Virus?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:18, on 9.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DNA Nettiturva\Common\FSM32.EXE
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DNA Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\DNA Nettiturva\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\DNA Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\DNA Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Anti itch] "C:\ProgramData\Send mess mess.9kumqdb"
O4 - HKCU\..\Run: [Start hide inside slow] "C:\ProgramData\funk pure meow.2kdyz4"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11271 bytes


IE availee itseään jatkuvasti

 

Olet sitten keräillyt vähän enemmänkin örkkejä HI

----------------------------------------------------------------

Toimenpiteet Vistassa (7) suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

**************************************************


Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Dealio Toolbar

Ask Toolbar

---------------------------------------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.


----------------------------------------------------------------------------------

Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
(HJT sammuttaa ohjelman ei poista)
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä sammuta ne.(fix Chekked)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Poista kansio/t, jos löytyy:
C:\Program Files\Dealio Toolbar\
C:\Program Files\Ask.com\

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt raportti
*
* Poistetaan tuo LOP virus viimeisenä
*

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:52, on 9.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DNA Nettiturva\Common\FSM32.EXE
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DNA Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\DNA Nettiturva\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\DNA Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\DNA Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Anti itch] "C:\ProgramData\Send mess mess.9kumqdb"
O4 - HKCU\..\Run: [Start hide inside slow] "C:\ProgramData\funk pure meow.2kdyz4"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11280 bytes




Malwarebytes' Anti-Malware 1.41
Tietokantaversio: 3133
Windows 6.0.6002 Service Pack 2

9.11.2009 19:43:20
mbam-log-2009-11-09 (19-43-20).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 288222
Kulunut aika: 2 hour(s), 19 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


Tässä lokit.

 

Poista nuo vanhat HJT logit koneeltasi
ja lähetä Uusi HJT logi.
.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:52, on 9.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DNA Nettiturva\Common\FSM32.EXE
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DNA Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\DNA Nettiturva\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\DNA Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\DNA Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Anti itch] "C:\ProgramData\Send mess mess.9kumqdb"
O4 - HKCU\..\Run: [Start hide inside slow] "C:\ProgramData\funk pure meow.2kdyz4"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11280 bytes

 

En minä tällä vanhalla HJT logilla tee mitään titta på

Scan saved at 15:11:52, on 9.11.2009

.

 

hupsistakeikkaa... tosiaan, olinpas höperö. heh heh


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:36, on 10.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DNA Nettiturva\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA Nettiturva\FSGUI\fsguidll.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\DNA Nettiturva\FSGUI\scanwizard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\DNA Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\DNA Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Anti itch] "C:\ProgramData\Send mess mess.9kumqdb"
O4 - HKCU\..\Run: [Start hide inside slow] "C:\ProgramData\funk pure meow.2kdyz4"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9849 bytes

 

Nyt näyttää paremmalta !!!

Sitten LOPin kimppuun.

On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen

Lataa Lop S&D TÄÄLTÄ

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

.

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 550 @ 2.00GHz )
BIOS : KBC Version 12.00
USER : Tiitun läppäri ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:140 Go (Free:87 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( ke 11.11.2009|15:09 )

[ UAC => 1 ]

--------------------\\ Listaa hakemistoja sijainnissa Local

[08.11.2009|20:02] C:\Users\TIITUN~1\AppData\Local\Adobe
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Application Data
[01.08.2009|11:14] C:\Users\TIITUN~1\AppData\Local\Apps
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\AtStart.txt
[10.11.2009|23:24] C:\Users\TIITUN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01.08.2009|11:14] C:\Users\TIITUN~1\AppData\Local\Deployment
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\DSwitch.txt
[08.11.2009|20:02] C:\Users\TIITUN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[10.11.2009|23:50] C:\Users\TIITUN~1\AppData\Local\IconCache.db
[04.07.2009|13:12] C:\Users\TIITUN~1\AppData\Local\IsolatedStorage
[11.11.2009|14:16] C:\Users\TIITUN~1\AppData\Local\Last.fm
[27.10.2009|22:12] C:\Users\TIITUN~1\AppData\Local\Microsoft
[24.09.2009|23:08] C:\Users\TIITUN~1\AppData\Local\Microsoft Games
[23.05.2009|18:31] C:\Users\TIITUN~1\AppData\Local\Microsoft Help
[31.10.2009|15:08] C:\Users\TIITUN~1\AppData\Local\Mozilla
[01.06.2009|11:28] C:\Users\TIITUN~1\AppData\Local\Nikon
[15.08.2009|17:54] C:\Users\TIITUN~1\AppData\Local\Nokia
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\QSwitch.txt
[18.08.2009|18:53] C:\Users\TIITUN~1\AppData\Local\rx_image32.Cache
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Sivuhistoria
[15.10.2009|15:23] C:\Users\TIITUN~1\AppData\Local\Spotify
[11.11.2009|15:08] C:\Users\TIITUN~1\AppData\Local\Temp
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Temporary Internet Files
[23.05.2009|18:38] C:\Users\TIITUN~1\AppData\Local\WindowsUpdate
[23.05.2009|13:55] C:\Users\TIITUN~1\AppData\Local\VirtualStore
[7|tiedosto(a)] C:\Users\TIITUN~1\AppData\Local\tavua
[20|kansio(ta)] C:\Users\TIITUN~1\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\windows\Tasks

