Ponnahdusikkunat...

salaba · Nov 9, 2008

Morjens!

Olis sellast asiaa et mikäköhän auttas ku netti heittelee ponnahdusikkunoita vähän väliä, vaikka ponnahdusikkunoiden esto päällä.

HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:59, on 9.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\Grey bind.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-TJHL1.exe" /REG
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Tickonline] C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\titlethird.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9252 bytes

kalminen · Nov 9, 2008

En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.

----------------------------------------------------------------

Lataa Lop S&D TÄÄLTÄ

Irroita nettipiuha seinästä siksi aikaa.
On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä
ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen
takaisin päälle tarkistuksen jälkeen

Lataa Lop S&D TÄÄLTÄ

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista

Lähetä C:\lopR.txt ja HJT logi
.

salaba · Nov 14, 2008

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 09/06/05 20:25:26 Ver: 08.00.09
USER : Omistaja ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081114-0] 4.8.1229 (Not Activated)
Firewall : (Not Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:47 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:32 Go)
E:\ (Local Disk) - NTFS - Total:69 Go (Free:41 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)
M:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( pe 14.11.2008|19:13 )

--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[24.02.2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.06.2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07.06.2008|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05.02.2008|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
[23.07.2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodata Limited
[21.05.2008|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[21.03.2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
[03.03.2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[03.03.2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[04.10.2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[21.03.2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[10.11.2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
[02.08.2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11.06.2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22.03.2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31.07.2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[31.07.2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21.03.2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19.06.2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07.06.2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.02.2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05.02.2008|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07.08.2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[26|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[05.02.2008|11:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[21.03.2008|20:20] C:\DOCUME~1\JRJEST~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua vapaana

[25.03.2008|19:21] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Grisoft
[21.05.2008|17:03] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua vapaana

[10.06.2008|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[21.05.2008|17:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[21.05.2008|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

[24.02.2008|19:19] C:\DOCUME~1\Omistaja\APPLIC~1\Adobe
[24.02.2008|14:16] C:\DOCUME~1\Omistaja\APPLIC~1\AdobeUM
[09.06.2008|11:07] C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
[16.05.2008|21:31] C:\DOCUME~1\Omistaja\APPLIC~1\AVGTOOLBAR
[27.10.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
[16.05.2008|19:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer
[11.03.2008|11:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
[05.02.2008|22:39] C:\DOCUME~1\Omistaja\APPLIC~1\Comodo
[14.11.2008|19:10] C:\DOCUME~1\Omistaja\APPLIC~1\DNA
[05.02.2008|12:58] C:\DOCUME~1\Omistaja\APPLIC~1\F-Secure
[04.10.2008|15:48] C:\DOCUME~1\Omistaja\APPLIC~1\Google
[10.11.2008|17:05] C:\DOCUME~1\Omistaja\APPLIC~1\GreyRealHold
[23.03.2008|23:25] C:\DOCUME~1\Omistaja\APPLIC~1\Grisoft
[05.02.2008|11:43] C:\DOCUME~1\Omistaja\APPLIC~1\Help
[05.02.2008|11:09] C:\DOCUME~1\Omistaja\APPLIC~1\Identities
[05.02.2008|11:53] C:\DOCUME~1\Omistaja\APPLIC~1\ispnews
[05.02.2008|13:02] C:\DOCUME~1\Omistaja\APPLIC~1\Macromedia
[11.06.2008|15:36] C:\DOCUME~1\Omistaja\APPLIC~1\Malwarebytes
[05.02.2008|18:37] C:\DOCUME~1\Omistaja\APPLIC~1\Media Player Classic
[21.05.2008|17:03] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft
[10.02.2008|14:34] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft Web Folders
[24.05.2008|23:38] C:\DOCUME~1\Omistaja\APPLIC~1\Mozilla
[31.07.2008|22:00] C:\DOCUME~1\Omistaja\APPLIC~1\NCH Swift Sound
[05.03.2008|21:46] C:\DOCUME~1\Omistaja\APPLIC~1\Netscape
[25.02.2008|13:27] C:\DOCUME~1\Omistaja\APPLIC~1\News to Screen
[19.04.2008|14:00] C:\DOCUME~1\Omistaja\APPLIC~1\Sun
[31.07.2008|21:23] C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent
[09.06.2008|21:20] C:\DOCUME~1\Omistaja\APPLIC~1\WinRAR
[07.08.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\ZoomBrowser EX
[0|tiedosto(a)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua
[31|kansio(ta)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[07.06.2008 20:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14.11.2008 18:43][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[14.11.2008 18:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16.09.2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[08.07.2008|15:54] C:\Program Files\Adobe
[07.10.2008|17:36] C:\Program Files\Alwil Software
[05.02.2008|11:26] C:\Program Files\AMD
[07.06.2008|20:32] C:\Program Files\Apple Software Update
[05.02.2008|11:30] C:\Program Files\ASUS
[05.02.2008|11:41] C:\Program Files\ATI Multimedia
[07.10.2008|17:34] C:\Program Files\avast
[03.03.2008|23:37] C:\Program Files\BAANA TIETOTURVA
[01.08.2008|12:57] C:\Program Files\BitTorrent
[22.02.2008|16:06] C:\Program Files\Canon
[05.02.2008|15:23] C:\Program Files\CCleaner
[02.08.2008|14:56] C:\Program Files\Common Files
[05.02.2008|15:38] C:\Program Files\CONEXANT
[18.05.2008|18:22] C:\Program Files\DC++
[27.10.2008|21:22] C:\Program Files\DNA
[23.07.2008|16:28] C:\Program Files\D-Tools
[14.11.2008|19:03] C:\Program Files\Dz++
[04.10.2008|15:45] C:\Program Files\Google
[23.03.2008|23:25] C:\Program Files\Grisoft
[16.05.2008|17:36] C:\Program Files\InstallShield Installation Information
[14.10.2008|23:22] C:\Program Files\Internet Explorer
[09.10.2008|21:02] C:\Program Files\Java
[02.08.2008|14:57] C:\Program Files\Lavasoft
[09.11.2008|15:00] C:\Program Files\Malwarebytes' Anti-Malware
[04.11.2008|21:34] C:\Program Files\mediaplayer classic
[17.08.2008|22:23] C:\Program Files\Messenger
[21.05.2008|17:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10.02.2008|14:34] C:\Program Files\microsoft frontpage
[10.02.2008|14:34] C:\Program Files\Microsoft Office
[21.10.2008|13:44] C:\Program Files\Microsoft Silverlight
[10.02.2008|14:36] C:\Program Files\Microsoft Visual Studio
[16.05.2008|22:04] C:\Program Files\Movie Maker
[16.05.2008|17:16] C:\Program Files\mozilla
[08.11.2008|17:54] C:\Program Files\Mozilla Firefox
[05.02.2008|15:52] C:\Program Files\MSBuild
[05.02.2008|14:05] C:\Program Files\MSI
[05.02.2008|11:04] C:\Program Files\MSN
[05.02.2008|11:04] C:\Program Files\MSN Gaming Zone
[05.02.2008|16:22] C:\Program Files\MSXML 6.0
[31.07.2008|22:00] C:\Program Files\NCH Software
[31.07.2008|22:01] C:\Program Files\NCH Swift Sound
[16.05.2008|21:59] C:\Program Files\NetMeeting
[21.03.2008|20:21] C:\Program Files\Netscape
[07.06.2008|20:12] C:\Program Files\Norton AntiVirus
[05.02.2008|11:33] C:\Program Files\NVIDIA Corporation
[16.05.2008|21:59] C:\Program Files\Outlook Express
[07.06.2008|20:33] C:\Program Files\QuickTime
[05.02.2008|15:49] C:\Program Files\Reference Assemblies
[14.11.2008|19:09] C:\Program Files\Sunbelt Software
[21.03.2008|20:29] C:\Program Files\Trend Micro
[05.02.2008|11:39] C:\Program Files\Uninstall Information
[01.08.2008|10:29] C:\Program Files\uTorrent
[05.02.2008|17:38] C:\Program Files\Webteh
[22.03.2008|09:59] C:\Program Files\Windows Defender
[05.02.2008|14:49] C:\Program Files\Windows Live
[05.02.2008|11:40] C:\Program Files\Windows Media Components
[05.02.2008|15:47] C:\Program Files\Windows Media Connect 2
[16.05.2008|21:59] C:\Program Files\Windows Media Player
[16.05.2008|21:59] C:\Program Files\Windows NT
[05.02.2008|11:04] C:\Program Files\WindowsUpdate
[09.06.2008|21:19] C:\Program Files\WinRAR
[05.02.2008|11:06] C:\Program Files\xerox
[05.02.2008|18:11] C:\Program Files\XP Codec Pack
[0|tiedosto(a)] C:\Program Files\tavua
[65|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[24.02.2008|14:23] C:\Program Files\Common Files\Adobe
[16.05.2008|17:36] C:\Program Files\Common Files\ATI
[23.07.2008|20:20] C:\Program Files\Common Files\Autodata Limited Shared
[22.02.2008|16:05] C:\Program Files\Common Files\Canon
[05.02.2008|11:38] C:\Program Files\Common Files\CyberLink
[10.02.2008|14:36] C:\Program Files\Common Files\Designer
[05.02.2008|11:30] C:\Program Files\Common Files\InstallShield
[11.06.2008|15:22] C:\Program Files\Common Files\Java
[16.05.2008|17:47] C:\Program Files\Common Files\Microsoft Shared
[05.02.2008|11:05] C:\Program Files\Common Files\MSSoap
[14.11.2008|15:20] C:\Program Files\Common Files\Nero
[05.02.2008|11:00] C:\Program Files\Common Files\ODBC
[16.05.2008|19:10] C:\Program Files\Common Files\Panda Software
[05.02.2008|11:05] C:\Program Files\Common Files\Services
[05.02.2008|11:00] C:\Program Files\Common Files\SpeechEngines
[07.06.2008|20:12] C:\Program Files\Common Files\Symantec Shared
[16.05.2008|21:59] C:\Program Files\Common Files\System
[05.02.2008|14:49] C:\Program Files\Common Files\WindowsLiveInstaller
[02.08.2008|14:56] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 44 Processes )

