AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 9.1.2026 / 21:51
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > voisko joku tarkistaa hjt-login, mwav tuloksen ja combofix tuloksen
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
voisko joku tarkistaa hjt-login, mwav tuloksen ja comboFix tuloksen
  Siirry:
 
Kirjoittaja Viesti
pike86
Junior Member
_ 		1. toukokuuta 2007 @ 19:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
voisko joku tarkistaa HjT-login, mwav tuloksen ja comboFix tuloksen? Mitä poistan? Mitä puhdistan ja millä?

HJT-LOGI

Logfile of HijackThis v1.99.1
Scan saved at 23:06:17, on 1.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\kavss.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\Pirjo Moilanen\Työpöytä\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1174835913432
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...017/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: UHE - Unknown owner - C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\UHE.exe (file missing)

MWAV TULOS


Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Tietoturvapalvelu\backweb\227364\6.3.2.116-227364L\Program\PrvCnt.exe". Action Taken: Ei toimintoa.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Action Taken: Ei toimintoa.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".laskuri". Action Taken: Ei toimintoa.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: Ei toimintoa.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: Ei toimintoa.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ste". Action Taken: Ei toimintoa.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: Ei toimintoa.

ComboFix
"Pirjo Moilanen" - 07-05-01 20:51:24 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Pirjo Moilanen\Ty?p?yt?\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com


((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))


2007-05-01 20:57 146,944 --a------ C:\WINDOWS\R.COM
2007-05-01 20:57 138,240 --a------ C:\WINDOWS\system32\T.COM
2007-04-26 19:36 <KANSIO> d-------- C:\WINDOWS\McAfee.com
2007-04-26 16:57 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\Talkback
2007-04-26 16:45 <KANSIO> d-------- C:\Program Files\Gran Paradiso
2007-04-26 16:04 <KANSIO> d-------- C:\WINDOWS\system32\Panda Software
2007-04-23 15:13 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-04-23 15:13 33,840 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-04-23 15:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-04-23 14:37 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-227364L.exe
2007-04-23 14:37 <KANSIO> d-------- C:\Program Files\Tietoturvapalvelu
2007-04-19 12:34 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\PHP Designer 2007
2007-04-19 12:33 <KANSIO> d-------- C:\Program Files\PHP Designer 2007 - Professional
2007-04-19 08:27 29,696 --a------ C:\WINDOWS\system32\flcss.exe
2007-04-15 19:34 <KANSIO> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-14 20:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-04-14 20:25 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-04-13 00:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-13 00:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-13 00:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-12 21:43 <KANSIO> d-------- C:\Program Files\ToniArts
2007-04-09 17:02 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-04-08 13:12 <KANSIO> d-------- C:\Program Files\Index.dat Analyzer
2007-04-07 22:45 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-04-07 14:38 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot
2007-04-05 22:44 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-04-05 14:19 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\PEX
2007-04-05 12:46 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\.housecall6.6
2007-04-05 12:05 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 14:45 22636 --a------ C:\DOCUME~1\PIRJOM~1\APPLIC~1\phpdesigner2007_5_2.xml
2007-04-01 16:44 1289 --a------ C:\WINDOWS\mozver.dat
2007-03-31 14:02 -------- d-------- C:\Program Files\windows live safety center
2007-03-30 22:40 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\icaclient
2007-03-28 09:51 0 --a------ C:\WINDOWS\system32\cmmgr32.exe
2007-03-27 23:10 -------- d-------- C:\Program Files\superantispyware
2007-03-27 23:10 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-27 23:10 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\superantispyware.com
2007-03-26 14:34 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\hewlett-packard
2007-03-26 14:31 -------- d-------- C:\Program Files\ws_ftp
2007-03-26 14:26 20458 --a------ C:\WINDOWS\hpoins01.dat
2007-03-26 14:24 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-03-26 13:58 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2007-03-26 13:50 -------- d-------- C:\Program Files\hewlett-packard
2007-03-26 11:52 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\microsoft web folders
2007-03-25 23:11 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\utorrent
2007-03-25 22:57 66096 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-25 22:57 356600 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-25 22:30 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\lavasoft
2007-03-25 22:03 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\skype
2007-03-25 22:01 -------- d-------- C:\Program Files\skype
2007-03-25 21:17 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\apple computer
2007-03-25 21:15 -------- d-------- C:\Program Files\ipod
2007-03-25 21:14 -------- d-------- C:\Program Files\itunes
2007-03-25 21:07 -------- d-------- C:\Program Files\quicktime
2007-03-25 21:05 -------- d-------- C:\Program Files\apple software update
2007-03-25 20:22 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-25 19:57 -------- d-------- C:\Program Files\windows defender
2007-03-25 17:58 -------- d-------- C:\Program Files\citrix
2007-03-25 17:01 0 -rahs---- C:\MSDOS.SYS
2007-03-25 17:01 0 -rahs---- C:\IO.SYS
2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 23:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="LaunApp"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"F-Secure Manager"="\"C:\\Program Files\\Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\ispnews.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1174908418.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 21:18:22
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-01 21:23:32
C:\ComboFix-quarantined-files.txt ... 07-05-01 21:23


Siis mitä poistan? Mitä puhdistan ja millä? Miksi netti selaimilla internet explorer ja firefax tulee koko ajan sellainen ettei sivua löydy. Siis ettei sivulle pääse siis minnekkään?
[ + lainaa]
Auttaja
Suspended permanently
_ 		1. toukokuuta 2007 @ 20:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
http://www.virustorjunta.net/
hoidossa jo muualla.
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 1. toukokuuta 2007 @ 20:16
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > voisko joku tarkistaa hjt-login, mwav tuloksen ja combofix tuloksen
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2026 AfterDawn Oy