[11.11.2009 13:08][--ah-----] C:\windows\tasks\SA.DAT
[10.11.2009 23:51][--a------] C:\windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[09.11.2009|14:15] C:\ProgramData\Adobe
[02.11.2006|14:59] C:\ProgramData\Application Data
[02.11.2006|14:59] C:\ProgramData\Desktop
[02.11.2006|14:59] C:\ProgramData\Documents
[01.06.2009|11:28] C:\ProgramData\EnterNHelp
[02.11.2006|14:59] C:\ProgramData\Favorites
[08.11.2009|20:01] C:\ProgramData\FLEXnet
[23.05.2009|17:43] C:\ProgramData\f-secure
[23.05.2009|17:41] C:\ProgramData\fssg
[07.11.2009|22:10] C:\ProgramData\funk pure meow.2kdyz4
[23.05.2009|13:52] C:\ProgramData\Hewlett-Packard
[01.06.2009|11:28] C:\ProgramData\Jazz
[23.05.2009|13:39] C:\ProgramData\K„ynnist„-valikko
[01.06.2009|11:28] C:\ProgramData\LaserPrinter
[08.11.2009|20:38] C:\ProgramData\Last.fm
[02.10.2009|18:32] C:\ProgramData\LogiShrd
[23.05.2009|13:39] C:\ProgramData\Mallit
[09.11.2009|17:20] C:\ProgramData\Malwarebytes
[23.05.2009|14:37] C:\ProgramData\McAfee
[20.10.2009|15:49] C:\ProgramData\Messenger Plus!
[03.10.2009|13:15] C:\ProgramData\Microsoft
[15.10.2009|14:23] C:\ProgramData\Microsoft Help
[04.07.2009|13:04] C:\ProgramData\NokiaMusic
[09.10.2009|13:16] C:\ProgramData\Office Genuine Advantage
[11.07.2009|13:56] C:\ProgramData\PC Suite
[13.10.2009|13:24] C:\ProgramData\PKP_DLbx.DAT
[01.06.2009|11:28] C:\ProgramData\PKP_DLck.DAT
[21.11.2008|15:33] C:\ProgramData\Roxio
[07.11.2009|22:10] C:\ProgramData\Send mess mess.64pziv
[07.11.2009|22:10] C:\ProgramData\Send mess mess.9kumqdb
[07.11.2009|22:10] C:\ProgramData\Shim pile start hide
[23.05.2009|17:40] C:\ProgramData\SiteAdvisor
[18.08.2009|18:53] C:\ProgramData\Sonic
[02.11.2006|14:59] C:\ProgramData\Start Menu
[01.06.2009|11:28] C:\ProgramData\Strings
[23.05.2009|13:39] C:\ProgramData\Suosikit
[01.06.2009|11:28] C:\ProgramData\Super Strings
[02.11.2006|14:59] C:\ProgramData\Templates
[23.05.2009|13:39] C:\ProgramData\Tiedostot
[07.11.2009|22:10] C:\ProgramData\TrayTwoCoal
[23.05.2009|13:39] C:\ProgramData\Ty”p”yt„
[01.06.2009|11:28] C:\ProgramData\Ultima_T15
[21.11.2008|15:34] C:\ProgramData\Uninstall
[7|tiedosto(a)] C:\ProgramData\tavua
[38|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[09.11.2009|14:15] C:\Program Files\Adobe
[08.11.2009|19:40] C:\Program Files\Adobe Media Player
[21.11.2008|14:45] C:\Program Files\Analog Devices
[10.10.2009|16:44] C:\Program Files\Ask Search Assistant
[09.10.2009|23:04] C:\Program Files\AviSynth 2.5
[27.10.2009|12:28] C:\Program Files\BitTorrent
[06.11.2009|23:43] C:\Program Files\Bonjour
[07.11.2009|22:09] C:\Program Files\Circle Developemnt
[09.11.2009|15:00] C:\Program Files\Common Files
[19.08.2009|08:39] C:\Program Files\DIFX
[11.11.2009|14:14] C:\Program Files\DNA Nettiturva
[31.10.2009|20:15] C:\Program Files\foobar2000
[21.11.2008|15:58] C:\Program Files\Hewlett-Packard
[21.11.2008|15:54] C:\Program Files\HP
[21.11.2008|15:27] C:\Program Files\HPQ
[23.05.2009|13:47] C:\Program Files\InstallShield Installation Information
[21.11.2008|14:47] C:\Program Files\Intel
[29.10.2009|11:26] C:\Program Files\Internet Explorer
[23.05.2009|13:47] C:\Program Files\InterVideo
[06.10.2009|22:45] C:\Program Files\Java
[08.11.2009|20:38] C:\Program Files\Last.fm
[09.11.2009|17:21] C:\Program Files\Malwarebytes' Anti-Malware
[07.11.2009|22:09] C:\Program Files\Messenger Plus! Live
