jotain ei löydy listasta. ========================================================= Lataa HostsXpert.zip: Pura HostsXpert sopivaan kansioon, kuten C:\Hoster Aja HostsXpert.exe sen uudesta kansiosta Klikkaa "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa) Klikkaa "Restore Microsoft's Hosts File" ja sitten OK Sulje ohjelma. Huomaa: JOS käytit mukautettuja Hosts-filuja, sinun täytyy laittaa yksikin niistä riveistä itse takaisin. ========================================================= On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen Lataa Lop S&D täältä Tuplaklikkaa Lop S&D.exeä Valitse Suomi kieleksi painamalla U ja Enter. Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter Odota, kunnes tarkistus on valmis Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt ========================================================= Käynnistä HijackThis! Klikkaa ''Do a system scan and only'' painiketta. Valitse seuraavat rivit klikkaamalla tyhjää neliötä seuraavien rivien edessä. O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\FAST KIND.exe O4 - HKCU\..\Run: [CFDStart] C:\WINDOWS\WinMuschi.exe -m O4 - HKCU\..\Run: [test acid] C:\DOCUME~1\REIJOU~1\APPLIC~1\DRAWEX~1\CopyBindSeek. exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21cabb0f1773...ip/RdxIE601.cab O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://217.6.60.101/international/webinstall.cab Kun olet valinnut rivit, klikkaa ''Fix Checked'' painiketta. ========================================================= Avaa Muistio ja kopioi seuraavat rivit siihen: @echo off sc stop ASKService sc delete ASKService Sitten documentti tallennetaan työpöydälle nimellä Poisto.bat ja tiedostotyypiksi: All Files . Sitten ajetaan työpöydällä oleva Poisto.bat-tiedosto. ========================================================= Ota piilotiedostot näkyviin http://neko.1g.fi/ohje/piilotetuttiedostot.html Etsi ja poista seuraavat tiedostot ja kansiot: C:\Program Files\AskBarDis C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\ C:\WINDOWS\WinMuschi.exe Poista kansio missä seuraava tiedosto sijaitsee: CopyBindSeek.exe ========================================================= Lataa Malwarebytes' Anti-Malware työpöydällesi. Jos linkki ei toimi, voit ladata myös seuraavista linkeistä: Linkki1 Linkki2 Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset. Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista. Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt Lähetä lokin sisältö seuraavassa viestissäsi. Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset. ========================================================= Ilmoitathan jos et saanut jotain pyytämääni tehdyksi! Liitäthän seuraavat lokit uuteen viestiisi: Malwarebytes' Anti-Malware, Lop S&D sekä tuore HijackThis loki.
Kiitos neuvoista! Kaikki edellä mainitut toimenpiteet suoritettu, tässä uudet lokit: HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:02, on 24.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16735) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\system32\wscntfy.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\windows\System32\svchost.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\windows\system32\winlogon.exe C:\windows\system32\wuauclt.exe C:\Documents and Settings\Reijo Urtti\Työpöytä\HiJackThis_v2.0.2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Policies\Explorer\Run: [{0C559C6A-0872-1035-1006-030309040166}] "C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe" te-110-12-0000073 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-21-583907252-220523388-725345543-1008\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'Mari') O4 - HKUS\S-1-5-21-583907252-220523388-725345543-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe (User 'Mari') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: Domain = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: NameServer = 194.241.250.90,194.241.250.162 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = arenanet.fi O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe (file missing) O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7368 bytes Lop S&D --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Reijo Urtti ( Not Administrator ! ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:58 Go (Free:35 Go) D:\ (Local Disk) - NTFS - Total:55 Go (Free:44 Go) E:\ (Local Disk) - FAT32 - Total:232 Go (Free:93 Go) H:\ (CD or DVD) I:\ (Local Disk) - NTFS - Total:465 Go (Free:105 Go) Z:\ (Local Disk) - NTFS - Total:249 Go (Free:96 Go) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( ma 24.11.2008|20:36 ) --------------------\\ Listaa hakemistoja sijainnissa APPLIC~1 [08.10.2008|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [19.11.2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} [21.11.2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [24.11.2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [24.11.2008|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [24.11.2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [24.11.2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative [19.11.2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [16.11.2007|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [21.03.2004|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [23.11.2008|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Retrospect [05.12.2006|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [17.10.2006|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [16.09.2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser [0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua [16|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana [05.12.2003|14:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana [03.12.2006|19:10] C:\DOCUME~1\JRJEST~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua vapaana [05.12.2003|14:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana [04.10.2008|17:31] C:\DOCUME~1\Mari\APPLIC~1\Adobe [17.04.2008|15:08] C:\DOCUME~1\Mari\APPLIC~1\Apple Computer [19.10.2008|13:34] C:\DOCUME~1\Mari\APPLIC~1\Azureus [14.04.2008|18:28] C:\DOCUME~1\Mari\APPLIC~1\EPSON [18.10.2007|10:37] C:\DOCUME~1\Mari\APPLIC~1\FileMaker [29.05.2007|14:39] C:\DOCUME~1\Mari\APPLIC~1\Google [25.05.2007|10:31] C:\DOCUME~1\Mari\APPLIC~1\Identities [19.11.2008|12:35] C:\DOCUME~1\Mari\APPLIC~1\Macromedia [21.10.2008|17:29] C:\DOCUME~1\Mari\APPLIC~1\Microsoft [18.09.2008|12:08] C:\DOCUME~1\Mari\APPLIC~1\Mozilla [25.07.2007|22:48] C:\DOCUME~1\Mari\APPLIC~1\Real [25.10.2007|18:36] C:\DOCUME~1\Mari\APPLIC~1\Sun [0|tiedosto(a)] C:\DOCUME~1\Mari\APPLIC~1\tavua [14|kansio(ta)] C:\DOCUME~1\Mari\APPLIC~1\tavua vapaana [05.12.2003|14:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana [14.05.2007|10:18] C:\DOCUME~1\REIJOU~1\APPLIC~1\Adobe [20.01.2005|20:38] C:\DOCUME~1\REIJOU~1\APPLIC~1\AdobeUM [23.09.2008|11:11] C:\DOCUME~1\REIJOU~1\APPLIC~1\Apple Computer [24.11.2008|20:31] C:\DOCUME~1\REIJOU~1\APPLIC~1\Azureus [16.09.2008|14:38] C:\DOCUME~1\REIJOU~1\APPLIC~1\Canon [12.12.2003|18:35] C:\DOCUME~1\REIJOU~1\APPLIC~1\EPSON [15.01.2007|18:39] C:\DOCUME~1\REIJOU~1\APPLIC~1\FileMaker [08.12.2005|16:53] C:\DOCUME~1\REIJOU~1\APPLIC~1\Google [05.12.2003|14:54] C:\DOCUME~1\REIJOU~1\APPLIC~1\Help [28.07.2005|12:23] C:\DOCUME~1\REIJOU~1\APPLIC~1\Identities [08.12.2003|13:38] C:\DOCUME~1\REIJOU~1\APPLIC~1\InterTrust [09.12.2003|19:12] C:\DOCUME~1\REIJOU~1\APPLIC~1\InterVideo [30.12.2005|13:31] C:\DOCUME~1\REIJOU~1\APPLIC~1\invibes [12.12.2005|13:08] C:\DOCUME~1\REIJOU~1\APPLIC~1\Ipswitch [22.03.2004|11:33] C:\DOCUME~1\REIJOU~1\APPLIC~1\Kazaa Lite [19.11.2008|10:59] C:\DOCUME~1\REIJOU~1\APPLIC~1\Lavasoft [12.11.2008|15:48] C:\DOCUME~1\REIJOU~1\APPLIC~1\Leadertech [19.11.2008|12:35] C:\DOCUME~1\REIJOU~1\APPLIC~1\Macromedia [24.11.2008|17:47] C:\DOCUME~1\REIJOU~1\APPLIC~1\Malwarebytes [22.11.2008|02:03] C:\DOCUME~1\REIJOU~1\APPLIC~1\Microsoft [16.09.2008|13:43] C:\DOCUME~1\REIJOU~1\APPLIC~1\Mozilla [27.01.2007|14:29] C:\DOCUME~1\REIJOU~1\APPLIC~1\OpenOffice.org2 [19.04.2007|13:38] C:\DOCUME~1\REIJOU~1\APPLIC~1\Opera [26.03.2008|14:40] C:\DOCUME~1\REIJOU~1\APPLIC~1\Real [23.03.2005|16:51] C:\DOCUME~1\REIJOU~1\APPLIC~1\Sony [12.08.2005|12:46] C:\DOCUME~1\REIJOU~1\APPLIC~1\Sun [31.08.2005|12:59] C:\DOCUME~1\REIJOU~1\APPLIC~1\Talkback [19.11.2008|23:17] C:\DOCUME~1\REIJOU~1\APPLIC~1\TrueCrypt [0|tiedosto(a)] C:\DOCUME~1\REIJOU~1\APPLIC~1\tavua [30|kansio(ta)] C:\DOCUME~1\REIJOU~1\APPLIC~1\tavua vapaana --------------------\\ Ajoitetut tehtävät sijaitsee C:\windows\Tasks [19.11.2008 12:38][--a------] C:\windows\tasks\AppleSoftwareUpdate.job [24.11.2008 16:36][--ah-----] C:\windows\tasks\SA.DAT [25.04.2003 14:00][-r-h-----] C:\windows\tasks\desktop.ini --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files [14.02.2007|12:17] C:\Program Files\Adobe [21.02.2004|15:15] C:\Program Files\Ahead [21.10.2008|22:04] C:\Program Files\Alex Feinman [13.04.2007|16:02] C:\Program Files\Amaya-9.54 [23.09.2008|11:26] C:\Program Files\Apple Software Update [29.04.2007|17:52] C:\Program Files\Arkhimedes [21.11.2008|17:06] C:\Program Files\AskBarDis [05.12.2003|14:52] C:\Program Files\ATI Technologies [21.11.2008|17:03] C:\Program Files\Azureus [19.11.2008|12:28] C:\Program Files\backburner 2 [07.01.2005|12:40] C:\Program Files\BitComet [10.04.2007|11:23] C:\Program Files\BitGrabber [23.09.2008|11:22] C:\Program Files\Bonjour [16.09.2008|12:16] C:\Program Files\Canon [24.11.2008|14:47] C:\Program Files\CCleaner [19.11.2008|10:58] C:\Program Files\Common Files [05.12.2003|14:32] C:\Program Files\ComPlus Applications [21.03.2004|11:32] C:\Program Files\Conexant [05.12.2003|15:00] C:\Program Files\CyberLink [07.08.2008|13:38] C:\Program Files\DC++ [22.01.2006|22:28] C:\Program Files\DefilerPak [05.04.2005|09:53] C:\Program Files\Director [02.04.2007|15:16] C:\Program Files\eclipse [12.12.2003|18:24] C:\Program Files\EPSON [19.11.2008|11:01] C:\Program Files\Eraser [28.06.2007|23:36] C:\Program Files\FileZilla [08.05.2005|16:46] C:\Program Files\F-Secure [01.01.2002|01:20] C:\Program Files\Furnish Pro [20.02.2007|13:21] C:\Program Files\Gabest [30.12.2005|13:26] C:\Program Files\GoldWave [24.11.2008|16:49] C:\Program Files\Google [21.10.2008|21:43] C:\Program Files\HashTab Shell Extension [20.01.2005|19:47] C:\Program Files\Indesign [19.11.2008|12:35] C:\Program Files\InstallShield Installation Information [24.11.2008|16:53] C:\Program Files\Internet Explorer [09.12.2003|16:46] C:\Program Files\InterVideo [12.11.2008|15:47] C:\Program Files\Iomega [08.10.2008|12:05] C:\Program Files\iPod [07.08.2006|16:40] C:\Program Files\IrfanView [08.10.2008|12:06] C:\Program Files\iTunes [28.03.2007|17:55] C:\Program Files\Java [22.01.2006|22:28] C:\Program Files\K-Lite Codec Pack [16.09.2008|14:55] C:\Program Files\Kolor [15.01.2007|18:08] C:\Program Files\Laskutus [19.11.2008|10:59] C:\Program Files\Lavasoft [19.11.2008|12:34] C:\Program Files\LocalCooling [17.02.2004|14:43] C:\Program Files\Macromedia [24.11.2008|17:46] C:\Program Files\Malwarebytes' Anti-Malware [06.04.2005|21:28] C:\Program Files\maya [27.01.2007|17:00] C:\Program Files\Microsoft ActiveSync [05.12.2003|14:34] C:\Program Files\microsoft frontpage [04.05.2007|09:53] C:\Program Files\Microsoft Office [27.01.2007|16:59] C:\Program Files\Microsoft Visual Studio [04.05.2007|09:53] C:\Program Files\Microsoft Works [27.01.2007|17:00] C:\Program Files\Microsoft.NET [24.12.2005|19:57] C:\Program Files\MixVibes6 [30.12.2005|13:33] C:\Program Files\MixVibesDVS [26.10.2006|15:31] C:\Program Files\Movie Maker [24.11.2008|20:29] C:\Program Files\Mozilla Firefox [14.11.2008|12:36] C:\Program Files\MSECache [05.12.2003|14:31] C:\Program Files\MSN Gaming Zone [11.10.2007|15:23] C:\Program Files\MSN Messenger [24.05.2005|10:20] C:\Program Files\NetMeeting [05.12.2003|14:33] C:\Program Files\Online Services [19.04.2007|13:38] C:\Program Files\Opera [13.06.2007|17:37] C:\Program Files\Outlook Express [18.01.2006|22:05] C:\Program Files\Pegasys Inc [28.09.2006|16:11] C:\Program Files\Phase One [27.01.2007|16:47] C:\Program Files\PowerISO [23.09.2008|11:22] C:\Program Files\QuickTime [21.03.2004|16:41] C:\Program Files\Real [12.11.2008|15:48] C:\Program Files\Retrospect [09.12.2003|17:06] C:\Program Files\SEC [23.03.2005|16:51] C:\Program Files\Sony [23.03.2005|16:50] C:\Program Files\Sony Setup [23.03.2005|16:42] C:\Program