|
Ongelmia koneessa HJT-logi (OK)
|
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 11:47 |
Linkki tähän viestiin
|
Onko adbrite vaaraksi, jos käyttää pankkiyhteyksiä?
Täytyykö Vistalla joka kerta mennä vikasietotilaan vai riittääkö kirjautuminen järjestelmänvalvojana.
AVG 8 löysi ja poisti adbriten tuomia tiedostoja, mutta Firefox 3 selaimen etusivu oli edelleen vaihtunut.
Ajoin Smitfraudfixin ja tein siivouksen sillä.
Tässä Smitfraudfix raportti:
SmitFraudFix v2.328
Scan done at 13:59:31,15, su 22.06.2008
Run from C:\Users\Sauli\Desktop\SmitfraudFix
OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 62.121.35.14
DNS Server Search Order: 62.121.33.75
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{83A5B0EB-67DB-4FE6-805C-5053F5878E0D}: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.121.35.14 62.121.33.75
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Tässä HJT-loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56, on 23.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7272 bytes
Kiitos auttajille.
HJT lisätty.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. kesäkuuta 2008 @ 12:36
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 17:27 |
Linkki tähän viestiin
|
|
En tiedä miten saisi tämän Adbriten kokonaan pois, oisko neuvoja?
|
|
Hujo
Suspended permanently
|
23. kesäkuuta 2008 @ 18:18 |
Linkki tähän viestiin
|
|
onkos koneessa vain 512 keskumuistia
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 19:09 |
Linkki tähän viestiin
|
|
Koneessa on giga muistia
E: Allekirjoituksessa oleva kone on eri.
Ongelma kone on alle puolivuotta vanha kannettava.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. kesäkuuta 2008 @ 19:13
|
|
Hujo
Suspended permanently
|
23. kesäkuuta 2008 @ 19:13 |
Linkki tähän viestiin
|
tehääs nyt eka homma
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 19:34 |
Linkki tähän viestiin
|
|
OTmoveIT sanoo, että Access denied, kun yritän vistassa siivota, kokeilen vikasietotilassa.
|
|
Hujo
Suspended permanently
|
23. kesäkuuta 2008 @ 19:39 |
Linkki tähän viestiin
|
|
hmmm.. valvojan oikeudet...
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 19:42 |
Linkki tähän viestiin
|
|
Ei auttanut admin oikeukdetkaan, edes vikasietotilassa.
|
|
Hujo
Suspended permanently
|
23. kesäkuuta 2008 @ 19:45 |
Linkki tähän viestiin
|
nooh sitten tuosta
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 19:58 |
Linkki tähän viestiin
|
ComboFix 08-06-20.4 - Sauli 2008-06-23 19:49:45.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.1108 [GMT 3:00]
Running from: C:\Users\Sauli\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\KBL.LOG
----- BITS: Possible infected sites -----
hxxp://h30155.www3.hp.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-23 to 2008-06-23 )))))))))))))))))
.
2008-06-23 19:32 . 2008-06-23 19:32 <KANSIO> d-------- C:\_OTMoveIt
2008-06-23 14:15 . 2008-06-23 14:16 <KANSIO> d-------- C:\Kirjanmerkit
2008-06-23 13:16 . 2008-06-23 13:16 <KANSIO> d-------- C:\Users\Koti\AppData\Roaming\HP
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Videos
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Searches
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Saved Games
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Pictures
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Music
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Links
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Downloads
2008-06-23 13:15 . 2008-06-23 17:49 <KANSIO> dr------- C:\Users\Koti\Documents
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> dr------- C:\Users\Koti\Contacts
2008-06-23 13:15 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Koti\AppData\Roaming\Media Center Programs
2008-06-23 13:15 . 2008-06-23 13:15 <KANSIO> d--h----- C:\Users\Koti\AppData
2008-06-23 13:15 . 2008-06-23 13:33 <KANSIO> d-------- C:\Users\Koti
2008-06-23 12:19 . 2008-06-23 12:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-22 18:09 . 2008-06-22 18:29 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-22 18:09 . 2008-06-22 18:29 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-22 18:09 . 2008-06-22 18:09 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-22 14:49 . 2008-06-22 14:49 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-22 13:46 . 2008-06-22 13:59 5,096 --a------ C:\Windows\System32\tmp.reg
2008-06-22 13:46 . 2008-06-22 13:59 691 --a------ C:\Users\Sauli\AppData\Roaming\GetValue.vbs
2008-06-22 13:46 . 2008-06-22 13:59 35 --a------ C:\Users\Sauli\AppData\Roaming\SetValue.bat
