Koneessani ainakin RiskTool.win32.reboot haittaohjelma. Ohjelmat ja kone kaatuu koko ajan. (hjt-logi

Koko ajan tulee nettiä selatessa, että ohjelma on suorittanut laittoman toiminnon ja se lopetetaan tai sitten koko tietokone käynnistyy uudelleen. Minulla on F-secure, mutta se ei tunnu löytävän mitään uutta. Ohessa hjt-logi, jos siitä joku ystävällinen saisi jotain irti.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:04, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs.fi/viivijawagner/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8885 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

=============

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

===========

scannaa uusi hjt:n loki

 

Tässä mban-log

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 777

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 95983
Kulunut aika: 38 minute(s), 1 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.

Ja tässä hjt-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:27, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs.fi/viivijawagner/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8869 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-05-21.3 - User 2008-05-22 21:28:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.118 [GMT 3:00]
Running from: C:\Documents and Settings\User\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\search_res.txt

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-22 to 2008-05-22 )))))))))))))))))
.

2008-05-22 20:47 . 2005-09-01 04:43 19,968 --a------ C:\WINDOWS\system32\SET976.tmp
2008-05-22 19:55 . 2008-05-22 19:56 0 --------- C:\Program Files\jre-6u6-windows-i586-p.exe
2008-05-22 19:54 . 2008-05-22 19:59 <KANSIO> d-------- C:\Documents and Settings\User\.SunDownloadManager
2008-05-22 18:35 . 2008-05-22 18:35 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 18:35 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 18:35 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 18:29 . 2008-05-22 18:29 <KANSIO> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-05-22 18:28 . 2008-05-22 18:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-22 17:56 . 2007-07-09 16:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-22 17:46 . 2008-03-25 07:51 621,344 -----c--- C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-05-22 17:46 . 2008-03-25 07:50 355,104 -----c--- C:\WINDOWS\system32\dllcache\msxbde40.dll
2008-05-22 17:10 . 2008-05-22 17:10 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-21 22:55 . 2008-05-21 22:55 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-05-21 22:40 . 2004-09-14 16:12 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-05-21 22:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002334_.tmp
2008-05-21 19:23 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-21 19:10 . 2003-04-25 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-21 19:09 . 2003-04-25 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-21 19:08 . 2001-10-05 16:31 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-05-21 19:04 . 2008-05-21 19:04 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-05-21 19:01 . 2007-08-21 09:17 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-21 19:00 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-05-21 18:57 . 2004-09-14 16:07 64,896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2008-05-21 18:57 . 2004-09-14 16:06 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-05-21 18:57 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-05-21 18:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-21 18:57 . 2006-06-14 11:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-21 18:56 . 2004-09-14 16:12 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-05-21 18:56 . 2004-09-14 16:12 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-05-21 18:56 . 2004-09-14 16:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-05-21 18:55 . 2004-09-14 16:12 146,944 --a------ C:\WINDOWS\system\winspool.drv
2008-05-21 18:55 . 2004-09-14 16:12 74,240 --a------ C:\WINDOWS\system32\storprop.dll
