|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone ihan tiltissä.. Virusko? // HJT log
|
|
|
Mintsu
Member
|
22. lokakuuta 2009 @ 17:52 |
Linkki tähän viestiin
|
Toivottavasti osasin ottaa tämän tiedoston, kun toisaalla kyselin apua, mutta en malttanut odottaa vastausta ;)
Eli kone on aikalailla tiltissä, etenkään XP:n toinen käyttäjätili ei toimi juuri ollenkaan. Ja mozilla ei avaudu kummassakaan käyttäjätilissä.
Näkyykö tässä jotain kummallista?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:30, on 22.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toffeemies.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {3CB21A24-BAAE-4D2D-87B7-1273719BCF56} (TestCOPP Class) - https://mpsmppgw01.mpsnordic.se/toolbox/1_1/resources/COPPTest.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1157211675640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FEC580C4-1D50-4468-B4E0-682A2491A5F0} (scPrintCdCover Control) - http://www.securycast.com/download/scprintcdcover.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13583 bytes
|
AfterDawn Addict
|
22. lokakuuta 2009 @ 20:05 |
Linkki tähän viestiin
|
Toimi järjestelmänvalvojan tunnuksilla !!!
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:
Ask Toolbar
Mozilla Firefox
--------------------------------------------------------------------------------------
Lataa Malwarebytes' Anti-Malware työpöydällesi.
Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\ Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]
Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.
----------------------------------------------------------------------------------
Poista ne rivit jotka ovat vielä jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
( HJT sammuttaa ohjelman ei poista)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FEC580C4-1D50-4468-B4E0-682A2491A5F0} (scPrintCdCover Control) - http://www.securycast.com/download/scprintcdcover.ocx
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
sekä sammuta ne.(fix Chekked) napista.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Poista kansio/t, jos löytyy:
C:\Program Files\AskBarDis\
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Malwarebytes' Anti-Malware\Logs\ log-päiväys.txt raportti
*
* Auttoiko miltään osin ???
*
(:)
|
|
Mintsu
Member
|
22. lokakuuta 2009 @ 20:39 |
Linkki tähän viestiin
|
|
Voi ei, mä en saa pois sitä Askia =( "Lisää tai posta sovellus" -osiossa sitä ei näy ollenkaan ja jos yritän program filesista poistaa, se herjaa että levy voi olla täynnä tai ohjelma käytössä =/ Mitäs nyt tehhään?
|
AfterDawn Addict
|
22. lokakuuta 2009 @ 21:53 |
Linkki tähän viestiin
|
* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
:files
C:\Program Files\AskBarDis
:commands
[emptytemp]
* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.
Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.
*********************************************************
Lähetä => OTMoveIt logi.
ja jatka ohjeita siitä eteenpäin.
.
(:)
|
|
Mintsu
Member
|
22. lokakuuta 2009 @ 22:26 |
Linkki tähän viestiin
|
|
Pitiköhän tätä logia laittaa tänne.. No tässä nyt kuitenki on :D
All processes killed
========== FILES ==========
C:\Program Files\AskBarDis\bar\bin moved successfully.
C:\Program Files\AskBarDis\bar moved successfully.
C:\Program Files\AskBarDis moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 30721 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Everton
->Temp folder emptied: 740898816 bytes
->Temporary Internet Files folder emptied: 219303975 bytes
->Java cache emptied: 19060662 bytes
->FireFox cache emptied: 69951890 bytes
User: HP_Omistaja
->Temp folder emptied: 874166327 bytes
->Temporary Internet Files folder emptied: 15072710 bytes
->Java cache emptied: 36635098 bytes
->FireFox cache emptied: 56457404 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Sivuhistoria\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1225551 bytes
User: Minna
->Temp folder emptied: 164449 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 2215489 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66136146 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6158806 bytes
File delete failed. C:\WINDOWS\temp\JET8ABB.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 40170387 bytes
RecycleBin emptied: 46472 bytes
Total Files Cleaned = -2047,65 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10222009_220750
Files moved on Reboot...
File C:\WINDOWS\temp\JET8ABB.tmp not found!
Registry entries deleted on Reboot...
