Äidin kone sekaisin, hjt logi

ELi kone tilttailee, netti toimii tunnin normaalisti, ja sen jälkeen pätkii ilman syytä(esim. yritin ladata ad-awarea downloadin sivulta, latasi nätisti 9xx kt/s mutta 99% kohalla lopetti lataamisen ja niin edes päin, joten piti bootata Linuxin puolelle(äitini "ei" tykkää Linuxista(tottunut windowsiin eikä suostu käyttämään mitään muuta, surullista imho)), kone on aika ruoska(iirc celereonin ~1ghz, 1gb ram(ennen oli 512mb, ei vaikuttanut mitenkäät)), mutta ennen toimi ihan ok..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:45, on 28.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Game_Maker6\Game_Maker.exe
C:\WINDOWS\system32\divxsm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57D04AA8-FB35-4F95-BC6C-2B866A757F4C} - C:\WINDOWS\system32\cbXPfccD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S3B9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pirjo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-2225589205-954458941-6109216-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193749647763
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6869 bytes

 

scannaa hjt:llä merkkaa pana Fix checked

O2 - BHO: (no name) - {57D04AA8-FB35-4F95-BC6C-2B866A757F4C} - C:\WINDOWS\system32\cbXPfccD.dll (file missing)
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file)
O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\

sammuta ja käynnistä

----

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 17
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u17-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

---------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

-------

lataa ccleaner ja asenna
aja puhdistaja tutki ja aja ccleaner
aja rekisteri etsi rekisteri virheitä ja korjaa valitut rekisteri virheet

 

Tarkistin koneen ad-awarella(ennen kuin luin viestisi) :

Logfile created: 28.11.2009 15:52:35
Lavasoft Ad-Aware version: 8.1.0
User performing scan: Pirjo

*********************** Definitions database information ***********************
Lavasoft definition file: 149.63
Genotype definition file version: 2009/09/30 07:18:14

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 12477
Objects detected: 18


Type Detected
==========================
Processes.......: 0
Registry entries: 1
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 12
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0
Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0
Description: *.adform* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409300 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0
Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0

Quarantined items:
Description: C:\Documents and Settings\Pirjo\Local Settings\Temp\igropmjd.dll Family Name: Win32.Trojan.Monder Engine: 1 Clean status: Success Item ID: 772574 Family ID: 3235 MD5: c35718170ae800b3ecbc3b3295c913f6
Description: C:\Documents and Settings\Pirjo\Local Settings\Temp\jusched.exe Family Name: Win32.Trojan.HackAV Engine: 1 Clean status: Success Item ID: 401686 Family ID: 5217 MD5: 9bacdee05bc51ed2a6bb9c1c7836f55a
Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\epsxe160\PSXeven\PSXeven\PSXeven_v0.19.exe Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 141577 Family ID: 795 MD5: 50810a45a6901835bbc8eac932262482
Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\mp4PlayerSetup.exe Family Name: Win32.Backdoor.ForBot Engine: 1 Clean status: Success Item ID: 345270 Family ID: 1565 MD5: 7b013064e89ee28f41dc9af4d37dab99
Description: C:\Documents and Settings\Pirjo\Omat tiedostot\jukan\yy-chr.exe Family Name: Win32.Trojan.KillFiles Engine: 1 Clean status: Success Item ID: 585946 Family ID: 1506 MD5: 6e69d62b63cb0dbee1277ac0aad2e6cc
Description: HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:Userinit Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 28364 Family ID: 795

Scan and cleaning complete: Finished correctly after 506 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:0, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:0, value: Daily 1
ID: time, enabled:0, value: Sat Nov 28 15:50:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily2, enabled:0, value: Daily 2
ID: time, enabled:0, value: Sat Nov 28 21:50:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily3, enabled:0, value: Daily 3
ID: time, enabled:0, value: Sat Nov 28 03:50:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily4, enabled:0, value: Daily 4
ID: time, enabled:0, value: Sat Nov 28 09:50:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Nov 28 15:50:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:0, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: CPQ61995584212
Processor name: Intel(R) Celeron(R) CPU 1.70GHz
Processor identifier: x86 Family 15 Model 1 Stepping 3
Processor speed: ~1694MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 259, number of processors 1, processor features: [MMX,SSE,SSE2]
Physical memory available: 433184768 bytes
Physical memory total: 1064812544 bytes
Virtual memory available: 1922899968 bytes
Virtual memory total: 2147352576 bytes
Memory load: 59%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 784 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT-HALLINTA
PID: 872 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT-HALLINTA
PID: 896 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT-HALLINTA
PID: 940 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT-HALLINTA
PID: 952 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1116 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: Verkkopalve domain: NT-HALLINTA
PID: 1268 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1304 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1420 name: C:\WINDOWS\System32\svchost.exe owner: Verkkopalve domain: NT-HALLINTA
PID: 1456 name: C:\WINDOWS\System32\svchost.exe owner: Paikallinen palve domain: NT-HALLINTA
PID: 1660 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1756 name: C:\WINDOWS\System32\svchost.exe owner: Paikallinen palve domain: NT-HALLINTA
PID: 1792 name: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1804 name: C:\Program Files\Comodo\Firewall\cmdagent.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1820 name: C:\Program Files\ESET\ESET Smart Security\ekrn.exe owner: SYSTEM domain: NT-HALLINTA
PID: 1984 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: NT-HALLINTA
PID: 2024 name: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe owner: SYSTEM domain: NT-HALLINTA
PID: 136 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-HALLINTA
PID: 728 name: C:\WINDOWS\System32\alg.exe owner: Paikallinen palve domain: NT-HALLINTA
PID: 640 name: C:\WINDOWS\Explorer.EXE owner: Pirjo domain: CPQ61995584212
PID: 176 name: C:\Program Files\Analog Devices\SoundMAX\Smtray.exe owner: Pirjo domain: CPQ61995584212
PID: 184 name: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe owner: Pirjo domain: CPQ61995584212
PID: 852 name: C:\Program Files\Winamp\winampa.exe owner: Pirjo domain: CPQ61995584212
PID: 864 name: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe owner: Pirjo domain: CPQ61995584212
PID: 876 name: C:\Program Files\Comodo\Firewall\CPF.exe owner: Pirjo domain: CPQ61995584212
PID: 1080 name: C:\Program Files\ESET\ESET Smart Security\egui.exe owner: Pirjo domain: CPQ61995584212
PID: 1132 name: C:\WINDOWS\system32\ctfmon.exe owner: Pirjo domain: CPQ61995584212
PID: 300 name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE owner: Pirjo domain: CPQ61995584212
PID: 448 name: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe owner: Pirjo domain: CPQ61995584212
PID: 2372 name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe owner: SYSTEM domain: NT-HALLINTA
PID: 2484 name: C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe owner: SYSTEM domain: NT-HALLINTA
PID: 2516 name: C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe owner: SYSTEM domain: NT-HALLINTA
PID: 3168 name: C:\WINDOWS\System32\msiexec.exe owner: SYSTEM domain: NT-HALLINTA
PID: 3600 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Pirjo domain: CPQ61995584212
PID: 3636 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-HALLINTA
PID: 3704 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-HALLINTA
PID: 3732 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT-HALLINTA
PID: 3924 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Pirjo domain: CPQ61995584212