2008-05-21 18:55 . 2003-04-25 15:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-21 18:55 . 2003-04-25 15:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-21 18:55 . 2003-04-25 15:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-21 18:55 . 2003-04-25 15:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-21 18:55 . 2004-08-03 23:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-05-21 18:54 . 2003-04-25 15:00 809,684 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-21 18:54 . 2003-04-25 15:00 399,670 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-21 18:54 . 2003-04-25 15:00 37,509 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-21 18:54 . 2003-04-25 15:00 13,497 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-21 18:54 . 2003-04-25 15:00 8,599 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-21 18:54 . 2003-04-25 15:00 7,407 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-05-21 16:52 . 2008-05-21 22:40 <KANSIO> d-------- C:\WINDOWS\ime
2008-05-21 16:52 . 2008-05-21 22:40 <KANSIO> d-------- C:\WINDOWS\help
2008-05-21 16:52 . 2008-05-21 22:48 <KANSIO> dr--s---- C:\WINDOWS\fonts
2008-05-20 21:28 . 2004-09-14 16:11 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-20 21:23 . 2008-05-21 22:26 <KANSIO> d-------- C:\WINDOWS\EHome
2008-05-20 21:23 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-05-20 21:09 . 2008-05-20 21:09 <KANSIO> d-------- C:\a71b8fe9fc5a7dc28cd84c499a385b8b
2008-05-16 18:50 . 2008-05-16 18:50 <KANSIO> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 17:01 --------- d-----w C:\Program Files\Java
2008-05-22 16:55 1,211 ----a-w C:\Program Files\jre-6u6-windows-i586-p.exe.sdm
2008-05-22 16:55 0 ----a-w C:\Program Files\jre-6u6-windows-i586-p.exe.bak
2008-05-21 19:52 --------- d-----w C:\Program Files\Winamp Remote
2008-05-19 15:20 --------- d-----w C:\Program Files\F-Secure
2008-05-16 22:01 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-04-23 18:50 --------- d-----w C:\Program Files\PPStream
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\User\Application Data\ppstream
2008-04-20 08:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-20 08:29 --------- d-----w C:\Program Files\Common Files\Real
2008-04-18 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-17 08:09 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-17 08:08 --------- d-----w C:\Program Files\Nokia
2008-04-17 08:08 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-17 08:06 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-12 08:20 --------- d-----w C:\Program Files\Winamp
2008-04-10 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-04-03 08:00 --------- d-----w C:\Program Files\Mp3
2006-05-20 14:17 11,931,702 ----a-w C:\Program Files\install_FI.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 23:02 495616]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2007-04-11 03:05 262144]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 13:15 106496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-10-08 13:03 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-10-08 13:03 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-02-12 16:27 1232896]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2008-02-20 20:45 182936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21 274432]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-20 17:28 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 20:04 196608]
"ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm Kotona\Agent.exe" [2005-05-27 17:00 303104]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 02:15 366400]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-20 20:45 895584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 11:28 185896]
"SiSPower"="SiSPower.dll" [2007-04-10 22:06 53248 C:\WINDOWS\system32\SiSPower.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AtomFTP\\AtomFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 02:07]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-10-27 22:27]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-16 15:21]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 14:16]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-20 20:44]