Ja nyt jatkan ohjeilla eteenpäin :)
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 17:42 |
Linkki tähän viestiin
|
|
Tässäpä taas uutta lokia:
Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1248
Windows 5.1.2600 Service Pack 3
23.10.2009 6:49:15
mbam-log-2009-10-23 (06-49-15).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 158306
Kulunut aika: 1 hour(s), 9 minute(s), 21 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 7
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/scprintcdcover.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1a302442-1641-45e2-80a1-68deffb77def} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b35720-1034-4e3c-847f-c4d86e86a9c8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7af1f194-9511-4427-8980-47a4878605d6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf04ffc2-25e2-4e04-9913-2549c5eab6cf} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fec580c4-1d50-4468-b4e0-682a2491a5f0} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{fec580c4-1d50-4468-b4e0-682a2491a5f0} (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\scprintcdcover.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\Downloaded Program Files\scprintcdcover.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 18:04 |
Linkki tähän viestiin
|
Ja tässä HJT-loki puhdistuksen jälkeen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:40, on 23.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toffeemies.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 18:08 |
Linkki tähän viestiin
|
|
Laitan vielä tuon Malwarebytes -raportin perään, hetko!
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 19:32 |
Linkki tähän viestiin
|
|
Tässä vielä tämäkin:
Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3
23.10.2009 19:31:36
mbam-log-2009-10-23 (19-31-36).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169549
Time elapsed: 1 hour(s), 16 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Miltä näyttää?
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 19:39 |
Linkki tähän viestiin
|
Mozilla ei ainakaan edelleenkään aukea ja explorer on äärettömän hidas =/
|
AfterDawn Addict
|
23. lokakuuta 2009 @ 20:50 |
Linkki tähän viestiin
|
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:
Mozilla Firefox
Lähetä kokonainen HJT logi älä puolikasta.
.
(:)
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 21:23 |
Linkki tähän viestiin
|
|
Eipä suostu poistamaan control panelin kautta myöskään Firefoxia, vaan herjaa sen olevan käynnissä.. En tod tiedä missä se on käynnissä, kun se ei ole viikkoon käynnistynyt. Huh tässä onkin yli viikko mennyt jo taistellessa koneen kanssa =(
|
AfterDawn Addict
|
23. lokakuuta 2009 @ 21:50 |
Linkki tähän viestiin
|
Sammuta se tehtävien hallinnasta !!!
Selvitä mitkä prosessit kuormittavat suoritinta eniten:
Nekon Ohjeet => TÄÄLLÄ
.
(:)
|
|
Mintsu
Member
|
23. lokakuuta 2009 @ 22:12 |
Linkki tähän viestiin
|
Sori, oon aika keltanokka näissä hommissa.. Mutta nyt sain Mozillan pois ja tässä ois lokia:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:23, on 23.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedir...&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxydial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-1272536644-464686433-2415924820-1009\..\Run: [Polar Sync] (User 'Everton')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {3CB21A24-BAAE-4D2D-87B7-1273719BCF56} (TestCOPP Class) - https://mpsmppgw01.mpsnordic.se/toolbox/1_1/resources/COPPTest.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1157211675640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10659 bytes
|
AfterDawn Addict
|
24. lokakuuta 2009 @ 14:25 |
Linkki tähän viestiin
|
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedir...&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKUS\S-1-5-21-1272536644-464686433-2415924820-1009\..\Run: [Polar Sync] (User 'Everton')
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
sekä sammuta ne.(fix Chekked) napista.
-----------------------------------------------------------------------------------------
Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:
Linkki 1
Linkki 2
Linkki 3
* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi
* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.
* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.
* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.
**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.
Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:
Klikkaa Kyllä jatkaaksesi skannausta.
Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki
Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.
Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje
C:\ComboFix.txt
Uusi HijackThis-loki
.
(:)
|
|
Mintsu
Member
|
27. lokakuuta 2009 @ 13:03 |
Linkki tähän viestiin
|
|
Voi kalminen.. Mä onneton en osaa ottaa Nortonia pois päältä :( Googlettelin ja etsin Nortonin asetukset läpi, mutta en vaan löydä semmosta toimintoa. Ja jos laitan pelkän palomuurin alas, ComboFix herjailee..
|
Member
|
27. lokakuuta 2009 @ 13:35 |
Linkki tähän viestiin
|
On kumma miten vähän saa aikaan,
jos vain lakkaa yrittämästä.
|
AfterDawn Addict
|
27. lokakuuta 2009 @ 14:24 |
Linkki tähän viestiin
|
|
Nettipiuha irti seinästä.