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: Smapp
imagepath: C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
Name: DrvLsnr
imagepath: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
Name: AutoLogon
Name: IgfxTray
imagepath: C:\WINDOWS\System32\igfxtray.exe
Name: WinampAgent
imagepath: "C:\Program Files\Winamp\winampa.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Name: COMODO Firewall Pro
imagepath: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: egui
imagepath: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Name: CTFMON.EXE
imagepath: C:\WINDOWS\System32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Sovelluskerroksen yhdyskäytäväpalvelu
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: BITS-tausta-ajo (Background Intelligent Transfer Service)
Name: BlueSoleil Hid Service
displayname: BlueSoleil Hid Service
Name: Browser
displayname: Tietokoneiden selaus
Name: CmdAgent
displayname: Comodo Application Agent
Name: CryptSvc
displayname: Salauspalvelut
Name: DcomLaunch
displayname: DCOM-palvelinprosessin käynnistys
Name: Dhcp
displayname: DHCP-asiakas
Name: Dnscache
displayname: DNS-asiakas
Name: ekrn
displayname: Eset Service
Name: ERSvc
displayname: Virheraportointipalvelut
Name: Eventlog
displayname: Tapahtumaloki
Name: EventSystem
displayname: COM+-tapahtumajärjestelmä
Name: FastUserSwitchingCompatibility
displayname: Nopean käyttäjän vaihdon yhteensopivuus
Name: helpsvc
displayname: Ohjeet ja tuotetuki
Name: HidServ
displayname: HID Input Service
Name: lanmanserver
displayname: Palvelin
Name: lanmanworkstation
displayname: Työasema
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MSIServer
displayname: Windows Installer
Name: Netman
displayname: Verkkoyhteydet
Name: Nla
displayname: NLA-nimiavaruus (Network Location Awareness)
Name: PlugPlay
displayname: Plug and Play
Name: PnkBstrA
displayname: PnkBstrA
Name: PolicyAgent
displayname: IPSEC-palvelut
Name: ProtectedStorage
displayname: Suojattu tallennuspaikka
Name: RasMan
displayname: Etäkäytön (RAS) yhteyksienhallinta
Name: RpcSs
displayname: Etäproseduurikutsu (RPC)
Name: SamSs
displayname: Käyttöoikeustilien hallinta
Name: Schedule
displayname: Tehtävien ajoitus
Name: seclogon
displayname: Toissijainen kirjautuminen
Name: SENS
displayname: Järjestelmätapahtuman ilmoitus
Name: ServiceLayer
displayname: ServiceLayer
Name: SharedAccess
displayname: Windowsin palomuuri / Internet-yhteyden jakaminen (ICS)
Name: ShellHWDetection
displayname: Käyttöliittymän laitteistotunnistus
Name: SoundMAX Agent Service (default)
displayname: SoundMAX Agent Service
Name: Spooler
displayname: Taustatulostusohjain
Name: srservice
displayname: Järjestelmän palauttaminen -palvelu
Name: SSDPSRV
displayname: SSDP-palvelu (Simple Service Discovery Protocol)
Name: stisvc
displayname: WIA (Windows Image Acquisition)
Name: TapiSrv
displayname: Puhelin
Name: TermService
displayname: Päätepalvelut
Name: Themes
displayname: Teemat
Name: TrkWks
displayname: Tiedostolinkkijäljityksen asiakas
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: WMI-palvelu (Windows Management Instrumentation)
Name: wscsvc
displayname: Tietoturvakeskus
Name: wuauserv
displayname: Automaattiset päivitykset
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service

hjt-logi(merkkasin ja painoin fix checkd mitä sanoit, tai ainakin ne mitkä löysin):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:59, on 28.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S3B9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pirjo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193749647763
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6330 bytes

kone on huomattavasti nopeampi, teen loput paremmalla ajalla(nyt on vähän kiire IRL:in kanssa)

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {EFA46182-0693-4BA7-972E-607548327B92} - (no file)
O20 - Winlogon Notify: awtqnkHy - C:\WINDOWS\