HJT logi, netti hidas, ei pysty lataamaan päivityksiä

kuluttaja · 07.05.2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41, on 2008-05-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O17 - HKLM\System\CS11\Services\Tcpip\..\{08CE21A0-4673-4FCE-B645-F6B25947A6E9}: NameServer = 193.210.19.19 193.210.18.18
O17 - HKLM\System\CS12\Services\Tcpip\..\{08CE21A0-4673-4FCE-B645-F6B25947A6E9}: NameServer = 193.210.19.19 193.210.18.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

--
End of file - 7673 bytes

AfterDawn

Hujo · 08.05.2008

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

==============

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u5

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

kuluttaja · 10.05.2008

Toimiikos tuo ESCAN??

Sat May 10 09:22:17 2008 => ***** Scanning Service Files *****
Sat May 10 09:22:17 2008 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Sat May 10 09:22:18 2008 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\konemies\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
Sat May 10 09:22:25 2008 => ERROR!!! Invalid Entry system32\drivers\pfc.sys in SYSTEM\CurrentControlSet\Services\pfc...
Sat May 10 09:22:27 2008 => ERROR!!! ScanFile Fails...

kun jäi tuohon vaiheeseen, eikä sacnningfiles rullaa mihinkään??

Hujo · 10.05.2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

kuluttaja · 10.05.2008

allright duunaan seuraavat,,, kylläpäs tuo escan meni läpi kun laittoi alusta rullaamaan, mutta ei löytynyt mitään.

Hujo · 10.05.2008

jeps....

kuluttaja · 10.05.2008

ComboFix 08-05-09.1 - konemies 2008-05-10 22:04:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.617 [GMT 11:00]
Running from: C:\Documents and Settings\konemies\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-10 to 2008-05-10 )))))))))))))))))
.

2008-05-10 19:45 . 2008-05-10 19:45 0 --a------ C:\23990098.$$$
2008-05-10 08:05 . 2008-05-10 08:15 <KANSIO> d-------- C:\Downloads
2008-05-10 08:05 . 2008-05-10 08:12 <KANSIO> d-------- C:\Bases
2008-05-10 08:03 . 2008-05-10 08:17 <KANSIO> d-------- C:\Kaspersky
2008-05-10 07:58 . 2008-05-10 07:58 <KANSIO> d-------- C:\Program Files\Java
2008-05-10 07:58 . 2008-05-10 07:58 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-10 07:58 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-10 07:56 . 2008-05-10 07:56 <KANSIO> d-------- C:\Sun
2008-05-07 21:45 . 2008-05-07 21:45 <KANSIO> d-------- C:\Documents and Settings\konemies\Application Data\Malwarebytes
2008-05-07 21:36 . 2008-05-07 21:36 <KANSIO> d-------- C:\Documents and Settings\konemies\.onnet
2008-05-07 20:39 . 2008-05-07 20:39 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-07 18:54 . 2008-05-07 21:02 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-07 18:32 . 2008-05-07 18:32 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 18:32 . 2008-05-07 18:50 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 09:50 . 2008-04-20 09:08 <KANSIO> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 07:53 --------- d-----w C:\Program Files\Google
2008-05-06 08:30 98,304 ----a-w C:\WINDOWS\DUMP4ebc.tmp
2008-04-05 07:24 98,304 ----a-w C:\WINDOWS\DUMP32e7.tmp
2008-03-15 12:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-15 12:02 --------- d-----w C:\Program Files\OPLIMIT
2008-03-15 12:02 --------- d-----w C:\Program Files\FinalBurner
2007-11-14 13:02 49,240 ----a-w C:\Documents and Settings\konemies\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 10:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 23:09 249856]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 21:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2006-12-06 00:22 176177]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-01-09 06:10 724992]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 10:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 21:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"Irmon"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\TeamWARE\\Toimisto\\twnoti32.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-12-22 00:51]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2006-12-15 02:52]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-01-25 02:41]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-09-06 05:32]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-01-25 02:41]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-01-25 02:41]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-04 07:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 22:10:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\Program Files\F-Secure\common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FNRB32.exe
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-V~1\fsav32.exe
C:\PROGRA~1\F-Secure\common\FSM32.EXE
C:\PROGRA~1\F-Secure\FSGUI\fsguidll.exe
.
**************************************************************************
.
Completion time: 2008-05-10 22:13:34 - machine was rebooted [konemies]
ComboFix-quarantined-files.txt 2008-05-10 11:13:28

Pre-Run: 62,014,676,992 tavua vapaana
Post-Run: 62,089,097,216 tavua vapaana

123 --- E O F --- 2008-05-10 07:18:29

Hujo · 10.05.2008

juuh..