Files\Soundforge v7.0 [01.01.2002|04:12] C:\Program Files\Tappio [21.03.2004|11:33] C:\Program Files\TeleWell TW-IA300C ADSL [28.02.2007|20:17] C:\Program Files\TimeAdjuster [19.11.2008|13:17] C:\Program Files\TrueCrypt [07.07.2004|14:57] C:\Program Files\Uninstall Information [28.02.2007|20:25] C:\Program Files\URUSoft [20.11.2008|23:20] C:\Program Files\Winamp [17.10.2006|18:26] C:\Program Files\Windows Media Components [26.10.2006|15:31] C:\Program Files\Windows Media Player [24.05.2005|10:20] C:\Program Files\Windows NT [23.08.2004|15:13] C:\Program Files\WindowsUpdate [01.05.2007|04:58] C:\Program Files\WinRAR [28.10.2004|11:31] C:\Program Files\visual basic [12.12.2005|13:08] C:\Program Files\WS_FTP Pro [05.12.2003|14:34] C:\Program Files\xerox [06.04.2005|21:30] C:\Program Files\Zero G Registry [08.01.2005|04:31] C:\Program Files\Zone Labs [0|tiedosto(a)] C:\Program Files\tavua [95|kansio(ta)] C:\Program Files\tavua vapaana --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files [03.12.2006|18:16] C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166} [14.02.2007|12:07] C:\Program Files\Common Files\Adobe [17.12.2003|18:09] C:\Program Files\Common Files\Adobe Systems Shared [21.02.2004|15:15] C:\Program Files\Common Files\Ahead [09.04.2008|14:07] C:\Program Files\Common Files\Apple [19.11.2008|12:28] C:\Program Files\Common Files\Autodesk Shared [16.09.2008|11:39] C:\Program Files\Common Files\Canon [27.01.2007|16:59] C:\Program Files\Common Files\DESIGNER [15.12.2003|22:44] C:\Program Files\Common Files\InstallShield [12.08.2005|12:41] C:\Program Files\Common Files\Java [27.01.2007|17:00] C:\Program Files\Common Files\L&H [14.01.2004|17:33] C:\Program Files\Common Files\Macromedia [14.01.2004|17:05] C:\Program Files\Common Files\Macromedia Shared [19.11.2008|11:00] C:\Program Files\Common Files\Microsoft Shared [05.12.2003|14:32] C:\Program Files\Common Files\MSSoap [17.05.2005|16:03] C:\Program Files\Common Files\NSV [05.12.2003|14:21] C:\Program Files\Common Files\ODBC [12.12.2003|18:25] C:\Program Files\Common Files\Python [16.02.2006|14:54] C:\Program Files\Common Files\Real [05.12.2003|14:32] C:\Program Files\Common Files\Services [05.12.2003|14:21] C:\Program Files\Common Files\SpeechEngines [13.06.2007|17:37] C:\Program Files\Common Files\System [19.11.2008|10:58] C:\Program Files\Common Files\Wise Installation Wizard [16.02.2006|14:54] C:\Program Files\Common Files\xing shared [0|tiedosto(a)] C:\Program Files\Common Files\tavua [26|kansio(ta)] C:\Program Files\Common Files\tavua vapaana --------------------\\ Process ( 50 Processes ) ... OK ! --------------------\\ Etsii S_Lopilla Lopin kansioita ei löytynyt ! --------------------\\ Etsii Lopin tiedostoja ja kansioita C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Frag Type.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Logo Drv.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Plan Chic.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\slow settings.exe C:\Program Files\BitGrabber --------------------\\ Etsii rekisterikohteita [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Tarkistaa Hosts-tiedostoa Hosts-tiedosto PUHDAS --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 20:38:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Tarkistaa muita infektioita --------------------\\ Cracks & Keygens .. C:\DOCUME~1\REIJOU~1\Application Data\Azureus\torrents\Capture_One_PRO_v3_7_Win2000XP_Incl_Keygen-EC.3330005.TPB.torrent C:\DOCUME~1\REIJOU~1\Application Data\Azureus\torrents\[NewTorrents.info] Capture.One.PRO.v3.7.Win2000XP.Incl.Keygen-ECLiPSE_[www.NewTorrents.info].torrent [F:22][D:4]-> C:\DOCUME~1\REIJOU~1\LOCALS~1\Temp [F:3][D:0]-> C:\DOCUME~1\REIJOU~1\Cookies [F:101][D:10]-> C:\DOCUME~1\REIJOU~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - ma 24.11.2008|20:39 - Option : [1] --------------------\\ Tarkistus valmistui 20:39:40 Malwarebytes Malwarebytes' Anti-Malware 1.30 Tietokantaversio: 1419 Windows 5.1.2600 Service Pack 2 24.11.2008 21:00:30 mbam-log-2008-11-24 (21-00-30).txt Tarkistustyyppi: Pikatarkistus Tarkistetut kohteet: 59872 Kulunut