Hiiren oikealla napilla alapalkista norttonia.
Ajelet vaikka rutkuttaakin.
.
(:)
|
|
Mintsu
Member
|
27. lokakuuta 2009 @ 16:46 |
Linkki tähän viestiin
|
|
mozilla: Ei mulla oo semmosta "user account" -kohtaa tuolla Nortnissa =/ .. Yritin eilen päästä eteenpäin tuolla ohjeella. Oikealla painikkeellakaan ei sammu.
|
|
Mintsu
Member
|
27. lokakuuta 2009 @ 17:00 |
Linkki tähän viestiin
|
|
No nyt löyty, eikun hommiin!
|
|
Mintsu
Member
|
27. lokakuuta 2009 @ 17:39 |
Linkki tähän viestiin
|
Ja tässäpä viimeisimmät kuulumiset koneen puolelta:
-ComboFix
ComboFix 09-10-25.02 - HP_Omistaja 27.10.2009 17:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1534.998 [GMT 2:00]
Sijainti: c:\documents and settings\HP_Omistaja\Työpöytä\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Everton\Omat tiedostot\ZbThumbnail.info
c:\documents and settings\HP_Omistaja\Omat tiedostot\ZbThumbnail.info
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-09-27 to 2009-10-27 )))))))))))))))))
.
2009-10-24 08:56 . 2009-10-24 08:56 -------- d-----w- c:\documents and settings\HP_Omistaja\Tracing
2009-10-24 08:14 . 2009-10-25 10:29 -------- d-----w- c:\documents and settings\Everton\Tracing
2009-10-24 08:01 . 2009-10-24 08:01 -------- d-----w- c:\program files\Microsoft
2009-10-24 08:01 . 2009-10-24 08:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-24 08:00 . 2009-10-24 08:04 -------- d-----w- c:\program files\Windows Live
2009-10-24 07:56 . 2009-10-24 07:56 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-23 15:07 . 2009-10-23 15:07 -------- d-----w- c:\documents and settings\Everton\Application Data\Malwarebytes
2009-10-22 19:07 . 2009-10-22 19:07 -------- d-----w- C:\_OTM
2009-10-22 14:49 . 2007-07-08 00:37 812344 ----a-w- c:\program files\HJTInstall.exe
2009-10-21 14:58 . 2009-10-21 15:00 -------- d-----w- C:\2f00b6cf222250eee10ee53d0609e0b5
2009-10-15 17:28 . 2009-10-15 17:28 -------- d-----w- c:\documents and settings\Minna\Local Settings\Application Data\Mozilla
2009-10-15 17:24 . 2009-10-15 17:25 -------- d-----w- c:\documents and settings\Minna\.onnet
2009-10-15 17:23 . 2009-10-15 17:24 -------- d-----w- c:\documents and settings\Minna\.limewire
2009-10-15 17:19 . 2009-10-15 17:19 -------- d-----w- c:\documents and settings\Minna\Application Data\ZoomBrowser EX
2009-10-15 17:19 . 2009-10-15 17:19 -------- d-----w- c:\documents and settings\Minna\Application Data\Template
2009-10-15 17:19 . 2009-10-15 17:19 -------- d-----w- c:\documents and settings\Minna\Application Data\Talkback
2009-10-15 17:13 . 2009-10-15 17:13 70648 ----a-w- c:\documents and settings\Minna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 17:12 . 2009-10-15 17:12 -------- d-----w- c:\documents and settings\Minna\Application Data\Symantec
2009-10-15 16:53 . 2009-10-15 16:53 -------- d-----w- c:\documents and settings\Minna\Application Data\PC Suite
2009-10-15 16:52 . 2009-10-15 17:09 128 ----a-w- c:\documents and settings\Minna\Local Settings\Application Data\fusioncache.dat