[03.10.2009|13:15] C:\Program Files\Microsoft
[02.07.2009|08:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02.11.2006|14:35] C:\Program Files\Microsoft Games
[21.11.2008|15:25] C:\Program Files\Microsoft Office
[21.11.2008|15:26] C:\Program Files\Microsoft Office Suite Activation Assistant
[05.10.2009|13:51] C:\Program Files\Microsoft Silverlight
[03.10.2009|13:12] C:\Program Files\Microsoft SQL Server Compact Edition
[03.10.2009|13:15] C:\Program Files\Microsoft Sync Framework
[21.11.2008|15:25] C:\Program Files\Microsoft Visual Studio
[09.10.2009|13:41] C:\Program Files\Microsoft Works
[21.11.2008|15:24] C:\Program Files\Microsoft.NET
[29.08.2009|16:15] C:\Program Files\Mobile Partner
[17.10.2009|12:07] C:\Program Files\Movie Maker
[09.11.2009|19:47] C:\Program Files\Mozilla Firefox
[02.11.2006|14:35] C:\Program Files\MSBuild
[23.05.2009|19:17] C:\Program Files\MSXML 4.0
[01.06.2009|11:23] C:\Program Files\Nikon
[21.11.2008|15:27] C:\Program Files\PDF Complete
[02.11.2006|14:35] C:\Program Files\Reference Assemblies
[21.11.2008|15:34] C:\Program Files\Roxio
[08.10.2009|17:06] C:\Program Files\Spotify
[21.11.2008|15:35] C:\Program Files\Synaptics
[09.11.2009|15:10] C:\Program Files\Trend Micro
[02.11.2006|14:58] C:\Program Files\Uninstall Information
[06.11.2009|18:39] C:\Program Files\Webteh
[10.10.2009|17:46] C:\Program Files\VideoLAN
[19.08.2009|08:05] C:\Program Files\Winamp
[17.10.2009|12:07] C:\Program Files\Windows Calendar
[17.10.2009|12:07] C:\Program Files\Windows Collaboration
[17.10.2009|12:07] C:\Program Files\Windows Defender
[03.10.2009|13:15] C:\Program Files\Windows Live
[30.05.2009|14:01] C:\Program Files\Windows Live SkyDrive
[17.10.2009|12:07] C:\Program Files\Windows Mail
[08.11.2009|20:39] C:\Program Files\Windows Media Player
[23.05.2009|13:39] C:\Program Files\Windows NT
[17.10.2009|12:07] C:\Program Files\Windows Photo Gallery
[17.10.2009|12:07] C:\Program Files\Windows Sidebar
[31.10.2009|17:33] C:\Program Files\WinRAR
[11.09.2009|20:06] C:\Program Files\YouTube Downloader
[0|tiedosto(a)] C:\Program Files\tavua
[64|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[09.11.2009|14:14] C:\Program Files\Common Files\Adobe
[08.11.2009|19:35] C:\Program Files\Common Files\Adobe AIR
[21.11.2008|15:25] C:\Program Files\Common Files\DESIGNER
[23.05.2009|13:45] C:\Program Files\Common Files\InstallShield
[23.05.2009|13:46] C:\Program Files\Common Files\InterVideo
[21.11.2008|15:46] C:\Program Files\Common Files\Java
[23.05.2009|13:39] C:\Program Files\Common Files\J„rjestelm„ [C:\Program Files\Common Files\System]
[21.11.2008|15:39] C:\Program Files\Common Files\LightScribe
[06.11.2009|22:16] C:\Program Files\Common Files\Macrovision Shared
[09.10.2009|13:45] C:\Program Files\Common Files\microsoft shared
[09.11.2009|14:57] C:\Program Files\Common Files\Nikon
[26.07.2009|15:53] C:\Program Files\Common Files\PX Storage Engine
[21.11.2008|15:32] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[21.11.2008|15:34] C:\Program Files\Common Files\Sonic Shared
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21.11.2008|15:30] C:\Program Files\Common Files\SureThing Shared
[17.10.2009|12:07] C:\Program Files\Common Files\System
[30.05.2009|13:52] C:\Program Files\Common Files\Windows Live
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 77 Processes )