S3 5fbfcec6-509d-45d0-bf8e-aa7796bb13c6;5fbfcec6-509d-45d0-bf8e-aa7796bb13c6;D:\Player\cds300.dll []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-01-19 14:37]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-20 20:44]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-20 20:44]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-22 17:55:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 21:32:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\WINDOWS\system32\drivers\
folder error: C:\WINDOWS\TEMP\
folder error: C:\WINDOWS\system32\wbem\
folder error: C:\WINDOWS\system32\
C:\WINDOWS\PeerNet
C:\WINDOWS\PIF
C:\WINDOWS\Pitsikuvio 16.bmp 1272 bytes
C:\WINDOWS\powerplayer.ini 394 bytes
C:\WINDOWS\Preeriatuuli.bmp 65954 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Progress.exe 208896 bytes executable
C:\WINDOWS\Provisioning
C:\WINDOWS\PSEXESVC.EXE 53248 bytes executable
C:\WINDOWS\psnetwork.ini 388 bytes
C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes
C:\WINDOWS\regedit.exe 146944 bytes executable
C:\WINDOWS\RegisteredPackages
C:\WINDOWS\Registration
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 1022 bytes
C:\WINDOWS\repair
C:\WINDOWS\Resources
C:\WINDOWS\Saippuakuplat.bmp 65978 bytes
C:\WINDOWS\system.ini 292 bytes
C:\WINDOWS\system32
C:\WINDOWS\taskman.exe 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\TEMP
C:\WINDOWS\tsoc.log 38903 bytes
C:\WINDOWS\twain.dll 94800 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uinst001.exe 69632 bytes executable
C:\WINDOWS\UninstallFirefox.exe 99965 bytes executable
C:\WINDOWS\UNMRW.cfg 35946 bytes
C:\WINDOWS\UNMRW.exe 1069056 bytes executable
C:\WINDOWS\UNNeroVision.cfg 97294 bytes
C:\WINDOWS\imsins.BAK 1374 bytes
C:\WINDOWS\imsins.log 1374 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\InstFunc.dll 12288 bytes executable
C:\WINDOWS\InstFunc.exe 49152 bytes executable
C:\WINDOWS\IsUn040b.exe 306688 bytes executable
C:\WINDOWS\IsUninst.exe 306688 bytes executable
C:\WINDOWS\iun6002.exe 720896 bytes executable
C:\WINDOWS\java
C:\WINDOWS\Kahvikuppi.bmp 17062 bytes
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 915 bytes
C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 280 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1729751 bytes
C:\WINDOWS\winhelp.exe 256832 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmprfFIN.prx 32888 bytes
C:\WINDOWS\wmsetup.log 2934 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\Zapoteekki.bmp 9522 bytes
C:\WINDOWS\zip.exe 68096 bytes executable
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\SchedLgU.Txt 32480 bytes
C:\WINDOWS\security
C:\WINDOWS\sed.exe 98816 bytes executable
C:\WINDOWS\ServicePackFiles
C:\WINDOWS\sessmgr.setup.log 1337 bytes
C:\WINDOWS\SET3.tmp 1014139 bytes
C:\WINDOWS\SET4.tmp 1086058 bytes
C:\WINDOWS\SET8.tmp 14043 bytes
C:\WINDOWS\SETE3.tmp 1086182 bytes
C:\WINDOWS\SETEF.tmp 13923 bytes
C:\WINDOWS\setupact.log 93371 bytes
C:\WINDOWS\setupapi.log 636451 bytes
C:\WINDOWS\setuperr.log 456 bytes
C:\WINDOWS\setuplog.txt 683257 bytes
C:\WINDOWS\ShellNew
C:\WINDOWS\SiS
C:\WINDOWS\SiSport.sys 3583 bytes executable
C:\WINDOWS\SiSUSBrg.exe 106496 bytes executable
C:\WINDOWS\SIS_LIB.DLL 32768 bytes executable
C:\WINDOWS\slrundll.exe 32866 bytes executable
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\spupdsvc.log 31160 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\Sun
C:\WINDOWS\svcpack.log 442502 bytes
C:\WINDOWS\swreg.exe 161792 bytes executable
C:\WINDOWS\swsc.exe 136704 bytes executable
C:\WINDOWS\swxcacls.exe 212480 bytes executable
C:\WINDOWS\KB943055.log 10475 bytes
C:\WINDOWS\KB943460.log 33672 bytes
C:\WINDOWS\KB943485.log 17527 bytes
C:\WINDOWS\KB944338.log 13100 bytes
C:\WINDOWS\KB944653.log 11138 bytes
C:\WINDOWS\KB945553.log 17983 bytes
C:\WINDOWS\KB946026.log 27670 bytes
C:\WINDOWS\KB947864.log 35682 bytes
C:\WINDOWS\KB948590.log 19005 bytes
C:\WINDOWS\KB950749.log 17989 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LOTR Dark Rider.exe 649069 bytes executable
C:\WINDOWS\LOTR Dark Rider.scr 273304 bytes executable