2008-06-15 12:40 . 2008-06-15 12:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-14 19:20 . 2008-06-14 19:20 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-14 17:54 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 17:53 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:53 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:53 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:29 . 2008-06-14 17:29 <KANSIO> d-------- C:\PerfLogs
2008-06-14 16:38 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-06-14 16:38 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-06-14 16:37 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-06-14 16:37 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-06-14 16:37 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-06-14 16:24 . 2008-01-18 22:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-12 20:54 . 2008-06-12 20:54 <KANSIO> d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-12 03:03 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-12 03:03 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-12 03:03 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-12 03:03 . 2008-01-19 08:53 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys
2008-06-12 03:02 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-12 03:02 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-12 03:01 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-12 03:01 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-08 14:04 . 2008-06-08 14:24 <KANSIO> d-------- C:\Program Files\RegCure
2008-06-08 09:38 . 2008-06-22 10:43 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\Users\All Users\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\ProgramData\NCH Swift Sound
2008-06-08 09:38 . 2008-06-08 09:38 <KANSIO> d-------- C:\Program Files\NCH Software
2008-06-07 14:19 . 2008-06-07 14:56 262,144 --a------ C:\Windows\SPInstall.etl
2008-06-07 12:38 . 2008-06-22 13:26 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-06-07 11:15 . 2008-06-07 11:15 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Bullzip
2008-06-07 11:13 . 2008-06-07 11:13 <KANSIO> d-------- C:\Program Files\Bullzip
2008-06-07 11:13 . 2007-03-25 14:03 192,512 --a------ C:\Windows\System32\bzpdf.dll
2008-06-07 11:13 . 1999-05-07 00:00 140,288 --a------ C:\Windows\System32\COMDLG32.OCX
2008-06-07 11:11 . 2008-06-07 11:12 <KANSIO> d-------- C:\Program Files\gs
2008-06-05 22:34 . 2008-06-05 22:34 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Printer Info Cache
2008-06-05 22:34 . 2008-06-07 20:55 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Image Zone Express
2008-06-05 21:35 . 2008-06-05 21:35 <KANSIO> d-------- C:\Users\All Users\WEBREG
2008-06-05 21:35 . 2008-06-05 21:35 <KANSIO> d-------- C:\ProgramData\WEBREG
2008-06-05 21:29 . 2008-06-05 21:29 <KANSIO> d-------- C:\Users\All Users\HPSSUPPLY
2008-06-05 21:29 . 2008-06-05 21:29 <KANSIO> d-------- C:\ProgramData\HPSSUPPLY
2008-06-05 21:26 . 2008-06-05 21:28 <KANSIO> d-------- C:\Program Files\Common Files\HP
2008-06-05 21:26 . 2008-06-05 21:26 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-05 21:20 . 2006-12-16 09:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
2008-06-05 21:20 . 2006-12-16 09:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll
2008-06-05 21:20 . 2006-12-16 09:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-06-05 21:20 . 2006-11-21 00:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-06-05 21:20 . 2008-06-05 21:35 161,844 --a------ C:\Windows\hpoins19.dat
2008-06-05 21:20 . 2007-03-13 22:55 26,952 --a------ C:\Windows\hpomdl19.dat
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Users\All Users\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\ProgramData\TVU Networks
2008-06-01 19:18 . 2008-06-01 19:18 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-06-01 17:33 . 2008-06-23 19:35 12 --a------ C:\Windows\bthservsdp.dat
2008-05-31 19:58 . 2008-06-07 14:42 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\HP
2008-05-31 19:58 . 2008-05-31 19:59 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\CyberLink
2008-05-31 19:58 . 2008-06-08 09:41 <KANSIO> d-------- C:\Users\Public\CyberLink
2008-05-31 19:58 . 2008-06-05 22:05 <KANSIO> d-------- C:\Users\All Users\HP
2008-05-31 19:58 . 2008-06-05 22:05 <KANSIO> d-------- C:\ProgramData\HP
2008-05-31 18:02 . 2008-06-01 13:37 <KANSIO> d-------- C:\Data
2008-05-31 17:55 . 2003-06-19 01:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-05-31 17:55 . 2008-06-23 17:54 390 --a------ C:\Windows\ODBC.INI
2008-05-31 17:52 . 2008-05-31 17:52 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-05-31 17:49 . 2008-05-31 17:49 <KANSIO> dr-h----- C:\MSOCache
2008-05-31 17:16 . 2008-05-31 17:16 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Talkback
2008-05-31 17:09 . 2008-06-23 16:28 <KANSIO> d-------- C:\Windows\System32\drivers\Avg