kuluttaja · 11.05.2008

SDFix: Version 1.181
Run by konemies on la 10.05.2008 at 22:22

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\konemies\TYPYT~1\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 00:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\ServiceProviders\American Power Cnnversion]
"Back-UPS"="0x77;"
"Back-UPS Pro"="0x7F;apcups.dll"
"Basic Port on Communications Accessory"=hex(0):30,00,78,00,37,00,37,00,3b,00,00,00
"Basic signaling to any APC UPS"="0x77;"
"Matrix-UPS"="0x7F;apcups.dll"
"PowerStack"="0x7F;apcups.dll"
"Smart-UPS"="0x7F;apcups.dll"
"Smart signaling to any APC UPS"="0x7F;apcups.dll"
"Symmetra Power Array"="0x7F;apcups.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaCategories\{F2C\x2d33F0\x312d1\x2d30B1\x302d00\x3239\x333216]
"Name"="Päässä pidettävän näyttölaitteen ääni"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNP0501\1\Device Parameters]
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gmeu]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"Tag"=dword:00000005
"ImagePath"=str(2):"System32\DRIVERS\gameenum.sys"
"DisplayName"="Game Port Enumerator"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gmeu\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\System\acpi]
"?ypesSup?orted"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Parameters\Adapters\NdisWanIp]
"UpperBindings"="\Device\{37BF3EA2-D5EF-4148-9B90-8AB085407822}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Parameters\Adapters\{21815643-173D-485F-A553-C177F41F39CD}]
"UpperBindings"="\Device\{AAD8C854-77B1-4AAF-B3C1-2A2C0B07B1E9}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Performance]
"Library"="pschdprf.dll"
"Open"="OpenPschedPerformanceData"
"Close"="ClosePschedPerformanceData"
"Collect"="CollectPschedPerformanceData"
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSignature"=hex:71,f8,01,d9,4a,15,50,7e,8a,fe,92,3f,a3,a0,6f,42
"WbemAdapFileTime"=hex:00,a0,77,32,22,0b,c3,01
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Pce\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\PSched\Performance]
"Library"="pschdprf.dll"
"Open"="OpenPschedPerformanceData"
"Close"="ClosePschedPerformanceData"
"Collect"="CollectPschedPerformanceData"
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSignature"=hex:71,f8,01,d9,4a,15,50,7e,8a,fe,92,3f,a3,a0,6f,42
"WbemAdapFileTime"=hex:00,a0,77,32,22,0b,c3,01
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Control\MediaCategories\{518\x2d30C5\x312d1\x2d3082\x302d00\x32395A1]
"Name"="Kolmiulotteiset tehosteet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Control\MediaCategories\{723\x2d30F5-6\x2d32A\x3236-21\x32419FE]
"Name"="Peakmeter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\ACPI\PNP0501\1\Device Parameters]
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\ACPI\PNP0501\1\Device Parameters]
"FirmwareIdentified"=dword:00000001
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\ACPI\PNP0501\1\Device Parameters]
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0501\1\Device Parameters]
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:9a6550fe
"s2"=dword:20a67133
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,fe,39,d3,c9,62,33,42,b5,05,7f,69,7e,03,2b,23,9a,3a,c5,52,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\ACPI\PNP0501\1\Device Parameters]
"PortName"="COM1"
"PollingPeriod"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=str(2):"System32\DRIVERS\psched.sys"
"DisplayName"="QoS-paketinajoitus"
"Group"="PNP_TDI"
"DependOnService"=str(7):"Gpc\0"
"DependOnGroup"=str(7):""
"Description"="QoS-paketinajoitus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\PSched\Performance]
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\TeamWARE\\Toimisto\\twnoti32.exe"="C:\\Program Files\\TeamWARE\\Toimisto\\twnoti32.exe:*:Enabled:TeamWARE Notifier release 5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\DOCUME~1\konemies\TYPYT~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 29 Feb 2008 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 15 Sep 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Wed 21 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2cdfda265544b05233b12ad6d933aba\BIT57.tmp"

Finished!

ja HJT >>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:42:45, on 11.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O17 - HKLM\System\CS11\Services\Tcpip\..\{08CE21A0-4673-4FCE-B645-F6B25947A6E9}: NameServer = 193.210.19.19 193.210.18.18
O17 - HKLM\System\CS12\Services\Tcpip\..\{08CE21A0-4673-4FCE-B645-F6B25947A6E9}: NameServer = 193.210.19.19 193.210.18.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

--
End of file - 7369 bytes

mikaho · 11.05.2008

No ei kun ensin kaspersky avptool,bitdefender,arca,norman ja eihän noi
tekstit oo ku guruja varten ja kiva et niit on,adaware , spybot,superantispyware, spyware terminator ja aja noi ohjelmat safe tilassa , lisätään siihen vielä trend micro ja....
No sit vanhasta kopiosta uudelleen ja toimii ellei ole rootkit?

mikaho · 11.05.2008

NO jaa must tuntuu et moni ei jaksa kattoo noita,hienoja ihmisiä ja tietävät enempi kun mä!(ne jotka käy läpi).
no yllätä ne hakkerit ja testaa kaspersky avptool,norman malware,dr.web,trend microja bitdefender, sit superantispyware ja spybot,adaware, spyware terminator!
No kaikki irti netti yhhteydestä TCPoptimizer,hoitaa homman ilman sen suurempia kykyjä ja extra ohjelmia!

Hujo · 11.05.2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

kuluttaja · 11.05.2008

no niin.. kone ei aukea ja mukava "tuoksu" tuli tuolta virtalähteen peräosastosta,, se siis simahti ilmeisimmin kun ei valot välky eikä huminaa kuulu.. tarviipas tutkia sitä tarkemmin ja testata tällä naapurin virtalähteellä vaikka... mutta ehdin vasta huomenissa perehtyä siihen.. :-/

Hujo · 12.05.2008

että kone lämpeni ja rupes savuun

Kirjaudu tai liity jäseneksi

HJT logi, netti hidas, ei pysty lataamaan päivityksiä

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

mikaho Member

mikaho Member

Hujo Guest

kuluttaja Member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HJT logi, netti hidas, ei pysty lataamaan päivityksiä

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

Hujo Guest

kuluttaja Member

mikaho Member

mikaho Member

Hujo Guest

kuluttaja Member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja