Troijalaiset häiritsevät, apuja?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Villeme, Feb 10, 2008.

  1. Villeme

    Villeme Guest

    Löytyykö lokista ihmeempiä?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:05:16, on 4.2.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
    C:\Program Files\Norman\Npm\Bin\Zlh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080109
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\pmnmj.dll,#1
    O4 - HKCU\..\Run: [DDC] C:\Users\Yhteinen\AppData\Local\Temp\kqmogiim.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\byxwx.dll,c
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Yhteinen\AppData\Local\Temp\mltvaewp.dll",run
    O4 - HKCU\..\Run: [70d36b72] rundll32.exe "C:\Users\Yhteinen\AppData\Local\Temp\sntpohee.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 11759 bytes




    Kun koneen aukaisee niin aukeaa uusi ikkuna jossa lukee:
    Virhe: Users/Yhteinen/Appdata/Local/Temp/mltvaewp.dll
    Puuttuva määrite:run


    Virhe: Users/Yhteinen/Appdata/Local/Temp/bsdeuvej.dll
    Puuttuva määrite:run

    Kone on varoittanut varmaan jo 7 troijalaisesta ja kaikki on poistettu Avast! Antiviruksella. Intenet aukoo vähän väliä uusia välilehtiä, joista löytyy kaikenlaista mainosta. Kone toimii muuten ihan tavallisesti, mutta troijalaisia löytyy ja se internetti tekee omiaan. Suojauksena on Avast! Antivirus ja Norman.

    Mitä teen?
     
    Villeme, Feb 10, 2008
    #1
  2. J77

    J77 Regular member

    Joined:
    Mar 3, 2006
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    26
    J77, Feb 10, 2008
    #2
  3. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

    =============

    1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Last edited by a moderator: Feb 10, 2008
    Hujo, Feb 10, 2008
    #3
  4. Villeme

    Villeme Guest

    No niin. SDFixiä latasin ja purin, mutta kone ei suostunut aukaisemaan RunThis.batia. Combofixerin tein ja tässä sen loki:

    ComboFix 08-02-11.2 - Yhteinen 2008-02-11 15:50:23.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.800 [GMT 2:00]
    Running from: C:\Users\Yhteinen\Desktop\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Windows\system32\launcher.exe

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-11 to 2008-02-11 )))))))))))))))))
    .

    2008-02-05 20:31 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-02-05 20:31 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-02-05 20:30 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-02-05 20:29 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
    2008-02-05 20:29 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-02-05 20:29 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-02-04 15:04 . 2008-02-04 15:04 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-02-02 15:08 . 2008-02-02 15:08 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-02 14:38 . 2008-02-02 14:39 <KANSIO> d-------- C:\Program Files\AQ2
    2008-02-01 15:03 . 2008-02-01 15:03 <KANSIO> d-------- C:\Windows\DA15D5355E1D4076B5208571346D6238.TMP
    2008-02-01 15:03 . 2008-02-01 15:44 <KANSIO> d-------- C:\Windows\48B8222675E34E9092CCD30F79EA6380.TMP
    2008-02-01 14:08 . 2008-02-01 14:10 <KANSIO> d-------- C:\BMW M3 Challenge
    2008-02-01 13:37 . 2008-02-01 13:37 <KANSIO> d-------- C:\Program Files\SCi Games
    2008-01-30 17:18 . 2008-01-30 17:18 398 --a------ C:\Windows\ODBC.INI
    2008-01-30 17:15 . 2008-01-30 17:15 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\Microsoft Web Folders
    2008-01-28 17:26 . 2008-02-07 14:38 <KANSIO> d-------- C:\Program Files\WarRock
    2008-01-28 15:17 . 2007-09-06 09:45 19,000 --a------ C:\Windows\System32\drivers\nvcv32mf.sys
    2008-01-25 15:18 . 2008-01-25 15:19 161,347,597 --a------ C:\Windows\MEMORY.DMP
    2008-01-24 21:26 . 2008-01-24 21:32 <KANSIO> d-------- C:\Program Files\AdVantage
    2008-01-24 15:16 . 2008-01-24 15:17 <KANSIO> d-------- C:\Program Files\Project64 1.6
    2008-01-21 15:43 . 2008-01-26 01:17 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\fretsonfire
    2008-01-14 16:05 . 2008-01-14 16:05 <KANSIO> d-------- C:\Users\All Users\Trymedia
    2008-01-14 16:05 . 2008-01-14 16:05 <KANSIO> d-------- C:\ProgramData\Trymedia
    2008-01-13 19:52 . 2008-01-13 19:57 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\GanymedeNet

