troijalaiset hyökkää....voisiko joku auttaa?

trek12 · May 26, 2008

Troijalaiset ovat vallanneet koneen, osaisiko joku auttaa?
Alla HJT-logia

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:47, on 26.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Benefon\Twig PC Tools\TwigPCToolsWatcher.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welho.fi/minunwelhoni/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - d:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - d:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BenefonPCTools] d:\Program Files\Benefon\Twig PC Tools\TwigPCToolsWatcher.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "d:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "d:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] d:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] d:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: TMMonitor.lnk = D:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Locate Spot on Map by GPS - d:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - d:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MSI\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - d:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 8708 bytes

Hujo · May 26, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

trek12 · May 26, 2008

tehty....tommosen lykkäs...

ComboFix 08-05-25.3 - mika 2008-05-26 12:57:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.523 [GMT 3:00]
Running from: C:\Documents and Settings\mika\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-26 to 2008-05-26 )))))))))))))))))
.

2008-05-26 13:06 . 2008-05-26 13:06 3,373,917 --a------ C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-00201102}.BAK
2008-05-26 10:58 . 2008-05-26 10:58 67 --a------ C:\WINDOWS\TFDN_USB.INI
2008-05-26 10:47 . 2003-08-26 14:11 41,996 --a------ C:\WINDOWS\system32\drivers\TfBulk.SYS
2008-05-26 10:20 . 2008-05-26 13:02 16,420 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000F-00001102-00000002-00201102}.rfx
2008-05-26 10:20 . 2008-05-26 13:02 16,420 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000F-00001102-00000002-00201102}.rfx
2008-05-26 10:20 . 2008-05-26 13:02 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000002-00201102}.dat
2008-05-26 10:20 . 2008-05-26 13:02 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000002-00201102}.dat
2008-05-26 09:05 . 2008-05-26 13:06 3,373,917 --a------ C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-00201102}.CDF
2008-05-26 09:03 . 2008-05-26 13:02 24,792 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000F-00001102-00000002-00201102}.rfx
2008-05-26 09:03 . 2008-05-26 13:02 24,792 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000002-00201102}.rfx
2008-05-26 09:02 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-05-26 09:02 . 1998-10-20 16:05 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2008-05-26 09:02 . 1999-01-14 14:04 231 --------- C:\WINDOWS\AC3API.INI
2008-05-26 09:00 . 2001-05-28 13:47 32,768 --a------ C:\WINDOWS\system32\AudioHQU.cpl
2008-05-26 08:59 . 2008-05-26 08:59 <KANSIO> d-------- C:\Program Files\Creative
2008-05-25 13:06 . 2007-04-16 18:53 983,552 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-05-25 13:06 . 2007-12-04 21:41 550,912 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-05-25 13:06 . 2006-05-05 12:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-25 13:06 . 2008-01-10 08:23 257,024 -----c--- C:\WINDOWS\system32\dllcache\infocomm.dll
2008-05-25 13:06 . 2007-12-18 12:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-05-25 13:06 . 2006-05-05 12:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-05-25 13:06 . 2006-11-21 13:24 32,768 -----c--- C:\WINDOWS\system32\dllcache\snmp.exe
2008-05-25 13:05 . 2007-06-26 16:57 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-05-25 13:05 . 2007-01-23 22:31 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-25 11:20 . 2008-05-25 11:20 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-05-25 10:27 . 2006-06-22 08:17 1,438,208 -----c--- C:\WINDOWS\system32\dllcache\query.dll
2008-05-25 10:27 . 2007-06-26 09:09 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-05-25 10:27 . 2007-06-13 16:22 1,033,728 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2008-05-25 10:27 . 2006-12-14 16:45 981,760 -----c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-25 10:27 . 2006-06-22 13:48 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-05-25 10:27 . 2006-10-13 13:23 163,584 -----c--- C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-05-25 10:27 . 2006-10-13 15:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-05-25 10:27 . 2006-06-22 08:17 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll
2008-05-25 10:27 . 2006-10-13 15:37 65,536 -----c--- C:\WINDOWS\system32\dllcache\nwwks.dll