IEXPLORE.EXE ~ [PID:276]

--------------------\\ Etsii S_Lopilla

C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1
C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\tpmldegf.exe

--------------------\\ Etsii Lopin tiedostoja ja kansioita

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3

--------------------\\ Etsii rekisterikohteita

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProcSurfFirst]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Omistaja\\APPLIC~1\\GREYRE~1\\titlethird.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 19:14:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 10

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Omistaja\Application Data\uTorrent\Autodata v3.18 2CD's + Crack.torrent

[F:3][D:3]-> C:\DOCUME~1\Omistaja\LOCALS~1\Temp
[F:14][D:0]-> C:\DOCUME~1\Omistaja\Cookies
[F:286][D:4]-> C:\DOCUME~1\Omistaja\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - pe 14.11.2008|19:14 - Option : [1]

--------------------\\ Tarkistus valmistui 19:14:52

kalminen · Nov 14, 2008

b]Käynnistä Lop S&D[/b]

Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

Lähetä lopR.txt logi ja HJT:N logi
.

salaba · Nov 15, 2008

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 09/06/05 20:25:26 Ver: 08.00.09
USER : Omistaja ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081115-0] 4.8.1229 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:47 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:32 Go)
E:\ (Local Disk) - NTFS - Total:69 Go (Free:41 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)
M:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( su 16.11.2008| 0:23 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

Poistettu! - C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\tpmldegf.exe
Poistettu! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
Poistettu! - C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[24.02.2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.06.2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07.06.2008|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05.02.2008|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
[23.07.2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodata Limited
[21.05.2008|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[21.03.2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
[03.03.2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[03.03.2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[04.10.2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[21.03.2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[02.08.2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11.06.2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22.03.2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31.07.2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[31.07.2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21.03.2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19.06.2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07.06.2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.02.2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05.02.2008|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07.08.2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[25|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[05.02.2008|11:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[21.03.2008|20:20] C:\DOCUME~1\JRJEST~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua vapaana

[25.03.2008|19:21] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Grisoft
[21.05.2008|17:03] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua vapaana

[10.06.2008|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[21.05.2008|17:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[21.05.2008|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

[24.02.2008|19:19] C:\DOCUME~1\Omistaja\APPLIC~1\Adobe
[24.02.2008|14:16] C:\DOCUME~1\Omistaja\APPLIC~1\AdobeUM
[09.06.2008|11:07] C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
[16.05.2008|21:31] C:\DOCUME~1\Omistaja\APPLIC~1\AVGTOOLBAR
[27.10.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
[16.05.2008|19:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer
[11.03.2008|11:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
[05.02.2008|22:39] C:\DOCUME~1\Omistaja\APPLIC~1\Comodo
[16.11.2008|00:18] C:\DOCUME~1\Omistaja\APPLIC~1\DNA
[05.02.2008|12:58] C:\DOCUME~1\Omistaja\APPLIC~1\F-Secure
[04.10.2008|15:48] C:\DOCUME~1\Omistaja\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\Omistaja\APPLIC~1\Grisoft
[05.02.2008|11:43] C:\DOCUME~1\Omistaja\APPLIC~1\Help
[05.02.2008|11:09] C:\DOCUME~1\Omistaja\APPLIC~1\Identities
[05.02.2008|11:53] C:\DOCUME~1\Omistaja\APPLIC~1\ispnews
[05.02.2008|13:02] C:\DOCUME~1\Omistaja\APPLIC~1\Macromedia
[11.06.2008|15:36] C:\DOCUME~1\Omistaja\APPLIC~1\Malwarebytes
[05.02.2008|18:37] C:\DOCUME~1\Omistaja\APPLIC~1\Media Player Classic
[21.05.2008|17:03] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft
[10.02.2008|14:34] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft Web Folders
[24.05.2008|23:38] C:\DOCUME~1\Omistaja\APPLIC~1\Mozilla
[31.07.2008|22:00] C:\DOCUME~1\Omistaja\APPLIC~1\NCH Swift Sound
[05.03.2008|21:46] C:\DOCUME~1\Omistaja\APPLIC~1\Netscape
[25.02.2008|13:27] C:\DOCUME~1\Omistaja\APPLIC~1\News to Screen
[19.04.2008|14:00] C:\DOCUME~1\Omistaja\APPLIC~1\Sun
[31.07.2008|21:23] C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent
[09.06.2008|21:20] C:\DOCUME~1\Omistaja\APPLIC~1\WinRAR
[07.08.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\ZoomBrowser EX
[0|tiedosto(a)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua
[30|kansio(ta)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[07.06.2008 20:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15.11.2008 23:51][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[15.11.2008 23:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16.09.2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[08.07.2008|15:54] C:\Program Files\Adobe
[07.10.2008|17:36] C:\Program Files\Alwil Software
[05.02.2008|11:26] C:\Program Files\AMD
[07.06.2008|20:32] C:\Program Files\Apple Software Update
[05.02.2008|11:30] C:\Program Files\ASUS
[05.02.2008|11:41] C:\Program Files\ATI Multimedia
[07.10.2008|17:34] C:\Program Files\avast
[03.03.2008|23:37] C:\Program Files\BAANA TIETOTURVA
[01.08.2008|12:57] C:\Program Files\BitTorrent
[22.02.2008|16:06] C:\Program Files\Canon
[05.02.2008|15:23] C:\Program Files\CCleaner
[02.08.2008|14:56] C:\Program Files\Common Files
[05.02.2008|15:38] C:\Program Files\CONEXANT
[18.05.2008|18:22] C:\Program Files\DC++
[27.10.2008|21:22] C:\Program Files\DNA
[23.07.2008|16:28] C:\Program Files\D-Tools
[16.11.2008|00:08] C:\Program Files\Dz++
[04.10.2008|15:45] C:\Program Files\Google
[23.03.2008|23:25] C:\Program Files\Grisoft
[16.05.2008|17:36] C:\Program Files\InstallShield Installation Information
[14.10.2008|23:22] C:\Program Files\Internet Explorer
[09.10.2008|21:02] C:\Program Files\Java
[02.08.2008|14:57] C:\Program Files\Lavasoft
[09.11.2008|15:00] C:\Program Files\Malwarebytes' Anti-Malware
[04.11.2008|21:34] C:\Program Files\mediaplayer classic
[17.08.2008|22:23] C:\Program Files\Messenger
[21.05.2008|17:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10.02.2008|14:34] C:\Program Files\microsoft frontpage
[10.02.2008|14:34] C:\Program Files\Microsoft Office
[21.10.2008|13:44] C:\Program Files\Microsoft Silverlight
[10.02.2008|14:36] C:\Program Files\Microsoft Visual Studio
[16.05.2008|22:04] C:\Program Files\Movie Maker
[16.05.2008|17:16] C:\Program Files\mozilla
[16.11.2008|00:12] C:\Program Files\Mozilla Firefox
[05.02.2008|15:52] C:\Program Files\MSBuild
[05.02.2008|14:05] C:\Program Files\MSI
[05.02.2008|11:04] C:\Program Files\MSN
[05.02.2008|11:04] C:\Program Files\MSN Gaming Zone
[05.02.2008|16:22] C:\Program Files\MSXML 6.0
[31.07.2008|22:00] C:\Program Files\NCH Software
[31.07.2008|22:01] C:\Program Files\NCH Swift Sound
[16.05.2008|21:59] C:\Program Files\NetMeeting
[21.03.2008|20:21] C:\Program Files\Netscape
[07.06.2008|20:12] C:\Program Files\Norton AntiVirus
[05.02.2008|11:33] C:\Program Files\NVIDIA Corporation
[16.05.2008|21:59] C:\Program Files\Outlook Express
[07.06.2008|20:33] C:\Program Files\QuickTime
[05.02.2008|15:49] C:\Program Files\Reference Assemblies
[14.11.2008|19:09] C:\Program Files\Sunbelt Software
[21.03.2008|20:29] C:\Program Files\Trend Micro
[05.02.2008|11:39] C:\Program Files\Uninstall Information
[01.08.2008|10:29] C:\Program Files\uTorrent
[05.02.2008|17:38] C:\Program Files\Webteh
[22.03.2008|09:59] C:\Program Files\Windows Defender
[05.02.2008|14:49] C:\Program Files\Windows Live
[05.02.2008|11:40] C:\Program Files\Windows Media Components
[05.02.2008|15:47] C:\Program Files\Windows Media Connect 2
[16.05.2008|21:59] C:\Program Files\Windows Media Player
[16.05.2008|21:59] C:\Program Files\Windows NT
[05.02.2008|11:04] C:\Program Files\WindowsUpdate
[09.06.2008|21:19] C:\Program Files\WinRAR
[05.02.2008|11:06] C:\Program Files\xerox
[05.02.2008|18:11] C:\Program Files\XP Codec Pack
[0|tiedosto(a)] C:\Program Files\tavua
[65|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[24.02.2008|14:23] C:\Program Files\Common Files\Adobe
[16.05.2008|17:36] C:\Program Files\Common Files\ATI
[23.07.2008|20:20] C:\Program Files\Common Files\Autodata Limited Shared
[22.02.2008|16:05] C:\Program Files\Common Files\Canon
[05.02.2008|11:38] C:\Program Files\Common Files\CyberLink
[10.02.2008|14:36] C:\Program Files\Common Files\Designer
[05.02.2008|11:30] C:\Program Files\Common Files\InstallShield
[11.06.2008|15:22] C:\Program Files\Common Files\Java
[16.05.2008|17:47] C:\Program Files\Common Files\Microsoft Shared
[05.02.2008|11:05] C:\Program Files\Common Files\MSSoap
[14.11.2008|15:20] C:\Program Files\Common Files\Nero
[05.02.2008|11:00] C:\Program Files\Common Files\ODBC
[16.05.2008|19:10] C:\Program Files\Common Files\Panda Software
[05.02.2008|11:05] C:\Program Files\Common Files\Services
[05.02.2008|11:00] C:\Program Files\Common Files\SpeechEngines
[07.06.2008|20:12] C:\Program Files\Common Files\Symantec Shared
[16.05.2008|21:59] C:\Program Files\Common Files\System
[05.02.2008|14:49] C:\Program Files\Common Files\WindowsLiveInstaller
[02.08.2008|14:56] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 00:28:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 10