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 15:15 . 2004-12-13 15:47 86024 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-27 15:15 . 2004-12-13 15:47 417544 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-27 15:13 . 2005-01-02 03:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-27 14:58 . 2005-01-02 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-26 16:26 . 2006-09-01 16:05 71232 ----a-w- c:\documents and settings\HP_Omistaja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 08:13 . 2006-09-17 17:03 71232 ----a-w- c:\documents and settings\Everton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 17:22 . 2006-09-01 16:05 7342 ----a-w- c:\documents and settings\HP_Omistaja\Application Data\wklnhst.dat
2009-10-15 19:00 . 2006-09-01 14:28 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 16:53 . 2008-11-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-11 16:50 . 2006-09-03 14:21 -------- d-----w- c:\documents and settings\HP_Omistaja\Application Data\Azureus
2009-10-04 10:56 . 2009-10-15 17:19 7144 ----a-w- c:\documents and settings\Minna\Application Data\wklnhst.dat
2009-10-01 09:36 . 2008-03-15 14:32 -------- d-----w- c:\documents and settings\HP_Omistaja\Application Data\ZoomBrowser EX
2009-10-01 09:11 . 2008-03-15 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-26 13:46 . 2009-09-26 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-26 13:45 . 2006-09-03 14:20 -------- d-----w- c:\program files\Azureus
2009-09-25 05:36 . 2004-09-15 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:36 . 2004-09-15 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-22 16:38 . 2006-10-04 15:47 4330 ----a-w- c:\documents and settings\Everton\Application Data\wklnhst.dat
2009-09-18 14:31 . 2009-09-18 14:31 -------- d-----w- c:\documents and settings\Everton\Application Data\HpUpdate
2009-09-11 14:18 . 2004-09-15 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 13:45 . 2009-08-30 17:27 -------- d-----w- c:\documents and settings\HP_Omistaja\Application Data\HpUpdate
2009-09-04 21:04 . 2004-09-15 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 17:28 . 2005-01-02 02:46 -------- d-----w- c:\program files\HP
2009-08-26 08:01 . 2004-09-15 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 12:09 . 2009-08-20 12:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2004-09-15 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:59 . 2004-09-15 04:00 2191488 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2004-09-15 11:00 2068352 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-04-19 09:28 . 2007-06-24 21:18 394 ----a-w- c:\program files\X.ini
2009-04-04 16:14 . 2009-04-04 16:14 2496707 ----a-w- c:\program files\vsoDivxToDVD_setup_v0.5.2b.exe
2008-10-16 14:19 . 2007-04-05 21:08 96 ----a-w- c:\program files\lang.ini
2008-10-16 14:19 . 2007-04-05 21:08 23 ----a-w- c:\program files\history.txt
2008-10-16 14:19 . 2007-04-05 21:08 441 ----a-w- c:\program files\regfav.ini
2008-09-21 12:08 . 2007-04-05 21:08 86 ----a-w- c:\program files\autoclean.ini
2008-08-16 12:25 . 2008-08-16 12:25 9239213 ----a-w- c:\program files\AutoGordianKnot.2.45.Setup.exe
2008-06-10 18:41 . 2008-06-10 18:41 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-02-06 10:54 . 2006-12-03 16:23 7766 ----a-w- c:\program files\CurrentCfg.tpr
2008-02-06 10:54 . 2006-12-03 16:21 5158 ----a-w- c:\program files\TMPGEnc.ini
2007-11-29 17:22 . 2007-11-29 17:20 13793865 ----a-w- c:\program files\acdsee-9-0-108-en-update.exe
2007-11-29 17:20 . 2007-11-29 17:19 8608465 ----a-w- c:\program files\acdsee-10-0-238-en-update.exe