aika: 7 minute(s), 42 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 2 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 1 Saastuneita tiedostoja: 1 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: C:\Program Files\BitGrabber (Trojan.Lop) -> Quarantined and deleted successfully. Saastuneita tiedostoja: C:\Documents and Settings\Reijo Urtti\Suosikit\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Piilotiedostot näkyviin Mene --> tänne Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit. C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe Lähetä skannin tulokset seuraavassa viestissäsi. Jos et löydä tiedostoa, niin kopio/liitä tiedostonimi polkuineen kenttään ja paina Submit. Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html ======================================================== Käynnistä HijackThis! Klikkaa ''Do a system scan and only'' painiketta. Valitse seuraavat rivit klikkaamalla tyhjää neliötä seuraavien rivien edessä. O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html Kun olet valinnut rivit, klikkaa ''Fix Checked'' painiketta. ======================================================== Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. Tämän jälkeen lataa ja asenna Java Runtime Environment (JRE) 6 Update 10. ======================================================== Poista seuraava kansio: C:\Program Files\BitGrabber Onko seuraava sivusto sinulle tuttu? arenanet.fi Liitä seuraavat lokit: Virustotal / Jotti & HijackThis
C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe Tuollaista ei löytynyt eikä kummankaan sivuston input-kenttään pystynyt liittämään tekstiä. Ajoin sen sijaan Jotin läpi tällaisella tiedostolla: C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\services.dll Tässä tulokset: Scan taken on 25 Nov 2008 14:09:09 (GMT) A-Squared Found nothing AntiVir Found ADSPY/Softomate.Q.2 ArcaVir Found Adware.Softomate.Q Avast Found Win32:Trojan-gen {Other} AVG Antivirus Found Generic.SYM BitDefender Found Adware.Softomate.BV ClamAV Found nothing CPsecure Found nothing Dr.Web Found Trojan.DownLoader.12962 F-Prot Antivirus Found W32/Backdoor.PUX F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Mostofate.q (4, 1, 400) G DATA Found Win32:Trojan-gen Ikarus Found not-a-virus:AdWare.Win32.Mostofate.q Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Mostofate.q NOD32 Found nothing Norman Virus Control Found W32/Softomate.DC Panda Antivirus Found nothing Sophos Antivirus Found Mal/Heuri-E VirusBuster Found nothing VBA32 Found AdWare.Win32.Mostofate.q JavaRA loki JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Nov 25 16:03:07 2008 Found and removed: C:\Program Files\Java\jre1.5.0_04 Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64 Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: Software\JavaSoft\Java2D\1.5.0_04 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\JavaPlugin.150_04 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\JavaSoft\Java2D\1.6.0 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. ja HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:21:58, on 25.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\windows\System32\svchost.exe C:\windows\system32\wuauclt.exe C:\windows\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\javaws.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Documents and Settings\Reijo Urtti\Työpöytä\Virustorjunta\HiJackThis_v2.0.2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Policies\Explorer\Run: [{0C559C6A-0872-1035-1006-030309040166}] "C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe" te-110-12-0000073 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: Domain = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: NameServer = 194.241.250.90,194.241.250.162 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = arenanet.fi O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe (file missing) O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6919 bytes C:\Program Files\BitGrabber Tuollaista kansiota ei löytynyt ja arenanet.fi ei ole millään tavalla tuttu. En tiedä voisiko liittyä Elisan kaapelinettiin?