C:\WINDOWS\medctroc.Log 581 bytes
C:\WINDOWS\Media
C:\WINDOWS\MEMORY.DMP 502677504 bytes
C:\WINDOWS\Mi1cnie1k1rn5n38.dll 188 bcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\mickey32.dll 30208 bytes executable
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\Minidump
C:\WINDOWS\mozregistry.dat 376 bytes
C:\WINDOWS\mozver.dat 4396 bytes
C:\WINDOWS\msagent
C:\WINDOWS\msapps
C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\msgsocm.log 4893 bytes
C:\WINDOWS\mui
C:\WINDOWS\NeroDigital.ini 116 bytes
C:\WINDOWS\network diagnostic
C:\WINDOWS\Nircmd.exe 28160 bytes executable
C:\WINDOWS\notepad.exe 69632 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\ntbtlog.txt 102222 bytes
C:\WINDOWS\ntdtcsetup.log 27205 bytes
C:\WINDOWS\NuNinst.cfg 83570 bytes
C:\WINDOWS\NuNinst.exe 1134592 bytes executable
C:\WINDOWS\ocgen.log 58913 bytes
C:\WINDOWS\ocmsn.log 5709 bytes
C:\WINDOWS\ODBC.INI 405 bytes
C:\WINDOWS\ODBCINST.INI 4589 bytes
C:\WINDOWS\OEWABLog.txt 410 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\KB914388.log 23584 bytes
C:\WINDOWS\KB914389.log 15100 bytes
C:\WINDOWS\KB918118.log 21104 bytes
C:\WINDOWS\KB918439.log 10231 bytes
C:\WINDOWS\KB919007.log 23481 bytes
C:\WINDOWS\KB920213.log 18835 bytes
C:\WINDOWS\KB920670.log 26883 bytes
C:\WINDOWS\KB920683.log 13019 bytes
C:\WINDOWS\KB920685.log 34323 bytes
C:\WINDOWS\KB920872.log 25471 bytes
C:\WINDOWS\KB922819.log 14851 bytes
C:\WINDOWS\KB923191.log 9120 bytes
C:\WINDOWS\KB923414.log 36595 bytes
C:\WINDOWS\KB923689.log 14967 bytes
C:\WINDOWS\KB923980.log 34064 bytes
C:\WINDOWS\KB924270.log 13576 bytes
C:\WINDOWS\KB924496.log 30970 bytes
C:\WINDOWS\KB924667.log 30054 bytes
C:\WINDOWS\KB925398.log 25434 bytes
C:\WINDOWS\KB925902.log 28288 bytes
C:\WINDOWS\KB926255.log 20445 bytes
C:\WINDOWS\KB926436.log 23639 bytes
C:\WINDOWS\KB927779.log 13091 bytes
C:\WINDOWS\KB928255.log 36641 bytes
C:\WINDOWS\KB928843.log 9809 bytes
C:\WINDOWS\KB929123.log 27396 bytes
C:\WINDOWS\KB930178.log 12687 bytes
C:\WINDOWS\KB930916.log 16834 bytes
C:\WINDOWS\KB931261.log 31812 bytes
C:\WINDOWS\KB931784.log 37100 bytes
C:\WINDOWS\KB932168.log 22554 bytes
C:\WINDOWS\KB933729.log 31197 bytes
C:\WINDOWS\KB935839.log 15023 bytes
C:\WINDOWS\KB935840.log 17890 bytes
C:\WINDOWS\KB936021.log 14088 bytes
C:\WINDOWS\KB936782.log 6957 bytes
C:\WINDOWS\KB938127.log 18831 bytes
C:\WINDOWS\KB938828.log 32803 bytes
C:\WINDOWS\KB941202.log 21490 bytes
C:\WINDOWS\KB941568.log 19948 bytes
C:\WINDOWS\KB941569.log 22650 bytes
C:\WINDOWS\KB941644.log 31313 bytes
C:\WINDOWS\KB941693.log 27726 bytes
C:\WINDOWS\KB873339.log 30676 bytes
C:\WINDOWS\KB885835.log 36606 bytes
C:\WINDOWS\KB885836.log 35083 bytes
C:\WINDOWS\KB886185.log 12421 bytes
C:\WINDOWS\KB888302.log 18835 bytes
C:\WINDOWS\KB890046.log 25245 bytes
C:\WINDOWS\KB890859.log 13521 bytes
C:\WINDOWS\KB891781.log 26558 bytes
C:\WINDOWS\KB893756.log 34871 bytes
C:\WINDOWS\KB893803v2.log 7470 bytes
C:\WINDOWS\KB894391.log 14919 bytes
C:\WINDOWS\KB896358.log 27497 bytes
C:\WINDOWS\KB896423.log 32626 bytes
C:\WINDOWS\KB896428.log 14869 bytes
C:\WINDOWS\KB899587.log 15937 bytes
C:\WINDOWS\KB899591.log 14391 bytes
C:\WINDOWS\KB900485.log 32692 bytes
C:\WINDOWS\KB900725.log 11822 bytes
C:\WINDOWS\KB901017.log 35017 bytes
C:\WINDOWS\KB901214.log 12095 bytes
C:\WINDOWS\KB902400.log 29986 bytes
C:\WINDOWS\KB905414.log 22873 bytes
C:\WINDOWS\KB905749.log 17056 bytes
C:\WINDOWS\KB908519.log 12756 bytes
C:\WINDOWS\KB908531.log 2658 bytes
C:\WINDOWS\KB910437.log 23695 bytes
C:\WINDOWS\KB911280.log 34065 bytes
C:\WINDOWS\KB911562.log 33386 bytes
C:\WINDOWS\KB911564.log 23678 bytes
C:\WINDOWS\KB911927.log 35470 bytes
C:\WINDOWS\UNNMP.cfg 52536 bytes
C:\WINDOWS\UNNMP.exe 2146304 bytes executable
C:\WINDOWS\updspapi.log 28442 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\VFind.exe 49152 bytes executable
C:\WINDOWS\VGAsetup.ini 92426 bytes
C:\WINDOWS\Viherkivi.bmp 26582 bytes
C:\WINDOWS\VirtualEar
C:\WINDOWS\Viuhkat.bmp 26680 bytes
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\WBEM
C:\WINDOWS\Web
C:\WINDOWS\hpinfo.lnk 800 bytes
C:\WINDOWS\I2E.ini 955203 bytes
C:\WINDOWS\ie7
C:\WINDOWS\ie7updates