iexplore.exe ~ [PID:996]
iexplore.exe ~ [PID:3892]

--------------------\\ Etsii S_Lopilla

C:\ProgramData\funk pure meow.2kdyz4
C:\ProgramData\Send mess mess.64pziv
C:\ProgramData\Send mess mess.9kumqdb
C:\Users\TIITUN~1\AppData\Local\Temp\bisD76A.exe

--------------------\\ Etsii Lopin tiedostoja ja kansioita

C:\Users\TIITUN~1\AppData\Local\Temp\msgpl_f72b.tmp
C:\Users\TIITUN~1\AppData\Local\Temp\nsdF354.tmp
C:\Users\TIITUN~1\AppData\Local\Temp\nse7FE.tmp
C:\Users\TIITUN~1\AppData\Local\Temp\nsjDAB6.tmp
C:\Users\TIITUN~1\AppData\Roaming\MICROS~1\Windows\Cookies\tiitun_läppäri@partypoker[1].txt

--------------------\\ Etsii rekisterikohteita

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start hide inside slow"="\"C:\\ProgramData\\funk pure meow.2kdyz4\""
"Anti itch"="\"C:\\ProgramData\\Send mess mess.9kumqdb\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 15:09:33
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\TIITUN~1\AppData\Roaming\Microsoft\Windows\Recent\How To Crack Photoshop.lnk


[F:1406][D:139]-> C:\Users\TIITUN~1\AppData\Local\Temp
[F:328][D:1]-> C:\Users\TIITUN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:595][D:6]-> C:\Users\TIITUN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - ke 11.11.2009|15:11 - Option : [1]

--------------------\\ Tarkistus valmistui 15:11:10
[ UAC => 1 ]



Tässäpä loki

 

Jo vain tauti on !!!

Käynnistä Lop S&D

Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

-------------------------------------------------------------------------------

Toimenpiteet Vistassa (7) suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

**************************************************

Poista ne rivit jotka ovat vielä jäljellä:

Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
(HJT sammuttaa ohjelman ei poista)
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä sammuta ne.(fix Chekked)

O4 - HKCU\..\Run: [Anti itch] "C:\ProgramData\Send mess mess.9kumqdb"
O4 - HKCU\..\Run: [Start hide inside slow] "C:\ProgramData\funk pure meow.2kdyz4"

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* C:\lopR.txt raportti
*
* Auttoiko ???
*

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 550 @ 2.00GHz )
BIOS : KBC Version 12.00
USER : Tiitun läppäri ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:140 Go (Free:87 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( ke 11.11.2009|15:36 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