2008-05-25 10:25 . 2008-03-20 11:09 1,845,504 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-25 10:25 . 2007-05-16 18:14 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2008-05-25 10:25 . 2007-08-21 09:17 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-05-25 10:25 . 2007-03-08 18:38 578,048 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-25 10:25 . 2007-05-16 18:14 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2008-05-25 10:25 . 2008-01-10 21:47 369,664 -----c--- C:\WINDOWS\system32\dllcache\asp51.dll
2008-05-25 10:25 . 2007-05-16 18:14 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2008-05-25 10:25 . 2007-05-16 18:14 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2008-05-25 10:25 . 2007-03-08 18:37 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-05-25 10:24 . 2006-08-25 18:49 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-05-25 10:24 . 2007-03-17 16:44 292,864 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll
2008-05-25 10:24 . 2006-06-14 11:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-25 10:24 . 2006-05-19 16:24 110,592 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-05-25 10:24 . 2006-05-19 16:24 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-05-25 10:24 . 2006-06-14 12:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-25 10:24 . 2006-06-14 11:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-25 10:22 . 2008-03-25 07:50 1,516,568 -----c--- C:\WINDOWS\system32\dllcache\msjet40.dll
2008-05-25 10:20 . 2007-07-09 16:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-25 10:05 . 2008-02-20 08:38 148,992 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-25 10:05 . 2006-06-26 20:45 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-05-24 20:06 . 2008-05-24 20:06 <KANSIO> d-------- C:\Documents and Settings\mika\Application Data\Nokia Multimedia Player
2008-05-23 20:45 . 2008-05-23 23:04 <KANSIO> d-------- C:\Documents and Settings\mika\Application Data\PC Suite
2008-05-23 20:45 . 2008-05-23 20:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-23 20:44 . 2008-05-23 20:44 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 20:44 . 2008-05-23 20:44 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-05-23 20:44 . 2008-05-24 20:04 <KANSIO> d-------- C:\Documents and Settings\mika\Application Data\Nokia
2008-05-23 20:31 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-23 20:29 . 2004-09-14 16:11 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-05-23 20:27 . 2008-05-23 20:27 <KANSIO> d-------- C:\WINDOWS\provisioning
2008-05-23 20:23 . 2008-05-23 20:23 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-05-23 20:09 . 2008-05-23 20:28 <KANSIO> d-------- C:\WINDOWS\EHome
2008-05-23 19:36 . 2008-05-23 19:39 592 --a------ C:\WINDOWS\chgkey.vbs
2008-05-16 11:36 . 2008-05-16 11:36 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-16 00:46 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-16 00:46 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-16 00:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-16 00:46 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-15 20:14 . 2008-05-15 20:14 <KANSIO> d-------- C:\Documents and Settings\janne\Application Data\PCToolsFirewallPlus
2008-05-15 20:14 . 2008-05-15 20:15 <KANSIO> d-------- C:\Documents and Settings\janne\Application Data\ArcSoft
2008-05-15 20:13 . 2003-11-21 11:35 <KANSIO> d--h----- C:\Documents and Settings\janne\Verkkoymp„rist”
2008-05-15 20:13 . 2003-11-21 11:35 <KANSIO> d-------- C:\Documents and Settings\janne\Ty”p”yt„
2008-05-15 20:13 . 2003-11-21 11:35 <KANSIO> d--h----- C:\Documents and Settings\janne\Tulostinymp„rist”
2008-05-15 20:13 . 2008-05-15 20:14 <KANSIO> dr------- C:\Documents and Settings\janne\Suosikit
2008-05-15 20:13 . 2008-05-15 20:14 <KANSIO> dr------- C:\Documents and Settings\janne\Omat tiedostot
2008-05-15 20:13 . 2003-11-21 11:41 <KANSIO> d--h----- C:\Documents and Settings\janne\Mallit
2008-05-15 20:13 . 2003-11-21 11:35 <KANSIO> dr------- C:\Documents and Settings\janne\K„ynnist„-valikko
2008-05-15 20:13 . 2008-05-15 20:14 <KANSIO> d-------- C:\Documents and Settings\janne
2008-05-15 09:18 . 2001-07-22 02:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2
2008-05-15 09:18 . 2001-10-05 16:31 51,200 --a--c--- C:\WINDOWS\system32\dllcache\sfman32.dll
2008-05-15 09:18 . 2001-08-17 14:35 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2008-05-14 17:25 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-14 16:57 . 2008-05-14 16:57 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-14 16:57 . 2008-05-14 16:57 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-05 11:06 . 2006-09-28 11:47 283,776 --a------ C:\WINDOWS\system32\drivers\AF15BDA.sys
2008-04-28 00:11 . 2008-04-28 00:11 8,590 --a------ C:\scenery.cfg

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 10:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 09:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-26 09:10 --------- d-----w C:\Program Files\Net Vampire
2008-05-26 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 06:25 --------- d-----w C:\Program Files\Canon
2008-04-27 20:59 --------- d-----w C:\Program Files\D-Link
2008-04-24 16:00 --------- d-----w C:\Program Files\Google
2008-04-22 17:31 --------- d-----w C:\Program Files\ThreatFire
2008-04-18 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 15:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-11 15:36 --------- d-----w C:\Program Files\DIFX
2008-04-11 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-30 10:29 1,024 -c--a-w C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
2007-04-18 20:11 25,152 -c--a-w C:\Documents and Settings\mika\Application Data\GDIPFONTCACHEV1.DAT
2007-01-26 21:04 42,496 -csha-w C:\Program Files\Thumbs.db
2005-09-19 17:43 61 -csh--w C:\WINDOWS\cnerolf.dat
2006-09-08 18:29 56 -csh--r C:\WINDOWS\system32\539EE85E5B.sys
2007-11-28 07:09 3,714 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-15 02:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\SoftwareDistribution\Download\83d925adf4843bb70ca8fb6fff0e163b\ctfmon.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-21 19:56 77824]
"StarUpdater"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-17 00:58 180269]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 03:46 196608]
"Cmaudio"="cmicnfg.cpl" []
"BenefonPCTools"="d:\Program Files\Benefon\Twig PC Tools\TwigPCToolsWatcher.exe" [2006-06-09 18:11 192512]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-09-14 12:51 2162688]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52 849280]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 13:26 86016]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-02-15 11:20 1152320]
"00PCTFW"="d:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 10:16 2594712]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="d:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 04:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax
"midi1"= ctsyn32.dll
"MSACM.g721adpcm"= g721ad32.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-02-15 11:20]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-02-15 11:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 CTSYN;Creative S/W Synth;C:\WINDOWS\system32\drivers\CTSYN.SYS [1998-08-28 04:00]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-04 15:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 15:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 15:13]
R2 NIOC;NIOC Service;C:\WINDOWS\System32\NIOC.SYS [2002-09-27 19:21]
R2 WZCBDLService;WZCBDL Service;C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 13:15]
R3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 11:47]
R3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\DUBE100B.sys [2006-05-26 06:50]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-08-16 21:21]
R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-08-16 21:21]
S2 PosUsb;USB Point-of-Sale Driver;C:\WINDOWS\system32\DRIVERS\BenefonUSB.sys [2006-06-29 18:19]
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MSI\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 13:45]
S3 NuVision;Hauppauge WinTV USB Pro (PAL B/G FM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-04-30 22:59]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 23:02]
S3 TFBULK;Topfield USB client driver;C:\WINDOWS\system32\drivers\TfBulk.sys [2003-08-26 14:11]
S3 TfNetMon;TfNetMon;C:\WINDOWS\System32\drivers\TfNetMon.sys [2008-02-15 11:21]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2007-02-26 18:49:46 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 13:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-00201102}.BAK 3373917 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\PC Tools Firewall Plus\FWService.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-05-26 13:11:00 - machine was rebooted [mika]
ComboFix-quarantined-files.txt 2008-05-26 10:10:47

Pre-Run: 143,241,216 tavua vapaana
Post-Run: 130,928,640 tavua vapaana

244 --- E O F --- 2008-05-26 08:24:26

Hujo · May 26, 2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

trek12 · May 26, 2008

Tässäpä tulokset malwaremikälieohjelmalta....

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 788

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 175763
Kulunut aika: 1 hour(s), 38 minute(s), 57 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Hujo · May 26, 2008

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

trek12 · May 26, 2008

tämmönen tuli siitä......

SDFix: Version 1.185
Run by J„rjestelm„nvalvoja on ma 26.05.2008 at 18:02

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 18:09:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 8 Sep 2006 56 ..SHR --- "C:\WINDOWS\system32\539EE85E5B.sys"
Wed 28 Nov 2007 3,714 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

Hujo · May 26, 2008

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

trek12 · May 26, 2008

Johan kesti mutta tämmösiä löytyi??

File C:\WINDOWS\system32\EA¬ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Common Files\Real\Toolbar\RealBar.dll tagged as not-a-virus:AdWare.Win32.MegaSearch.s. No Action Taken.
File C:\System Volume Information\_restore{944FF9E8-082D-4BE5-843D-BD81E7ED0343}\RP931\A0552550.exe tagged as not-a-virusSWTool.Win32.RAS.a. No Action Taken.
File C:\System Volume Information\_restore{944FF9E8-082D-4BE5-843D-BD81E7ED0343}\RP931\A0552551.exe tagged as not-a-virusSWTool.Win32.RAS.a. No Action Taken.