2008-05-31 17:09 . 2008-05-31 17:09 <KANSIO> d-------- C:\Program Files\AVG
2008-05-31 17:09 . 2008-05-31 17:09 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-31 17:09 . 2008-05-31 17:09 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-31 17:09 . 2008-05-31 17:09 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-31 16:19 . 2008-05-31 17:09 <KANSIO> d-------- C:\Users\All Users\avg8
2008-05-31 16:19 . 2008-05-31 17:09 <KANSIO> d-------- C:\ProgramData\avg8
2008-05-31 15:16 . 2008-06-12 16:28 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\OpenOffice.org2
2008-05-31 15:13 . 2008-05-31 15:14 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-31 14:14 . 2008-05-31 14:14 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-31 14:14 . 2008-05-31 14:14 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-31 14:14 . 2008-05-31 14:14 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-31 14:14 . 2008-05-31 14:14 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-31 14:14 . 2008-05-31 14:14 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-31 14:14 . 2008-05-31 14:14 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-31 14:14 . 2008-05-31 14:14 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-31 14:14 . 2008-05-31 14:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-31 14:14 . 2008-05-31 14:14 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-31 14:14 . 2008-05-31 14:14 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-31 14:12 . 2008-05-31 14:12 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-31 14:12 . 2008-05-31 14:12 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-31 14:11 . 2008-05-31 14:11 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-31 14:11 . 2008-05-31 14:11 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-31 14:07 . 2008-05-31 14:07 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-05-31 13:55 . 2008-05-31 13:55 0 --a------ C:\Windows\nsreg.dat
2008-05-31 11:50 . 2008-05-31 11:50 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Symantec
2008-05-31 11:49 . 2008-05-31 11:49 <KANSIO> dr------- C:\Users\Sauli\Searches
2008-05-31 11:49 . 2008-06-23 12:22 <KANSIO> dr------- C:\Users\Sauli\Contacts
2008-05-31 11:49 . 2008-05-31 11:49 81 --a------ C:\Windows\System32\LOG
2008-05-31 11:49 . 2008-05-31 11:49 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-05-31 11:46 . 2008-05-31 11:46 <KANSIO> d-------- C:\Users\Sauli\AppData\Roaming\Hewlett-Packard
2008-05-31 11:43 . 2008-05-31 11:44 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-05-31 11:41 . 2008-05-31 11:42 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-05-31 11:41 . 2008-05-31 11:41 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 11:40 . 2008-05-31 11:40 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-05-31 11:40 . 2008-05-31 11:40 <KANSIO> d-------- C:\Program Files\MSN Messenger
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 13:17 --------- d-----w C:\ProgramData\CyberLink
2008-06-14 15:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 15:07 --------- d-----w C:\ProgramData\Symantec
2008-06-14 14:46 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Mail
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 14:35 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 14:34 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 13:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 13:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-05 18:29 --------- d-----w C:\Program Files\HP
2008-05-31 12:31 --------- d-----w C:\Program Files\Java
2008-05-31 11:11 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-31 11:11 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-31 11:11 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-31 11:11 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-31 11:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 15:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 15:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 15:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-30 13:14 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-04 02:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 06:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 03:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 03:32 222504]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-04 02:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-31 17:09 