Poistettu! - C:\Users\TIITUN~1\AppData\Local\Temp\msgpl_f72b.tmp
Poistettu! - C:\Users\TIITUN~1\AppData\Local\Temp\nsdF354.tmp
Poistettu! - C:\Users\TIITUN~1\AppData\Local\Temp\nse7FE.tmp
Poistettu! - C:\Users\TIITUN~1\AppData\Local\Temp\nsjDAB6.tmp
Poistettu! - C:\Users\TIITUN~1\AppData\Roaming\MICROS~1\Windows\Cookies\tiitun_läppäri@partypoker[1].txt
Poistettu! - C:\ProgramData\funk pure meow.2kdyz4
Poistettu! - C:\ProgramData\Send mess mess.64pziv
Poistettu! - C:\ProgramData\Send mess mess.9kumqdb
Poistettu! - C:\Users\TIITUN~1\AppData\Local\Temp\bisD76A.exe

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listaa hakemistoja sijainnissa Local

[08.11.2009|20:02] C:\Users\TIITUN~1\AppData\Local\Adobe
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Application Data
[01.08.2009|11:14] C:\Users\TIITUN~1\AppData\Local\Apps
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\AtStart.txt
[10.11.2009|23:24] C:\Users\TIITUN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01.08.2009|11:14] C:\Users\TIITUN~1\AppData\Local\Deployment
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\DSwitch.txt
[08.11.2009|20:02] C:\Users\TIITUN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[10.11.2009|23:50] C:\Users\TIITUN~1\AppData\Local\IconCache.db
[04.07.2009|13:12] C:\Users\TIITUN~1\AppData\Local\IsolatedStorage
[11.11.2009|14:16] C:\Users\TIITUN~1\AppData\Local\Last.fm
[27.10.2009|22:12] C:\Users\TIITUN~1\AppData\Local\Microsoft
[24.09.2009|23:08] C:\Users\TIITUN~1\AppData\Local\Microsoft Games
[23.05.2009|18:31] C:\Users\TIITUN~1\AppData\Local\Microsoft Help
[31.10.2009|15:08] C:\Users\TIITUN~1\AppData\Local\Mozilla
[01.06.2009|11:28] C:\Users\TIITUN~1\AppData\Local\Nikon
[15.08.2009|17:54] C:\Users\TIITUN~1\AppData\Local\Nokia
[23.05.2009|13:54] C:\Users\TIITUN~1\AppData\Local\QSwitch.txt
[18.08.2009|18:53] C:\Users\TIITUN~1\AppData\Local\rx_image32.Cache
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Sivuhistoria
[15.10.2009|15:23] C:\Users\TIITUN~1\AppData\Local\Spotify
[11.11.2009|15:36] C:\Users\TIITUN~1\AppData\Local\Temp
[23.05.2009|13:45] C:\Users\TIITUN~1\AppData\Local\Temporary Internet Files
[23.05.2009|18:38] C:\Users\TIITUN~1\AppData\Local\WindowsUpdate
[23.05.2009|13:55] C:\Users\TIITUN~1\AppData\Local\VirtualStore
[7|tiedosto(a)] C:\Users\TIITUN~1\AppData\Local\tavua
[20|kansio(ta)] C:\Users\TIITUN~1\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\windows\Tasks