Käynnistä HijackThis! Klikkaa ''Do a system scan and only'' painiketta. Valitse seuraavat rivit klikkaamalla tyhjää neliötä seuraavien rivien edessä. O4 - HKCU\..\Policies\Explorer\Run: [{0C559C6A-0872-1035-1006-030309040166}] "C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe " te-110-12-0000073 Kun olet valinnut rivit, klikkaa ''Fix Checked'' painiketta. =============================================== Poista seuraavat tiedostot/kansiot! C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166} Ilmoita jos et saa kansiota poistettua! =============================================== Käynnistä kone uudestaan, tee uusi hjt loki ja postita se!
Kiitos Hujo tästä huomautuksesta. Suoritan live lokeja virustorjunta.netissä ja katsoin tosiaan liian hätäisesti tuon ZoneAlarm Pro kuvauksen. Siinä siis on vaan AntiSpyware sekä palomuuri. @ Ile82 Tässä muokattu ohje: Sinulla ei ole anti-virusta koneellasi. Tietokoneesi on avoin viruksille ja muille lisäsaasteille jos aktiivista suojaa ei ole, ja tuhlaamme vain aikaamme. Asenna koneellesi YKSI anti-virus ohjelma näiltä loistavilta tietoturvataloilta[/b] NYT [/color]: 1) Antivir PersonalEdition Classic - Ilmainen anti-virus Windowsille. Ilmainen tuki. 2) avast! 4 Home Edition - Ilmainen anti-virus Windowsin kotikäyttäjille. 3) AVG Anti-Virus Free Edition - Ilmainen anti-virus Windowsin kotikäyttäjille. On vahvasti suositeltua että käytät vain yhtä anti-virusta kerrallaan. Pitämällä enempää kuin yhtä anti-virus softaa aktiivisena muistissa käyttää liikaa koneen resursseja ja voi johtaa vääriin hälytyksiin sekä ohjelmien välisiin konflikteihin. Jos välttämättä haluat asentaa useamman kuin yhden anti-virus ohjelman koneellesi, vain yhden niistä pitää olla aktiivisena suojaamassa. =============================================== Käynnistä HijackThis! Klikkaa ''Do a system scan and only'' painiketta. Valitse seuraavat rivit klikkaamalla tyhjää neliötä seuraavien rivien edessä. O4 - HKCU\..\Policies\Explorer\Run: [{0C559C6A-0872-1035-1006-030309040166}] "C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166}\Update.exe " te-110-12-0000073 Kun olet valinnut rivit, klikkaa ''Fix Checked'' painiketta. =============================================== Poista seuraavat tiedostot/kansiot! C:\Program Files\Common Files\{0C559C6A-0872-1035-1006-030309040166} Ilmoita jos et saa kansiota poistettua! =============================================== Käynnistä kone uudestaan, tee uusi hjt loki ja postita se!
Jep, mä olin siinä virheellisessä käsityksessä että palomuuri ja muutama anti-spyware riittäis. Nyt on tuo AVG koneella ja tässä uusin hjt loki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20:06, on 25.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\system32\wuauclt.exe C:\windows\system32\wscntfy.exe C:\windows\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\windows\system32\ctfmon.exe C:\windows\System32\svchost.exe C:\Program Files\Eraser\Eraser.exe C:\windows\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Documents and Settings\Reijo Urtti\Työpöytä\Virustorjunta\HiJackThis_v2.0.2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: Domain = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\..\{DB48B337-49FA-403A-933D-67F7C7DDD0E7}: NameServer = 194.241.250.90,194.241.250.162 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = arenanet.fi O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = arenanet.fi O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe (file missing) O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7629 bytes
Nyt kun olet puhdas, seuraavaksi pari vinkkiä kuinka pienennetään saastumisriskiä. Kaikista on saatavilla joko suomenkielinen versio sekä/tai suomenkielinen opas. -> Taistele vastaan!!-> Malware Complaints Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan! -> Tyhjennä järjestelmänpalautus -> Ohjeet Tyhejnnä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. Pysy puhtaana