1177368]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{577FEC15-A0F4-4C80-860F-3CCB85ED53FD}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B88EF623-385B-4DA1-8778-CEC272E7F6EF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{FBB7EA80-5877-4C7A-98E3-667D4F8AA7EF}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8C6C151C-4B79-4FD6-AE58-AB4088EAF467}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{66EDB52B-2CD5-4C95-A259-F6EE8129C643}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AD0C00B5-ECCB-4036-A3D8-B27C56A08F8B}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-31 17:09]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-31 17:09]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-31 17:09]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-31 17:09]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 06:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 15:25]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-28 04:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 19:52:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-23 19:53:56
ComboFix-quarantined-files.txt 2008-06-23 16:53:47
Pre-Run: 108,326,952,960 tavua vapaana
Post-Run: 108,864,450,560 tavua vapaana
242 --- E O F --- 2008-06-20 06:31:33
|
|
Hujo
Suspended permanently
|
23. kesäkuuta 2008 @ 21:20 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
Folder::
C:\_OTMoveIt
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
===========
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
=========
Poista vikasiedossa
C:\Program Files\Common Files\Symantec Shared
C:\ProgramData\Symantec
==========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
23. kesäkuuta 2008 @ 22:29 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 883
22:27:33 23.6.2008
mbam-log-6-23-2008 (22-27-33).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 149976
Kulunut aika: 36 minute(s), 53 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56, on 23.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7272 bytes
|
|
Hujo
Suspended permanently
|
24. kesäkuuta 2008 @ 02:49 |
Linkki tähän viestiin
|
|
poista vanhat hjt:n lokit ja scannaa uusi
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
24. kesäkuuta 2008 @ 13:14 |
Linkki tähän viestiin
|
En löytänyt vanhoja hjt-logeja muuta kuin asentamalla hjt:n uudestaan, siten sain uuden login otettua.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:43, on 24.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-1592013934-4205449133-1000282854-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Koti')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7769 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2008 @ 13:15
|
|
Hujo
Suspended permanently
|
24. kesäkuuta 2008 @ 14:08 |
Linkki tähän viestiin
|
Lokit löytyy tuolta mistä HijackThis.exe löytyy
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
==========
Loki ok
mites kone toimii
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
24. kesäkuuta 2008 @ 14:10 |
Linkki tähän viestiin
|
|
Hyvin toimii, selaimen etusivu oli vaihtunut ja siksi otin yhteyttä tänne että saadaan kone siivottua.
Onko nyt myös Vistan backupit siivottu, kun vikasietotilaan valittaessa on valikko, josta koneen saisi korjattua. Sitä tuskin kannattaa nyt käyttää.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2008 @ 14:13
|
|
Hujo
Suspended permanently
|
24. kesäkuuta 2008 @ 14:22 |
Linkki tähän viestiin
|
|
niin eipä kannata ei tuo Malwarebytes' Anti-Malware löytänyt sieltä mitään.
Jätetään tällä kertaa rauhaan :)
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
24. kesäkuuta 2008 @ 14:43 |
Linkki tähän viestiin
|
|
Kannattaako laittaa palautuspiste tähän kohtaan?
|
|
Hujo
Suspended permanently
|
24. kesäkuuta 2008 @ 14:50 |
Linkki tähän viestiin
|
|
niin sen voi kyllä tyhjätä niin alkaa alusta.
jos siellä jotain kuitenkin on
Voiko tietsikka koskaan toimia?
|
Senior Member
13 tuotearviota
|
26. kesäkuuta 2008 @ 15:58 |
Linkki tähän viestiin
|
|
Netti hidastui modeemi yhteyden tasolle, voisko tällä olla jotain yhteyttä vanhaan ongelmaan.
|
|
Hujo
Suspended permanently
|
26. kesäkuuta 2008 @ 16:19 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina fix checked
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
============
Lataa Winsockfix
työpöydällesi
pura zip, Avaa Winsockfix paina Fix
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. kesäkuuta 2008 @ 16:20
|
Senior Member
13 tuotearviota
|
27. kesäkuuta 2008 @ 13:52 |
Linkki tähän viestiin
|
|
Tarviiko mitään tehdä, kun yhteys palasi normaaliksi ja selvisi sen vian johtuneen palveluntarjoajasta?
|
|
Mainos
|
|
|
Senior Member
13 tuotearviota
|
27. kesäkuuta 2008 @ 17:57 |
Linkki tähän viestiin
|
Viimeisin HJT-loki
Logfile of HijackThis v1.99.1
Scan saved at 17:56:30, on 27.6.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Sauli\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
On varmaan jo kunnossa.
|