[11.11.2009 13:08][--ah-----] C:\windows\tasks\SA.DAT
[10.11.2009 23:51][--a------] C:\windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[09.11.2009|14:15] C:\ProgramData\Adobe
[02.11.2006|14:59] C:\ProgramData\Application Data
[02.11.2006|14:59] C:\ProgramData\Desktop
[02.11.2006|14:59] C:\ProgramData\Documents
[01.06.2009|11:28] C:\ProgramData\EnterNHelp
[02.11.2006|14:59] C:\ProgramData\Favorites
[08.11.2009|20:01] C:\ProgramData\FLEXnet
[23.05.2009|17:43] C:\ProgramData\f-secure
[23.05.2009|17:41] C:\ProgramData\fssg
[23.05.2009|13:52] C:\ProgramData\Hewlett-Packard
[01.06.2009|11:28] C:\ProgramData\Jazz
[23.05.2009|13:39] C:\ProgramData\K„ynnist„-valikko
[01.06.2009|11:28] C:\ProgramData\LaserPrinter
[08.11.2009|20:38] C:\ProgramData\Last.fm
[02.10.2009|18:32] C:\ProgramData\LogiShrd
[23.05.2009|13:39] C:\ProgramData\Mallit
[09.11.2009|17:20] C:\ProgramData\Malwarebytes
[23.05.2009|14:37] C:\ProgramData\McAfee
[20.10.2009|15:49] C:\ProgramData\Messenger Plus!
[03.10.2009|13:15] C:\ProgramData\Microsoft
[15.10.2009|14:23] C:\ProgramData\Microsoft Help
[04.07.2009|13:04] C:\ProgramData\NokiaMusic
[09.10.2009|13:16] C:\ProgramData\Office Genuine Advantage
[11.07.2009|13:56] C:\ProgramData\PC Suite
[13.10.2009|13:24] C:\ProgramData\PKP_DLbx.DAT
[01.06.2009|11:28] C:\ProgramData\PKP_DLck.DAT
[21.11.2008|15:33] C:\ProgramData\Roxio
[07.11.2009|22:10] C:\ProgramData\Shim pile start hide
[23.05.2009|17:40] C:\ProgramData\SiteAdvisor
[18.08.2009|18:53] C:\ProgramData\Sonic
[02.11.2006|14:59] C:\ProgramData\Start Menu
[01.06.2009|11:28] C:\ProgramData\Strings
[23.05.2009|13:39] C:\ProgramData\Suosikit
[01.06.2009|11:28] C:\ProgramData\Super Strings
[02.11.2006|14:59] C:\ProgramData\Templates
[23.05.2009|13:39] C:\ProgramData\Tiedostot
[07.11.2009|22:10] C:\ProgramData\TrayTwoCoal
[23.05.2009|13:39] C:\ProgramData\Ty”p”yt„
[01.06.2009|11:28] C:\ProgramData\Ultima_T15
[21.11.2008|15:34] C:\ProgramData\Uninstall
[4|tiedosto(a)] C:\ProgramData\tavua
[38|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[09.11.2009|14:15] C:\Program Files\Adobe
[08.11.2009|19:40] C:\Program Files\Adobe Media Player
[21.11.2008|14:45] C:\Program Files\Analog Devices
[10.10.2009|16:44] C:\Program Files\Ask Search Assistant
[09.10.2009|23:04] C:\Program Files\AviSynth 2.5
[27.10.2009|12:28] C:\Program Files\BitTorrent
[06.11.2009|23:43] C:\Program Files\Bonjour
[07.11.2009|22:09] C:\Program Files\Circle Developemnt
[09.11.2009|15:00] C:\Program Files\Common Files
[19.08.2009|08:39] C:\Program Files\DIFX
[11.11.2009|15:12] C:\Program Files\DNA Nettiturva
[31.10.2009|20:15] C:\Program Files\foobar2000
[21.11.2008|15:58] C:\Program Files\Hewlett-Packard
[21.11.2008|15:54] C:\Program Files\HP
[21.11.2008|15:27] C:\Program Files\HPQ
[23.05.2009|13:47] C:\Program Files\InstallShield Installation Information
[21.11.2008|14:47] C:\Program Files\Intel
[29.10.2009|11:26] C:\Program Files\Internet Explorer
[23.05.2009|13:47] C:\Program Files\InterVideo
[06.10.2009|22:45] C:\Program Files\Java
[08.11.2009|20:38] C:\Program Files\Last.fm
[09.11.2009|17:21] C:\Program Files\Malwarebytes' Anti-Malware
[07.11.2009|22:09] C:\Program Files\Messenger Plus! Live
[03.10.2009|13:15] C:\Program Files\Microsoft
[02.07.2009|08:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02.11.2006|14:35] C:\Program Files\Microsoft Games
[21.11.2008|15:25] C:\Program Files\Microsoft Office
[21.11.2008|15:26] C:\Program Files\Microsoft Office Suite Activation Assistant
[05.10.2009|13:51] C:\Program Files\Microsoft Silverlight
[03.10.2009|13:12] C:\Program Files\Microsoft SQL Server Compact Edition
[03.10.2009|13:15] C:\Program Files\Microsoft Sync Framework
[21.11.2008|15:25] C:\Program Files\Microsoft Visual Studio
[09.10.2009|13:41] C:\Program Files\Microsoft Works
[21.11.2008|15:24] C:\Program Files\Microsoft.NET
[29.08.2009|16:15] C:\Program Files\Mobile Partner
[17.10.2009|12:07] C:\Program Files\Movie Maker
[09.11.2009|19:47] C:\Program Files\Mozilla Firefox