scan completed successfully
hidden files: 227

**************************************************************************
.

 

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

SDFix: Version 1.184
Run by User on to 22.05.2008 at 22:34

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\User\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 22:40:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

source file error: C:\WINDOWS\system32\config\system
scanning hidden registry entries ...

source file error: C:\WINDOWS\system32\config\software
scanning hidden files ...

C:\WINDOWS\PeerNet
C:\WINDOWS\PIF
C:\WINDOWS\Pitsikuvio 16.bmp 1272 bytes
C:\WINDOWS\powerplayer.ini 394 bytes
C:\WINDOWS\Preeriatuuli.bmp 65954 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Progress.exe 208896 bytes executable
C:\WINDOWS\Provisioning
C:\WINDOWS\psnetwork.ini 388 bytes
C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes
C:\WINDOWS\regedit.exe 146944 bytes executable
C:\WINDOWS\RegisteredPackages
C:\WINDOWS\Registration
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 1022 bytes
C:\WINDOWS\repair
C:\WINDOWS\Resources
C:\WINDOWS\Saippuakuplat.bmp 65978 bytes
C:\WINDOWS\system.ini 292 bytes
C:\WINDOWS\system32
C:\WINDOWS\taskman.exe 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\TEMP
C:\WINDOWS\tsoc.log 38903 bytes
C:\WINDOWS\twain.dll 94800 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uinst001.exe 69632 bytes executable
C:\WINDOWS\UninstallFirefox.exe 99965 bytes executable
C:\WINDOWS\UNMRW.cfg 35946 bytes
C:\WINDOWS\UNMRW.exe 1069056 bytes executable
C:\WINDOWS\UNNeroVision.cfg 97294 bytes
C:\WINDOWS\imsins.BAK 1374 bytes
C:\WINDOWS\imsins.log 1374 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\InstFunc.dll 12288 bytes executable
C:\WINDOWS\InstFunc.exe 49152 bytes executable
C:\WINDOWS\IsUn040b.exe 306688 bytes executable
C:\WINDOWS\IsUninst.exe 306688 bytes executable
C:\WINDOWS\iun6002.exe 720896 bytes executable
C:\WINDOWS\java
C:\WINDOWS\Kahvikuppi.bmp 17062 bytes
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 915 bytes
C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 280 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1759410 bytes
C:\WINDOWS\winhelp.exe 256832 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmprfFIN.prx 32888 bytes
C:\WINDOWS\wmsetup.log 2934 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\Zapoteekki.bmp 9522 bytes
C:\WINDOWS\zip.exe 68096 bytes executable
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\SchedLgU.Txt 32480 bytes
C:\WINDOWS\security
C:\WINDOWS\sed.exe 98816 bytes executable
C:\WINDOWS\ServicePackFiles
C:\WINDOWS\sessmgr.setup.log 1337 bytes
C:\WINDOWS\SET3.tmp 1014139 bytes
C:\WINDOWS\SET4.tmp 1086058 bytes
C:\WINDOWS\SET8.tmp 14043 bytes
C:\WINDOWS\SETE3.tmp 1086182 bytes
C:\WINDOWS\SETEF.tmp 13923 bytes
C:\WINDOWS\setupact.log 93371 bytes
C:\WINDOWS\setupapi.log 636451 bytes
C:\WINDOWS\setuperr.log 456 bytes
C:\WINDOWS\setuplog.txt 683257 bytes
C:\WINDOWS\ShellNew
C:\WINDOWS\SiS
C:\WINDOWS\SiSport.sys 3583 bytes executable
C:\WINDOWS\SiSUSBrg.exe 106496 bytes executable
C:\WINDOWS\SIS_LIB.DLL 32768 bytes executable
C:\WINDOWS\slrundll.exe 32866 bytes executable
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\spupdsvc.log 31160 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\Sun
C:\WINDOWS\svcpack.log 442502 bytes
C:\WINDOWS\swreg.exe 161792 bytes executable
C:\WINDOWS\swsc.exe 136704 bytes executable
C:\WINDOWS\swxcacls.exe 212480 bytes executable
C:\WINDOWS\KB943055.log 10475 bytes
C:\WINDOWS\KB943460.log 33672 bytes
C:\WINDOWS\KB943485.log 17527 bytes
C:\WINDOWS\KB944338.log 13100 bytes
C:\WINDOWS\KB944653.log 11138 bytes
C:\WINDOWS\KB945553.log 17983 bytes
C:\WINDOWS\KB946026.log 27670 bytes
C:\WINDOWS\KB947864.log 35682 bytes
C:\WINDOWS\KB948590.log 19005 bytes
C:\WINDOWS\KB950749.log 17989 bytes
C:\WINDOWS\LOTR Dark Rider.exe 649069 bytes executable
C:\WINDOWS\LOTR Dark Rider.scr 273304 bytes executable
C:\WINDOWS\medctroc.Log 581 bytes
C:\WINDOWS\Media