2007-09-20 17:36 . 2007-09-20 17:08 51422520 ----a-w- c:\program files\iTunes742Setup.exe
2007-07-06 20:06 . 2007-07-06 20:04 1014730 ----a-w- c:\program files\PowerISO37.exe
2007-06-24 20:41 . 2007-06-24 20:40 5638544 ----a-w- c:\program files\DVDAuthorGUI_1.013.exe
2007-06-24 19:22 . 2007-06-24 19:22 1987871 ----a-w- c:\program files\ProjectX-v0.90.04.00-20060330.zip
2007-05-25 11:41 . 2007-06-12 21:14 343284 ----a-w- c:\program files\PlasmaEPG.tap
2007-05-25 11:34 . 2007-06-12 21:14 25910 ----a-w- c:\program files\PlasmaEPG.lex
2007-05-06 15:56 . 2007-05-06 15:56 86353 ----a-w- c:\program files\2665430270048562872RZfhFH.wbz
2007-04-20 19:54 . 2007-04-20 19:54 0 ----a-w- c:\program files\QuickTimeInstaller.exe
2007-04-17 21:42 . 2007-06-12 20:00 514 ----a-w- c:\program files\Install.txt
2007-04-17 21:34 . 2007-06-12 20:00 625 ----a-w- c:\program files\Asennus.txt
2007-04-07 14:44 . 2007-04-07 14:44 232592 ----a-w- c:\program files\l3codecx.exe
2007-04-07 13:03 . 2007-04-07 13:03 2000324 ----a-w- c:\program files\cdex_151.exe
2007-03-05 14:52 . 2007-03-05 14:53 288640 ----a-w- c:\program files\dxwebsetup.exe
2007-02-25 13:29 . 2006-11-25 23:04 25754696 ----a-w- c:\program files\wmp11-windowsxp-x86-FI-FI.exe
2007-02-25 13:18 . 2007-02-25 13:18 878896 ----a-w- c:\program files\WGAPluginInstall.exe
2007-02-15 16:55 . 2007-02-15 16:53 513359 ----a-w- c:\program files\WingTip_SYNCFIX.rar
2007-02-15 16:42 . 2007-02-15 16:42 1727591 ----a-w- c:\program files\on2_vp7_personal_edition.exe
2007-01-24 17:51 . 2007-01-24 17:50 3513168 ----a-w- c:\program files\sp26752.exe
2007-01-07 13:51 . 2007-01-07 13:51 6285558 ----a-w- c:\program files\divx-to-dvd-converter.exe
2006-12-28 19:28 . 2006-12-28 19:26 16198952 ----a-w- c:\program files\Install_Messenger.exe
2006-12-09 11:14 . 2006-12-09 11:12 12684992 ----a-w- c:\program files\winamp532_full_bundle_emusic-7plus.exe
2006-11-30 18:17 . 2006-11-30 18:17 2987935 ----a-w- c:\program files\swf2avi.exe
2006-11-30 18:11 . 2006-11-30 18:11 2388240 ----a-w- c:\program files\RivaFLVPlayerSetup.exe
2006-11-30 06:46 . 2006-11-30 06:46 3513168 ----a-w- c:\program files\Näppis.exe
2006-11-25 16:19 . 2006-11-25 16:19 3250296 ----a-w- c:\program files\Ifi-OrderClient-FI.exe
2006-11-20 19:09 . 2007-02-11 09:17 6326784 ----a-w- c:\program files\DVRMSToolbox1103.msi
2006-10-20 10:34 . 2007-04-05 21:08 3317 ----a-w- c:\program files\RegHist.txt
2006-10-20 06:58 . 2007-04-05 21:08 7137 ----a-w- c:\program files\FlashPlayer9.reg
2006-10-11 10:34 . 2007-04-05 21:08 2171 ----a-w- c:\program files\exclude.ini
2006-09-19 08:14 . 2007-04-05 21:08 37376 ----a-w- c:\program files\Order.doc
2006-06-26 08:52 . 2007-04-05 21:08 13507 ----a-w- c:\program files\license.rtf
2006-06-23 22:50 . 2007-04-07 14:19 2434406 ----a-w- c:\program files\cdex_170b2_enu.exe
2006-05-02 16:30 . 2006-09-17 11:41 179 ----a-w- c:\program files\Free-Codecs.txt
2006-03-30 19:13 . 2007-06-24 19:23 787757 ----a-w- c:\program files\ProjectX-v0.90.04.00-20060330.jar
2006-03-30 18:42 . 2007-06-24 19:23 124257 ----a-w- c:\program files\ProjectX_LanguagePack_0.90.4.00.zip
2006-03-30 18:42 . 2007-06-24 19:23 825784 ----a-w- c:\program files\ProjectX_Source_eng_0.90.4.00.zip
2006-03-30 15:51 . 2007-06-24 19:23 1629 ----a-w- c:\program files\ReadMe_Lang.txt