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Omistaja\Application Data\uTorrent\Autodata v3.18 2CD's + Crack.torrent

[F:2][D:0]-> C:\DOCUME~1\Omistaja\Cookies
[F:4][D:2]-> C:\DOCUME~1\Omistaja\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - pe 14.11.2008|19:14 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - su 16.11.2008| 0:30 - Option : [3]

--------------------\\ Tarkistus valmistui 0:30:08

Ja tässä tää HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:35:19, on 16.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 9138 bytes

kalminen · Nov 16, 2008

Poista kansio:
C:\Lop SD

-----------------------------------------------

Lataa Atribunen ATF Cleaner

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

----------------------------------------------

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

--------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kaperskyn raportti
*

salaba · Nov 16, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:15, on 16.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 8596 bytes

JA Kaspersky log file

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 16, 2008 13:43:47
Records in database: 1387799
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 48729
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:45:06

No malware has been detected. The scan area is clean.

The selected area was scanned.

kalminen · Nov 17, 2008

Puhdasta on !!!

Nämä Tietokoneen Suojaus ohjeet ovat vain oman kokemuseni mukaan.

Yksi virustutka ja yksi palomuuri.

Javan päivitys:
* http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 10

* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataa: TÄÄLTÄ

Opas: TÄÄLTÄ

* Järjestelmän palautus!
Tyhjennä ja luo uusi järjestelmän palautuspiste säännöllisesti!
Näin vältyt siltä, että palautuspisteisiin ei jää örkkejä.
Kuinka putsaan järjestelmän palautuksen ja luon uuden palautus pisteen? Ohjeet löytyy täältä!

* Pidä ohjelmat päivitettyinä!
Muista pitää kaikki ohjelmat ajantasalla, myös Windows. Vieraile Windowsin päivityskeskuksessa säännöllisesti ja asenna kaikki päivitykset. Windowsin päivityskeskus.

Pusy puhtaana !!!
.

salaba · Nov 17, 2008

KIIIITOSKIA KAIKESTA!!

Kone toimii aivan eriin malliin ku aikaisemmin...

Log in or Sign up

Ponnahdusikkunat...

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

Share This Page

Log in or Sign up

Ponnahdusikkunat...

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

kalminen Regular member

salaba Guest

Share This Page

Useful Searches