C:\WINDOWS\MEMORY.DMP 502677504 bytes
C:\WINDOWS\Mi1cnie1k1rn5n38.dll 188 bytes
C:\WINDOWS\mickey32.dll 30208 bytes executable
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\Minidump
C:\WINDOWS\mozregistry.dat 376 bytes
C:\WINDOWS\mozver.dat 4396 bytes
C:\WINDOWS\msagent
C:\WINDOWS\msapps
C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\msgsocm.log 4893 bytes
C:\WINDOWS\mui
C:\WINDOWS\NeroDigital.ini 116 bytes
C:\WINDOWS\network diagnostic
C:\WINDOWS\Nircmd.exe 28160 bytes executable
C:\WINDOWS\notepad.exe 69632 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\ntbtlog.txt 206548 bytes
C:\WINDOWS\ntdtcsetup.log 27205 bytes
C:\WINDOWS\NuNinst.cfg 83570 bytes
C:\WINDOWS\NuNinst.exe 1134592 bytes executable
C:\WINDOWS\ocgen.log 58913 bytes
C:\WINDOWS\ocmsn.log 5709 bytes
C:\WINDOWS\ODBC.INI 405 bytes
C:\WINDOWS\ODBCINST.INI 4589 bytes
C:\WINDOWS\OEWABLog.txt 410 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\KB914388.log 23584 bytes
C:\WINDOWS\KB914389.log 15100 bytes
C:\WINDOWS\KB918118.log 21104 bytes
C:\WINDOWS\KB918439.log 10231 bytes
C:\WINDOWS\KB919007.log 23481 bytes
C:\WINDOWS\KB920213.log 18835 bytes
C:\WINDOWS\KB920670.log 26883 bytes
C:\WINDOWS\KB920683.log 13019 bytes
C:\WINDOWS\KB920685.log 34323 bytes
C:\WINDOWS\KB920872.log 25471 bytes
C:\WINDOWS\KB922819.log 14851 bytes
C:\WINDOWS\KB923191.log 9120 bytes
C:\WINDOWS\KB923414.log 36595 bytes
C:\WINDOWS\KB923689.log 14967 bytes
C:\WINDOWS\KB923980.log 34064 bytes
C:\WINDOWS\KB924270.log 13576 bytes
C:\WINDOWS\KB924496.log 30970 bytes
C:\WINDOWS\KB924667.log 30054 bytes
C:\WINDOWS\KB925398.log 25434 bytes
C:\WINDOWS\KB925902.log 28288 bytes
C:\WINDOWS\KB926255.log 20445 bytes
C:\WINDOWS\KB926436.log 23639 bytes
C:\WINDOWS\KB927779.log 13091 bytes
C:\WINDOWS\KB928255.log 36641 bytes
C:\WINDOWS\KB928843.log 9809 bytes
C:\WINDOWS\KB929123.log 27396 bytes
C:\WINDOWS\KB930178.log 12687 bytes
C:\WINDOWS\KB930916.log 16834 bytes
C:\WINDOWS\KB931261.log 31812 bytes
C:\WINDOWS\KB931784.log 37100 bytes
C:\WINDOWS\KB932168.log 22554 bytes
C:\WINDOWS\KB933729.log 31197 bytes
C:\WINDOWS\KB935839.log 15023 bytes
C:\WINDOWS\KB935840.log 17890 bytes
C:\WINDOWS\KB936021.log 14088 bytes
C:\WINDOWS\KB936782.log 6957 bytes
C:\WINDOWS\KB938127.log 18831 bytes
C:\WINDOWS\KB938828.log 32803 bytes
C:\WINDOWS\KB941202.log 21490 bytes
C:\WINDOWS\KB941568.log 19948 bytes
C:\WINDOWS\KB941569.log 22650 bytes
C:\WINDOWS\KB941644.log 31313 bytes
C:\WINDOWS\KB941693.log 27726 bytes
C:\WINDOWS\KB873339.log 30676 bytes
C:\WINDOWS\KB885835.log 36606 bytes
C:\WINDOWS\KB885836.log 35083 bytes
C:\WINDOWS\KB886185.log 12421 bytes
C:\WINDOWS\KB888302.log 18835 bytes
C:\WINDOWS\KB890046.log 25245 bytes
C:\WINDOWS\KB890859.log 13521 bytes
C:\WINDOWS\KB891781.log 26558 bytes
C:\WINDOWS\KB893756.log 34871 bytes
C:\WINDOWS\KB893803v2.log 7470 bytes
C:\WINDOWS\KB894391.log 14919 bytes
C:\WINDOWS\KB896358.log 27497 bytes
C:\WINDOWS\KB896423.log 32626 bytes
C:\WINDOWS\KB896428.log 14869 bytes
C:\WINDOWS\KB899587.log 15937 bytes
C:\WINDOWS\KB899591.log 14391 bytes
C:\WINDOWS\KB900485.log 32692 bytes
C:\WINDOWS\KB900725.log 11822 bytes
C:\WINDOWS\KB901017.log 35017 bytes
C:\WINDOWS\KB901214.log 12095 bytes
C:\WINDOWS\KB902400.log 29986 bytes
C:\WINDOWS\KB905414.log 22873 bytes
C:\WINDOWS\KB905749.log 17056 bytes
C:\WINDOWS\KB908519.log 12756 bytes
C:\WINDOWS\KB908531.log 2658 bytes
C:\WINDOWS\KB910437.log 23695 bytes
C:\WINDOWS\KB911280.log 34065 bytes
C:\WINDOWS\KB911562.log 33386 bytes
C:\WINDOWS\KB911564.log 23678 bytes
C:\WINDOWS\KB911927.log 35470 bytes
C:\WINDOWS\UNNMP.cfg 52536 bytes
C:\WINDOWS\UNNMP.exe 2146304 bytes executable
C:\WINDOWS\updspapi.log 28442 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\VFind.exe 49152 bytes executable
C:\WINDOWS\VGAsetup.ini 92426 bytes
C:\WINDOWS\Viherkivi.bmp 26582 bytes
C:\WINDOWS\VirtualEar
C:\WINDOWS\Viuhkat.bmp 26680 bytes
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\WBEM
C:\WINDOWS\Web
C:\WINDOWS\hpinfo.lnk 800 bytes
C:\WINDOWS\I2E.ini 955203 bytes
C:\WINDOWS\ie7
C:\WINDOWS\ie7updates