2006-03-30 15:06 . 2007-06-24 19:23 1516 ----a-w- c:\program files\ReleaseNotes_0.90.4.txt
2006-03-30 15:06 . 2007-06-24 19:23 165 ----a-w- c:\program files\ReleaseNotes_0.90.4.00.txt
2006-03-19 13:37 . 2007-06-24 19:23 8448 ----a-w- c:\program files\ac3.bin
2006-01-31 19:00 . 2007-04-05 21:08 6475 ----a-w- c:\program files\ReadMe.txt
2005-11-05 08:15 . 2007-04-05 21:08 531 ----a-w- c:\program files\mycookies.ini
2005-11-05 08:15 . 2007-04-05 21:08 318 ----a-w- c:\program files\shortarrow.ico
2005-11-05 08:15 . 2007-04-05 21:08 298 ----a-w- c:\program files\FixAddRemove.reg
2005-08-25 21:44 . 2006-12-03 16:29 14545 ----a-w- c:\program files\Codecs.ini
2005-08-25 20:17 . 2006-12-03 16:29 137733 ----a-w- c:\program files\VirtualDubMod.vdi
2005-08-25 20:17 . 2006-12-03 16:29 929280 ----a-w- c:\program files\VirtualDubMod.exe
2005-08-25 20:10 . 2006-12-03 16:29 9804 ----a-w- c:\program files\vdremote.dll
2005-08-25 20:10 . 2006-12-03 16:29 11340 ----a-w- c:\program files\vdicmdrv.dll
2005-08-25 20:10 . 2006-12-03 16:29 40960 ----a-w- c:\program files\AuxSetup.exe
2005-08-25 20:09 . 2006-12-03 16:29 7244 ----a-w- c:\program files\vdsvrlnk.dll
2005-07-02 16:19 . 2007-06-24 19:23 1540 ----a-w- c:\program files\OoZooN.TXT
2005-01-07 18:05 . 2007-06-24 19:23 1203 ----a-w- c:\program files\colours.tbl
2004-10-25 16:11 . 2006-12-03 16:20 374340 ----a-w- c:\program files\TMPGEnc.vfp
2004-09-12 11:22 . 2006-12-03 16:29 615 ----a-w- c:\program files\VirtualDubMod.exe.manifest
2004-07-26 00:16 . 2007-06-25 13:28 1117491 ----a-w- c:\program files\dvdshrink32setup.exe
2004-05-25 23:16 . 2006-09-17 11:41 734160 ----a-w- c:\program files\VobSub_2.23.exe
2004-04-30 14:52 . 2007-06-12 19:37 1707042 ----a-w- c:\program files\Topfield Windows Applications Setup.exe
2004-04-02 11:42 . 2007-06-12 19:20 1024 ----a-w- c:\program files\Altair.txt
2004-03-22 18:07 . 2007-06-12 19:20 380928 ----a-w- c:\program files\Altair_1.250.exe
2007-11-09 14:25 . 2007-12-29 20:27 57344 ----a-w- c:\program files\mozilla firefox\components\MGSHelper.dll
2006-12-16 16:15 . 2006-12-16 16:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-08 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
c:\documents and settings\Minna\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [24.8.2007 23:07 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.8.2009 8:20 102448]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [23.8.2007 14:35 243064]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29.5.2007 14:55 23888]
S3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [1.12.2007 23:03 40856]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [26.8.2003 7:11 41996]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
--- Muut muistissa olevat ajurit/palvelut ---
*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr
.
'Ajoitetut tehtävät'-kansion sisältö
2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
2009-10-26 c:\windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Everton.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 17:19]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.local;<local>
uInternet Settings,ProxyServer = proxydial.inet.fi:800
DPF: {3CB21A24-BAAE-4D2D-87B7-1273719BCF56} - hxxps://mpsmppgw01.mpsnordic.se/toolbox/1_1/resources/COPPTest.cab
.