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-11 13:53 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\BitTorrent DNA
    2008-02-11 13:30 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-11 13:30 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-11 13:23 --------- d-----w C:\Program Files\Norman
    2008-02-07 19:57 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\uTorrent
    2008-02-04 17:00 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Xfire
    2008-02-04 16:54 --------- d-s---w C:\Program Files\Xfire
    2008-02-02 08:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-01 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-01 13:44 --------- d-----w C:\Program Files\Norton Security Scan
    2008-01-31 12:07 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\MP3Rocket
    2008-01-25 14:44 --------- d-----w C:\Program Files\Rockstar Games
    2008-01-21 13:43 --------- d-----w C:\Program Files\Frets on Fire
    2008-01-14 14:22 --------- d-----w C:\Program Files\Ski Jump International
    2008-01-10 15:34 --------- d-----w C:\Program Files\Deadhunt Demo
    2008-01-10 12:15 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 12:15 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 12:09 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-01-10 12:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-01-10 12:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-01-10 12:09 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-01-10 12:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-01-10 12:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-10 12:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-01-10 12:07 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-10 12:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-10 12:07 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-10 12:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-01-10 12:07 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-10 12:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-10 12:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-01-10 12:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-01-10 12:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-01-10 12:07 1,686,016 ----a-w C:\Windows\System32\gameux.dll
    2008-01-10 12:07 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-10 12:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 17:03 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
    2008-01-08 18:25 --------- d-----w C:\Program Files\AvexLab
    2008-01-07 13:14 --------- d-----w C:\Program Files\Gamescampus
    2008-01-03 14:12 --------- d-----w C:\ProgramData\Nokia
    2008-01-03 12:45 --------- d-----w C:\Program Files\Nokia
    2008-01-03 12:45 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-01-03 12:44 --------- d-----w C:\ProgramData\Installations
    2007-12-27 18:40 --------- d-----w C:\ProgramData\Apple Computer
    2007-12-27 18:40 --------- d-----w C:\Program Files\QuickTime
    2007-12-27 18:39 --------- d-----w C:\ProgramData\Apple
    2007-12-27 18:39 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-27 10:07 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Datalayer
    2007-12-17 18:34 --------- d-----w C:\Program Files\PhotoFiltre
    2007-12-14 19:32 --------- d-----w C:\Program Files\DivX
    2007-12-14 13:01 --------- d-----w C:\ProgramData\Symantec
    2007-12-13 14:00 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Winamp
    2007-12-13 13:58 --------- d-----w C:\Program Files\Winamp
    2007-12-13 12:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-13 12:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-13 12:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-13 12:16 824,832 ----a-w C:\Windows\System32\wininet.dll
    2007-12-13 12:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-13 12:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-13 12:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-13 12:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2007-12-13 12:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2007-12-13 12:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2007-12-13 12:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2007-12-13 12:13 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-13 12:13 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-11 22:34 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2007-12-11 22:34 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2007-11-20 10:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-11-14 20:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-14 20:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-14 20:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-14 20:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-14 20:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-14 20:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-14 20:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-14 20:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-14 20:04 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-14 20:04 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-14 20:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2007-11-14 20:03 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2007-09-20 04:34 174 --sha-w C:\Program Files\desktop.ini
    2007-09-13 15:00 344 ----a-w C:\Users\Yhteinen\AppData\Roaming\wklnhst.dat
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 14:06 1232896]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
    "fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-01-29 09:18 357904]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-26 18:15 149040]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 13:08 860160]
    "BitTorrent DNA"="C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe" [2007-09-19 08:13 284992]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-24 15:02 171448]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 18:17 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 19:46 153136]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 10:31 819712]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29 176128]
    "Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-09-03 12:29 197880]
    "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
    "soneraVista"="wscript.exe" [2006-11-02 11:46 135168 C:\Windows\System32\wscript.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
    MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-07-27 18:28:30 119528]

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
    R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 08:55]
    R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-07-18 14:26]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 19:52]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 11:55]
    R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-09-06 09:45]
    R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
    R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 07:11]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 16:09]
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 23:28]
    S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
    S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 14:25]
    S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 14:25]
    S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 14:25]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57} /qb
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-11 15:54:25
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-11 15:55:51
    ComboFix-quarantined-files.txt 2008-02-11 13:55:45
    .
    2008-02-08 11:46:16 --- E O F ---





     
    Villeme, Feb 11, 2008
    #4
  5. Hujo

    Hujo Guest

    entäs tuo SDFix. raportti hjt:n lokin kera
     
    Hujo, Feb 11, 2008
    #5
  6. Villeme

    Villeme Guest

    SDFixiä en saanut toimimaan.
     
    Villeme, Feb 11, 2008
    #6
  7. Hujo

    Hujo Guest

    Juu eipä se vistassa vatkaa

    lataa startuplite

    tallena tiedosto työpöydälle. Tuplalikkaa StartUpLitenn.exe:ä
    sitten voi valita mitä jätät käynnistyviin ja paina sitten continue.

    ================

    Lataa: RegSeeker.zip työpöydälle:

    Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
    Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
    Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
    Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
    Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
    klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
    Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
    Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
    Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
    Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.
     
    Hujo, Feb 11, 2008
    #7
  8. Villeme

    Villeme Guest

    Nyt toimii kone moitteettomasti, kiitoksii sulle. Tässä vielä HJT loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:05:16, on 4.2.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
    C:\Program Files\Norman\Npm\Bin\Zlh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080109
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\pmnmj.dll,#1
    O4 - HKCU\..\Run: [DDC] C:\Users\Yhteinen\AppData\Local\Temp\kqmogiim.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\byxwx.dll,c
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Yhteinen\AppData\Local\Temp\mltvaewp.dll",run
    O4 - HKCU\..\Run: [70d36b72] rundll32.exe "C:\Users\Yhteinen\AppData\Local\Temp\sntpohee.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 11759 bytes
     
    Villeme, Feb 11, 2008
    #8
  9. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
     
    Hujo, Feb 11, 2008
    #9

Share This Page