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 225


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:EnabledPStream"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\AtomFTP\\AtomFTP.exe"="C:\\Program Files\\AtomFTP\\AtomFTP.exe:*:Enabled:AtomFTP - http://pelu.jns.fi/~akarttun/atomftp"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\User\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 31 Jul 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 26 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 10 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 19 Apr 2008 58,880 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Opiskelu\Auskultointi\~WRL0005.tmp"
Sat 19 Apr 2008 68,608 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Opiskelu\Auskultointi\~WRL0175.tmp"
Sun 11 May 2008 54,784 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Opiskelu\Auskultointi\~WRL2005.tmp"
Thu 15 May 2008 26,112 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL0001.tmp"
Thu 15 May 2008 24,064 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL0003.tmp"
Thu 15 May 2008 26,624 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL0004.tmp"
Thu 15 May 2008 40,448 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL0715.tmp"
Thu 15 May 2008 30,208 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL1011.tmp"
Thu 15 May 2008 30,208 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL1216.tmp"
Thu 15 May 2008 27,136 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL1425.tmp"
Thu 15 May 2008 31,232 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL1450.tmp"
Thu 15 May 2008 29,696 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL1792.tmp"
Thu 15 May 2008 31,232 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL2108.tmp"
Thu 15 May 2008 28,160 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL2259.tmp"
Thu 15 May 2008 29,696 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL2787.tmp"
Thu 15 May 2008 24,576 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL3195.tmp"
Thu 15 May 2008 40,448 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL3686.tmp"
Thu 15 May 2008 32,256 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\OVOS\Fuksia\~WRL3710.tmp"
Fri 29 Jun 2007 847,872 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Valokuvia\Gymnaestrada\SIV1BB.tmp"
Thu 15 Feb 2007 540,672 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Valokuvia\Workshop 19.5.07\SIV5.tmp"
Wed 21 Feb 2007 1,052,672 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Valokuvia\Workshop 19.5.07\SIV732.tmp"
Sat 28 Apr 2007 790,528 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Valokuvia\Workshop 19.5.07\SIV7F8.tmp"
Wed 9 May 2007 462,848 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Iinushka\Valokuvia\Workshop 19.5.07\SIV828.tmp"
Thu 15 Feb 2007 540,672 A.SH. --- "C:\Documents and Settings\User\Omat tiedostot\Kuvia\It„valta 10.2.-15.2.2007\oma\SIV5.tmp"
Thu 3 Nov 2005 23,040 A..H. --- "C:\Documents and Settings\User\Omat tiedostot\Koulu\Englanti\Business Correspondence\3. Package\~WRL0001.tmp"
Sun 13 Apr 2008 173,056 ...H. --- "C:\Documents and Settings\User\Omat tiedostot\Koulu\Kansantalous\Semma\alkuraportti\~WRL0610.tmp"