- - - - POISTETUT JÄMÄRIVIT - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 17:25
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en lķnea"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en lķnea"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\ADE]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\Columns]
@DACL=(02 0000)
"ColCount"=dword:00000007
"SortFieldTag"=dword:00000004
"Sort00"=dword:00000000
"Column00Tag"=dword:00000004
"Column00Group"=dword:00000001
"Column00Width"=dword:00000064
"Sort01"=dword:00000001
"Column01Tag"=dword:00000009
"Column01Group"=dword:00000001
"Column01Width"=dword:00000064
"Sort02"=dword:00000002
"Column02Tag"=dword:00000028
"Column02Group"=dword:00000003
"Column02Width"=dword:00000064
"Sort03"=dword:00000003
"Column03Tag"=dword:0000000a
"Column03Group"=dword:00000001
"Column03Width"=dword:00000064
"Sort04"=dword:00000004
"Column04Tag"=dword:0000002b
"Column04Group"=dword:00000003
"Column04Width"=dword:00000064
"Sort05"=dword:00000005
"Column05Tag"=dword:00000013
"Column05Group"=dword:00000002
"Column05Width"=dword:00000064
"Sort06"=dword:00000006
"Column06Tag"=dword:00000015
"Column06Group"=dword:00000002
"Column06Width"=dword:00000064
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\Editors]
@DACL=(02 0000)
@="ACDSee"
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\en]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\QuickView]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\ACD Systems\ACDSee\90\TPColumns]
@DACL=(02 0000)
"Column00Width"=dword:00000064
"Column01Width"=dword:00000064
"Column02Width"=dword:00000064
"Column03Width"=dword:00000064
"Column04Width"=dword:00000064
"Column05Width"=dword:00000064
"Column06Width"=dword:00000064
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Google\NavClient]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\MediaPlayer\Preferences\HME]
@DACL=(02 0000)
"LocalLibraryID"="{994CA114-33AD-4F2B-AB99-C03D9382466D}"
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\MediaPlayer\Preferences\VideoSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\MediaPlayer\Preferences\{7aa92cfa-39c3-11db-9ab0-806d6172696f}]
@DACL=(02 0000)
"CDReadRate"=hex:c8,ac,e1,40
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,02,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,18,02,00,00,60,0d,00,00,00,00,00,00,16,\
"Upgrade"=dword:00000001
[HKEY_USERS\S-1-5-21-1272536644-464686433-2415924820-1008\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\adc\Shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92}\InprocServer32]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\dchub\Shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin]
@Class="cygnus"
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\Browser]
@DACL=(02 0000)
@SACL=
"IE"="0"
"Netscape"="0"
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\BWOPT]
@DACL=(02 0000)
@SACL=
"bwsupport"="1"
"bwoffers"="0"
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\HPSU]
@DACL=(02 0000)
@SACL=
"OptInPath"="c:\\hp\\bin\\cloaker.exe"
"OptInCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optin.bat"
"OptOutPath"="c:\\hp\\bin\\cloaker.exe"
"OptOutCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optout.bat"
"hpsulaunch"="1"
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\NIS]
@DACL=(02 0000)
@SACL=
"NISRun"="0"
"NISPath"="c:\\windows\\system32\\pcintro\\autorun.exe"
"NISCmdLine"="security.cmd"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\7.0]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\???|’’’’"??|ž»Ów�*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Nullsoft\Winamp]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Realtek\AlcMonitor]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="ATQ0E0V1<cr>"
"2"="AT&C1&D2<cr>"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"Pulse"="P"
"Tone"="T"
"FlowControl_Off"=""
"FlowControl_Hard"=""
"FlowControl_Soft"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2009-10-27 17:27
ComboFix-quarantined-files.txt 2009-10-27 15:26
Ennen ajoa: 50 711 212 032 tavua vapaana
Ajon jälkeen: 51 005 288 448 tavua vapaana
- - End Of File - - A411303A5AD279C88F6F195F89A626B7
-HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:22, on 27.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxydial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-se.../fslauncher.cab
O16 - DPF: {3CB21A24-BAAE-4D2D-87B7-1273719BCF56} (TestCOPP Class) - https://mpsmppgw01.mpsnordic.se/toolbox/1_1/resources/COPPTest.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1157211675640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9715 bytes
|
AfterDawn Addict
|
27. lokakuuta 2009 @ 18:49 |
Linkki tähän viestiin
|
|
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
Mikäsiellä on tilanne ????
.
(:)
|
|
Mintsu
Member
|
27. lokakuuta 2009 @ 19:05 |
Linkki tähän viestiin
|
|
Oliko tarkoitus poistaa tuo ComboFix? Sillä sen se teki. Ihan ensin herjasi ettei ole yhteensopova käyttöjärjestelmän kanssa, sitten herjasi Nortonista ja sitte ku sammutin Nortonin, niin sen jälkeen sitä ComboFixiä ei enää löydy.. ?
|
AfterDawn Addict
|
28. lokakuuta 2009 @ 13:00 |
Linkki tähän viestiin
|
|
Combon karanteeni ja Combo piti poistua !!!
:D
(:)
|
|
Mainos
|
|
|
|
Mintsu
Member
|
29. lokakuuta 2009 @ 09:43 |
Linkki tähän viestiin
|
|
Onks tää nyt ok :D ??? Uskallanko laittaa Mozillan koneelle uudelleen? Osaatko sanoa mikä tonne koneelle sitten oli tullu :) ?
|
|
