Trojan.Win32.BHO.bd virus+hjt logi+kaspersky logi

Trojan.Win32.BHO.bd virus ja hjt logi perää tulee laajakaista yhdeyten myötä koneeseen uudestaan.

Logfile of HijackThis v1.99.1
Scan saved at 21:29:16, on 20.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
C:\Program Files\PC Protection\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Protection\Common\FSMB32.EXE
C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Protection\Common\FAMEH32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection\FSPC\fspc.exe
C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\pasi\tietosdot\miRC\ohjelma\mIRC\mirc.exe
C:\pasi\pelit\Steam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Protection\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure PC Protection Plus.lnk = C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156399155328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure PC Protection Plus (BackWeb Plug-in - 4384293) - BackWeb Technologies Inc. - C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Protection\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

 

aamulla tein tuon jäi vaa 2% tarkistamatta kiire lukiolle.
Oli näköjää saastunu,-Tarvitseeko tehhä uudestaa tarkistusta?

Täs logi:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 21, 2007 7:40:36 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/08/2007
Kaspersky Anti-Virus database records: 386297


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 97707
Number of viruses found 5
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:57:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pasi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pasi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pasi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pasi\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pasi\Local Settings\Temp\KEIJGWNL.0LL Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Pasi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pasi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Pasi\ntuser.dat.LOG Object is locked skipped

C:\pasi\tietosdot\miRC\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\pasi\tietosdot\miRC\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\pasi\tietosdot\miRC\mirc621.exe NSIS: infected - 2 skipped

C:\pasi\tietosdot\miRC\ohjelma\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\Program Files\PC Protection\Anti-Virus\dbupdate.log Object is locked skipped

C:\Program Files\PC Protection\Anti-Virus\Qrt.log Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\cache.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\fsbwupst.log Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\L0000009.FCS Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\PC Protection\backweb\4384293\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\PC Protection\Common\admin.pub Object is locked skipped

C:\Program Files\PC Protection\Common\policy.bpf Object is locked skipped

C:\Program Files\PC Protection\Common\policy.ipf Object is locked skipped

C:\Program Files\PC Protection\Spam Control\log\fs_sa_log.txt Object is locked skipped

C:\System Volume Information\_restore{A73C9C14-7D39-4071-8025-5D792D76F074}\RP136\A0105246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{A73C9C14-7D39-4071-8025-5D792D76F074}\RP136\A0105247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{A73C9C14-7D39-4071-8025-5D792D76F074}\RP136\A0105248.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

Scan was interrupted by user!

 

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===============

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

 

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 19:28:18 22.8.2007

Listing files found while scanning....

C:\windows\system32\fcqqovrd.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcqqovrd.dll
C:\windows\system32\fcqqovrd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 19:38:04 22.8.2007

Listing files found while scanning....

No infected files were found.

ja hjt-logi

Logfile of HijackThis v1.99.1
Scan saved at 19:44:23, on 22.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection\Common\FSMA32.EXE
C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Protection\Common\FSMB32.EXE
C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Protection\Common\FCH32.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Protection\Common\FAMEH32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection\FSPC\fspc.exe
C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Protection\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure PC Protection Plus.lnk = C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156399155328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure PC Protection Plus (BackWeb Plug-in - 4384293) - BackWeb Technologies Inc. - C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Protection\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

VundoFix V6.5.0 vanha versio poista ja ota uusi

 

entäs nää tos hjt logis ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
ja täs o vundofix 6.5.0 logi

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 19:28:18 22.8.2007

Listing files found while scanning....

C:\windows\system32\fcqqovrd.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcqqovrd.dll
C:\windows\system32\fcqqovrd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 19:38:04 22.8.2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 20:16:48 22.8.2007

Listing files found while scanning....

No infected files were found.

 

http://www.atribune.org/ccount/click.php?id=4
tuosta linkistä se uusi

 

sry linkki ei toimi mulla (ei vastaa) jumii netti sitte ku yrittää aukasta..

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

nonni täs o combofixin logi

ComboFix 07-08-17.2 - "Pasi" 2007-08-23 6:28:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.113 [GMT 3:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 06:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 06:32 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-21 06:32 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-31 09:24 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
2007-07-27 12:41 <KANSIO> d-------- C:\Downloads


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 12:41 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-26 13:33 --------- d-------- C:\DOCUME~1\Pasi\APPLIC~1\Xfire
2007-07-19 09:55 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 02:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-29 20:29 --------- d-------- C:\DOCUME~1\Pasi\APPLIC~1\ATI
2007-06-29 20:26 --------- d-------- C:\Program Files\ATI Technologies
2007-06-29 20:25 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-29 11:58 --------- d-------- C:\Program Files\Trust HS-6200 Surround USB Headset
2007-06-27 17:06 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 17:06 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 17:06 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 17:06 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 17:06 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 17:06 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 17:05 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 17:05 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 17:05 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 17:05 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 17:05 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 17:05 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 17:05 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 17:05 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 17:04 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 17:04 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 17:04 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 17:04 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 17:04 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 17:04 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 11:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 11:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 11:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:00 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-26 09:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 09:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 16:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 16:32 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 22:25 339968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 22:24 268288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 22:24 2155520 --a------ C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-06-13 22:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 22:17 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 22:17 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 22:17 139264 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 22:17 118784 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 22:16 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 22:15 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 22:14 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 22:10 8097792 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-06-13 22:07 2922208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-06-13 21:57 1512960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 21:46 5431296 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-06-13 21:43 262144 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-06-13 21:42 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-06-13 21:41 50176 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 21:36 368640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-13 16:10 1033728 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 16:10 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 14:29 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 C:\WINDOWS\system32\VTTrayp.exe]
"F-Secure Manager"="C:\Program Files\PC Protection\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\PC Protection\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\PC Protection\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\PC Protection\FSGUI\ispnews.exe" [2005-05-31 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-24 09:16]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"CmUsbSound"="cmcnfgu.cpl" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]
"Steam"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
F-Secure PC Protection Plus.lnk - C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe [2006-08-24 08:46:22]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R2 BackWeb Plug-in - 4384293;F-Secure PC Protection Plus;C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\PC Protection\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86698a26-f0ce-11da-b434-003005b2b4c7}]
AutoRun\command- D:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-23 03:22:11 C:\WINDOWS\Tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 06:31:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 6:33:21

--- E O F ---

 

laitas hjt loki

 

Logfile of HijackThis v1.99.1
Scan saved at 6:43:01, on 23.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
C:\Program Files\PC Protection\Common\FSMA32.EXE
C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Protection\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Protection\Common\FAMEH32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection\FSPC\fspc.exe
C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\PC Protection\FSGUI\ispnews.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Protection\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure PC Protection Plus.lnk = C:\Program Files\PC Protection\backweb\4384293\Program\fspex.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156399155328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{12A9DDC9-28CA-4AD0-AE73-A031BB026751}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure PC Protection Plus (BackWeb Plug-in - 4384293) - BackWeb Technologies Inc. - C:\PROGRA~1\PCPROT~1\backweb\4384293\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Protection\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

tos pomppas joku ikkuna jossa luki internet explorerista että haluatko pää selaimeksi

 

juu jos ei muuta selainta käytössä.

eipä osu lokista erikoista silmään

 

nys siinä on kaksi kuvaketta internet explorerista alkuperäne on pikakuvake mutta nyt siinä on myös alkuperäne ja se asetukset oli päästä kaikki läpi :/ kumma poistan pikakuvakkeen vai sen uuven mikä on siihe tullu ?

 

niin tuo on vaikee arvata minkä olis hyvä poistaa mutta sammuta ja käynnistä kato tuleeko vain yksi.

ie 7 kuvake on missä on keltanen raita ylitse
vanha kuvake on sininen e pelkästään

 

kumpiki on 7.0 ei auttanu vaikka käynnistin uuvestaa no ehk vois poistaa ton pikakuvakkeen kummastaki menee nettii kone on vissii melkosen puhas ?


Ja Kiitos!! avusta huomaan että olet kiireinen thx quitM0