Finished!

ja hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:08, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs.fi/viivijawagner/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9142 bytes

 

vieläkös kone kaatuilee ... mites nuo lämmöt koneessa.

 

Kyllä kaatuilee. Explorer ei toimi ja kun yritin asentaa uudestaan niin kone kaatui. Joku Stop.exe tuli. Mozillakin sulkeutuu välillä.
Biosista katsoin Hardware Monitor ja sieltä System Temperature näytti 42 celsiusta. Ei tunnu ainakaan ulospäin kone kuumalta.

 

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

 

SmitFraudFix v2.320

Scan done at 13:09:16,92, pe 23.05.2008
Run from C:\Documents and Settings\User\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS190 100/10 Ethernet Device - Paketinajoituksen miniportti
DNS Server Search Order: 212.50.131.153
DNS Server Search Order: 213.139.190.3

Description: SiS190 100/10 Ethernet Device - Paketinajoituksen miniportti
DNS Server Search Order: 212.50.131.153
DNS Server Search Order: 213.139.190.3

Description: SiS190 100/10 Ethernet Device - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.2.1

Description: SiS190 100/10 Ethernet Device - Paketinajoituksen miniportti
DNS Server Search Order: 212.50.131.153
DNS Server Search Order: 213.139.190.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A204FD0-EF9D-4E2F-8D58-B4A1C17A8710}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5243A744-E8B5-4FAB-A7AB-6F36FEA92A9E}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{92484C07-D3D7-4EF6-A018-90F50115FCA0}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB8B6D34-F953-49A4-9802-1AF6733876A5}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A204FD0-EF9D-4E2F-8D58-B4A1C17A8710}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5243A744-E8B5-4FAB-A7AB-6F36FEA92A9E}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{92484C07-D3D7-4EF6-A018-90F50115FCA0}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DB8B6D34-F953-49A4-9802-1AF6733876A5}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A204FD0-EF9D-4E2F-8D58-B4A1C17A8710}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5243A744-E8B5-4FAB-A7AB-6F36FEA92A9E}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{92484C07-D3D7-4EF6-A018-90F50115FCA0}: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB8B6D34-F953-49A4-9802-1AF6733876A5}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.50.131.153 213.139.190.3
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.50.131.153 213.139.190.3


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Sain asennettua IE:n ja Mozillan uudestaan. Nyt on toiminut tähän mennessä ihan hyvin. Toivottavasti tuossa edellisessä ei enää näy mitään. Ja ainakin jotain on parantunut, kun aiemmin SmitFraudia asentaessa F-secure ilmoitti, että yksi sen tiedostoista on virus, mutta nyt asentaessa ei ilmoittanut.

 

Ok

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

qttask
jusched
realsched
Reader_sl
SiSUSBrg
SiSPower
PCSync2

käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

===============

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

msconfigissa ei ollut SiSPower

uudelleen käynnistyksen jälkeen ei hjt:ssä ollut:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

laitan hjt:n tähän uudelleen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:55, on 23.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ExtraFilm Kotona\Agent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs.fi/viivijawagner/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8260 bytes

 

loki ok

 

Ok, toivottavasti toimii.
Todella nöyrät kiitokset avusta. Hienoa, että tällainen untuvikko saa apua.