[02.11.2006|14:35] C:\Program Files\MSBuild
[23.05.2009|19:17] C:\Program Files\MSXML 4.0
[01.06.2009|11:23] C:\Program Files\Nikon
[21.11.2008|15:27] C:\Program Files\PDF Complete
[02.11.2006|14:35] C:\Program Files\Reference Assemblies
[21.11.2008|15:34] C:\Program Files\Roxio
[08.10.2009|17:06] C:\Program Files\Spotify
[21.11.2008|15:35] C:\Program Files\Synaptics
[09.11.2009|15:10] C:\Program Files\Trend Micro
[02.11.2006|14:58] C:\Program Files\Uninstall Information
[06.11.2009|18:39] C:\Program Files\Webteh
[10.10.2009|17:46] C:\Program Files\VideoLAN
[19.08.2009|08:05] C:\Program Files\Winamp
[17.10.2009|12:07] C:\Program Files\Windows Calendar
[17.10.2009|12:07] C:\Program Files\Windows Collaboration
[17.10.2009|12:07] C:\Program Files\Windows Defender
[03.10.2009|13:15] C:\Program Files\Windows Live
[30.05.2009|14:01] C:\Program Files\Windows Live SkyDrive
[17.10.2009|12:07] C:\Program Files\Windows Mail
[08.11.2009|20:39] C:\Program Files\Windows Media Player
[23.05.2009|13:39] C:\Program Files\Windows NT
[17.10.2009|12:07] C:\Program Files\Windows Photo Gallery
[17.10.2009|12:07] C:\Program Files\Windows Sidebar
[31.10.2009|17:33] C:\Program Files\WinRAR
[11.09.2009|20:06] C:\Program Files\YouTube Downloader
[0|tiedosto(a)] C:\Program Files\tavua
[64|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[09.11.2009|14:14] C:\Program Files\Common Files\Adobe
[08.11.2009|19:35] C:\Program Files\Common Files\Adobe AIR
[21.11.2008|15:25] C:\Program Files\Common Files\DESIGNER
[23.05.2009|13:45] C:\Program Files\Common Files\InstallShield
[23.05.2009|13:46] C:\Program Files\Common Files\InterVideo
[21.11.2008|15:46] C:\Program Files\Common Files\Java
[23.05.2009|13:39] C:\Program Files\Common Files\J„rjestelm„ [C:\Program Files\Common Files\System]
[21.11.2008|15:39] C:\Program Files\Common Files\LightScribe
[06.11.2009|22:16] C:\Program Files\Common Files\Macrovision Shared
[09.10.2009|13:45] C:\Program Files\Common Files\microsoft shared
[09.11.2009|14:57] C:\Program Files\Common Files\Nikon
[26.07.2009|15:53] C:\Program Files\Common Files\PX Storage Engine
[21.11.2008|15:32] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[21.11.2008|15:34] C:\Program Files\Common Files\Sonic Shared
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21.11.2008|15:30] C:\Program Files\Common Files\SureThing Shared
[17.10.2009|12:07] C:\Program Files\Common Files\System
[30.05.2009|13:52] C:\Program Files\Common Files\Windows Live
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 88 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 15:37:41
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\TIITUN~1\AppData\Roaming\Microsoft\Windows\Recent\How To Crack Photoshop.lnk


[F:1402][D:136]-> C:\Users\TIITUN~1\AppData\Local\Temp
[F:327][D:1]-> C:\Users\TIITUN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:600][D:6]-> C:\Users\TIITUN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - ke 11.11.2009|15:11 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ke 11.11.2009|15:40 - Option : [3]

--------------------\\ Tarkistus valmistui 15:40:31
[ UAC => 1 ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:38, on 11.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\System32\mobsync.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Last.fm\LastFM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\conime.exe
C:\windows\system32\taskeng.exe
C:\Program Files\DNA Nettiturva\Common\FSM32.EXE
C:\Program Files\DNA Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA Nettiturva\FSGUI\scanwizard.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\DNA Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\DNA Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\DNA Nettiturva\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9493 bytes


Tässä lokit =)!

 

Puhdasta on !!!

Poista kansio =>

C:\Lop SD\

Toimiiko nyt OK ???


.

 

toimiihan tämä =) paljon kiitoksia t. tiia