Hujo · May 26, 2008

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

trek12 · May 26, 2008

Tehty. Mitäs sitten? vai oliko jo tässä??

Hujo · May 26, 2008

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

trek12 · May 27, 2008

Sekin on tehty....ohessa logi.

Scanning Report
Tuesday, May 27, 2008 00:42:51 - 07:45:05

Computer name: MIKA-ZZYP85N4XB
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\
Result: 0 malware found
Statistics
Scanned:

* Files: 311529
* System: 4382
* Not scanned: 466

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* ت��g�SUIPC_REG.BIN C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_134.DAT
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F8.DAT
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_84.DAT
* C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\LOGFILES\W3SVC1\EX080409.LOG
* C:\WINDOWS\SYSTEM32\LOGFILES\W3SVC1\EX080430.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\Ad-Aware SE Default.skn
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\arrow1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\arrow2.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bck1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt11.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt12.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt13.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt21.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt22.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt23.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt31.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt32.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt33.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt41.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt42.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt43.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt51.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt52.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 19\AdAware_SE_default.ask\bt53.bmp n�.aت��v�se/wide/default.datC:\Documents and Settings\mika\Application Data\bang\rsrc\avatars\frontier_town\male\components.jar\male/nose/wide/default_shadow.pngC:\Documents and Settings\mika\Application Data\bang\rsrc\avatars\frontier_town\male\components.jar\male/nose/wide/default_shadow.datC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\J�RJESTELM�NVALVOJA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O6FA6NXT.DEFAULT\CACHE\_CACHE_002_C:\DOCUMENTS AND SETTINGS\J�RJESTELM�NVALVOJA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O6FA6NXT.DEFAULT\CACHE\_CACHE_003_D:\PAGEFILE.SYSD:\PROGRAM FILES\SEAGRAND\PIXIA\PHIST.DATD:\Program Files\nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img\root.imgD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.sknD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmpD:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmpD:\NEROIMAGE\IMAGE.NRGE:\PAGEFILE.SYSE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\1.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\10.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\11.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\12.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\13.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\14.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\15.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\16.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\2.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\3.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\4.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\5.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\6.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\7.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\8.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\9.R8E:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\E-2_FS6.7AFE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\E-3CUSAF.9AFE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\HARRIER.5AFE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\HARRIER.9AFE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\WAIKATO CARRIER 2004\TEXTURE\SH-3USN.5AFE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\SCENERY\EFKA_1_0\TEXTURE\FENCE_2.PATE:\PROGRAM FILES\MICROSOFT GAMES\FLIGHT SIMULATOR 9\ADDON SCENERY\JULIANA\TEXTURE\GASPUMP1.R8

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-05-26
* F-Secure AVP: 7.0.171, 2008-05-26
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Hujo · May 27, 2008

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Virheet.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

trek12 · May 27, 2008

Toimenpiteet suoritettu. Entäpä sitten.

Hujo · May 27, 2008

Mites kone henkii

scannaas vielä uusi hjt:n loki

trek12 · May 27, 2008

Hyvin se nyt putputtaa. Tuntuu olevan nyt nopeampikin kun turhia tiedostoja on poistettu ym.
Puuhevoset lienee häädetty kun ei enää tule hälytyksiä niistä.
Kiitoksia avusta. Enpä olisi itse osannut.
Alla vielä se hjt....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:50, on 27.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Benefon\Twig PC Tools\TwigPCToolsWatcher.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.welho.fi/minunwelhoni/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - d:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - d:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BenefonPCTools] d:\Program Files\Benefon\Twig PC Tools\TwigPCToolsWatcher.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "d:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "d:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] d:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] d:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: TMMonitor.lnk = D:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://d:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Locate Spot on Map by GPS - d:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - d:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MSI\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - d:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 8987 bytes

Hujo · May 27, 2008

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

qttask
realsched
SSBkgdupdate
nwiz
Reader_sl
PCSync2

käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

trek12 · May 27, 2008

Tehty. Hyvin pelittää edelleen.

Log in or Sign up

troijalaiset hyökkää....voisiko joku auttaa?

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Share This Page

Log in or Sign up

troijalaiset hyökkää....voisiko joku auttaa?

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Hujo Guest

trek12 Member

Share This Page

Useful Searches