Jos joku kehtaisi vilkaista. Kone käy todella hitaasti, jo pelkkä internetinkin selailu nostaa suorituskyvyn 60% Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:47:43, on 22.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O1 - Hosts: 62.146.66.181 dl1.avgate.net O1 - Hosts: 62.146.66.182 dl2.avgate.net O1 - Hosts: 62.146.66.183 dl3.avgate.net O1 - Hosts: 62.146.66.184 dl4.avgate.net O1 - Hosts: 80.190.143.23 dl5.avgate.net O1 - Hosts: 80.190.143.23 dl6.avgate.net O1 - Hosts: 62.146.66.178 dl7.avgate.net O1 - Hosts: 62.146.66.179 dl8.avgate.net O1 - Hosts: 80.190.143.239 dl9.avgate.net O1 - Hosts: 80.190.143.230 dl10.avgate.ne O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Soft bone] C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1\Rect noun.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [AntivirusDoc] C:\Program Files\AntivirusDoc1.0\AntivirusDoc.exe O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\FJS-PC\LOCALS~1\Temp\video1018.cfg.exe O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}: NameServer = 85.255.113.109,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\..\{6623328D-642B-4938-BA88-C022DE0848C2}: NameServer = 85.255.113.109,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}: NameServer = 85.255.113.109,85.255.112.212 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CS1\Services\Tcpip\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}: NameServer = 85.255.113.109,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9701 bytes
Eipä ihme sulla näkyy olevan melkoinen örkki-armeija !!! ----------------------------------------------------------------------- Your ip: 80.190.143.23 Network Owner: IP PARTNER Country: Germany Area: Bayern City: Nuernberg ------------------------- 85.255.113.109 org-name: UkrTeleGroup Ltd. address: UkrTeleGroup Ltd. address: Mechnikova 58/5 65029 Odessa --------------------------------------------------------- On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen Lataa Lop S&D täältä Tuplaklikkaa Lop S&D.exeä Valitse Suomi kieleksi painamalla U ja Enter. Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter Odota, kunnes tarkistus on valmis Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt --------------------------------------------------------------- Lataa Malwarebytes' Anti-Malware työpöydällesi. Jos linkki ei toimi, voit ladata myös seuraavista linkeistä: Linkki1 Linkki2 * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset. * Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi.[/list] Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset. Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. Sekä C:\lopR.txt raportti => .
--------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : FJS-PC ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 (Activated) Firewall : ZoneAlarm Firewall 7.0.470.000 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:71 Go) D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) J:\ (CD or DVD) K:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( ke 22.07.2009|23:09 ) --------------------\\ Listaa hakemistoja sijainnissa APPLIC~1 [02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [14.02.2009|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{90F3B5EB-A471-42F9-A905-991C2DB2312C} [14.02.2009|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D} [16.01.2009|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [16.01.2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [18.06.2007|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CITYAUDIOTWOWAIT [14.02.2009|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative [18.02.2009|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations [22.07.2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [15.03.2007|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [30.04.2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [28.09.2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [01.07.2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08.07.2007|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia [27.04.2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [07.03.2007|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [07.12.2006|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [21.01.2007|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12.02.2007|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua [22|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana [14.09.2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI [07.12.2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [07.12.2006|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua [5|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana [22.04.2008|12:08] C:\DOCUME~1\FJS-PC\APPLIC~1\Adobe [05.01.2008|09:57] C:\DOCUME~1\FJS-PC\APPLIC~1\AdobeUM [16.01.2007|12:54] C:\DOCUME~1\FJS-PC\APPLIC~1\Ahead [14.09.2008|19:34] C:\DOCUME~1\FJS-PC\APPLIC~1\ATI [12.09.2007|10:45] C:\DOCUME~1\FJS-PC\APPLIC~1\BitTorrent [17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\Common Files [14.02.2009|17:03] C:\DOCUME~1\FJS-PC\APPLIC~1\Creative [07.07.2009|01:00] C:\DOCUME~1\FJS-PC\APPLIC~1\DC++ [22.08.2007|23:49] C:\DOCUME~1\FJS-PC\APPLIC~1\DeleteScrLocks [28.11.2007|01:18] C:\DOCUME~1\FJS-PC\APPLIC~1\fretsonfire [19.01.2007|21:30] C:\DOCUME~1\FJS-PC\APPLIC~1\F-Secure [21.01.2007|01:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Google [29.04.2007|18:43] C:\DOCUME~1\FJS-PC\APPLIC~1\Help [17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\HP [07.12.2006|01:56] C:\DOCUME~1\FJS-PC\APPLIC~1\Identities [16.01.2007|12:48] C:\DOCUME~1\FJS-PC\APPLIC~1\InterVideo [19.01.2007|19:54] C:\DOCUME~1\FJS-PC\APPLIC~1\ispnews [29.04.2007|22:52] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc [30.04.2007|18:39] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc Software Inc [12.03.2008|15:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Lavasoft [10.03.2008|01:36] C:\DOCUME~1\FJS-PC\APPLIC~1\Leadertech [22.07.2007|20:14] C:\DOCUME~1\FJS-PC\APPLIC~1\Macromedia [17.02.2009|20:06] C:\DOCUME~1\FJS-PC\APPLIC~1\Microsoft [31.05.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Mozilla [27.07.2007|14:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Nokia [07.08.2007|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\PC Suite [22.07.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Samsung [01.07.2007|15:04] C:\DOCUME~1\FJS-PC\APPLIC~1\SecuROM [13.03.2007|12:42] C:\DOCUME~1\FJS-PC\APPLIC~1\SeekmoToolbar [03.02.2007|16:37] C:\DOCUME~1\FJS-PC\APPLIC~1\Share-to-Web-latauskansio [20.08.2007|19:59] C:\DOCUME~1\FJS-PC\APPLIC~1\Soldat [21.01.2007|23:23] C:\DOCUME~1\FJS-PC\APPLIC~1\Sun [28.01.2007|22:25] C:\DOCUME~1\FJS-PC\APPLIC~1\Template [20.09.2008|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\ubi.com [24.01.2009|12:16] C:\DOCUME~1\FJS-PC\APPLIC~1\vghd [21.01.2007|13:10] C:\DOCUME~1\FJS-PC\APPLIC~1\WinRAR [12.02.2007|17:39] C:\DOCUME~1\FJS-PC\APPLIC~1\yahoo! [0|tiedosto(a)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua [39|kansio(ta)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua vapaana [24.06.2009|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe [05.03.2007|23:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua [4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana [07.12.2006|01:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana --------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks [20.07.2009 11:24][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [15.09.2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [22.07.2009 22:55][--ah-----] C:\WINDOWS\tasks\SA.DAT --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files [09.02.2008|22:06] C:\Program Files\7-Zip [07.12.2008|20:38] C:\Program Files\Activision [04.12.2008|13:48] C:\Program Files\Activision Value [16.01.2009|21:53] C:\Program Files\Adobe [16.01.2007|10:37] C:\Program Files\Ahead [31.10.2007|20:44] C:\Program Files\Alcohol Soft [07.03.2007|22:00] C:\Program Files\Alwil Software [14.08.2008|23:48] C:\Program Files\AntivirusDoc1.0 [17.02.2009|19:02] C:\Program Files\anysee [14.09.2008|19:53] C:\Program Files\ATI Technologies [14.02.2009|17:00] C:\Program Files\Audible [07.02.2007|22:57] C:\Program Files\base [15.02.2008|22:02] C:\Program Files\BUFFALO [13.12.2008|21:59] C:\Program Files\Call of Duty [08.01.2009|17:36] C:\Program Files\CCleaner [14.04.2009|16:43] C:\Program Files\Common Files [07.12.2006|01:51] C:\Program Files\ComPlus Applications [09.07.2008|16:35] C:\Program Files\Conduit [29.05.2007|22:17] C:\Program Files\CoolBasic [14.02.2009|17:01] C:\Program Files\Creative [24.12.2008|11:41] C:\Program Files\Creative Labs [18.06.2007|15:05] C:\Program Files\DAEMON Tools [22.04.2007|14:45] C:\Program Files\DaemonTools_WhenUSave_Installer [11.06.2009|06:14] C:\Program Files\DC++ [12.03.2007|20:49] C:\Program Files\DeleteScrLocks [27.04.2007|21:58] C:\Program Files\DIFX [21.01.2007|15:22] C:\Program Files\directx [07.02.2007|23:01] C:\Program Files\Docs [24.05.2009|18:55] C:\Program Files\DOSBox-0.72 [31.01.2009|19:32] C:\Program Files\EA Games [22.07.2009|11:18] C:\Program Files\EA SPORTS [14.04.2009|16:36] C:\Program Files\Eidos Interactive [24.12.2008|11:41] C:\Program Files\EidosNet [07.06.2007|23:34] C:\Program Files\ePSXe [07.02.2007|22:56] C:\Program Files\Extras [09.02.2007|20:23] C:\Program Files\ffdshow [01.09.2008|16:40] C:\Program Files\free-downloads.net [07.02.2007|23:12] C:\Program Files\GameSpy Arcade [22.07.2009|11:14] C:\Program Files\Google [03.02.2007|16:53] C:\Program Files\Hewlett-Packard [03.02.2007|16:55] C:\Program Files\HP [08.12.2008|19:07] C:\Program Files\Infogrames [22.07.2009|11:30] C:\Program Files\InstallShield Installation Information [22.09.2008|03:01] C:\Program Files\Internet Explorer [07.12.2006|02:50] C:\Program Files\InterVideo [28.01.2007|00:32] C:\Program Files\IrfanView [30.04.2007|18:39] C:\Program Files\Jasc Software Inc [24.05.2009|18:06] C:\Program Files\Java [02.04.2009|11:16] C:\Program Files\Lavasoft [03.03.2007|11:06] C:\Program Files\MagicISO [22.09.2008|03:03] C:\Program Files\Messenger [07.12.2006|01:53] C:\Program Files\microsoft frontpage [26.06.2000|09:37] C:\Program Files\Microsoft Office [07.12.2006|02:50] C:\Program Files\Microsoft Works [26.06.2000|09:37] C:\Program Files\Movie Maker [04.04.2007|23:50] C:\Program Files\MovieBox [22.07.2009|23:03] C:\Program Files\Mozilla Firefox [26.06.2000|09:37] C:\Program Files\MSN Gaming Zone [23.02.2007|08:20] C:\Program Files\MSN Messenger [05.02.2007|03:13] C:\Program Files\MSXML 4.0 [09.03.2007|17:36] C:\Program Files\MuSoft Builders [15.08.2008|00:21] C:\Program Files\netfilter [26.06.2000|09:39] C:\Program Files\NetMeeting [14.04.2009|16:43] C:\Program Files\Nokia [26.06.2000|09:40] C:\Program Files\Online Services [14.06.2007|03:02] C:\Program Files\Outlook Express [27.04.2007|21:57] C:\Program Files\PC Connectivity Solution [02.04.2009|17:24] C:\Program Files\ProPilkki2 [13.01.2009|10:39] C:\Program Files\Red Storm Entertainment [17.03.2007|12:18] C:\Program Files\Registry Mechanic [06.04.2009|15:48] C:\Program Files\Rockstar Games [27.04.2007|22:01] C:\Program Files\SimpleCenter [11.05.2007|07:04] C:\Program Files\Sonera [05.01.2007|16:40] C:\Program Files\Sonera Installers [05.01.2007|16:28] C:\Program Files\Sovellusten pikakuvakkeet [06.04.2009|14:32] C:\Program Files\Sports Interactive [21.07.2009|22:34] C:\Program Files\Steam [15.08.2008|11:26] C:\Program Files\Sun [18.07.2008|17:10] C:\Program Files\Thief2 [18.02.2009|19:18] C:\Program Files\THQ [29.05.2007|22:17] C:\Program Files\Tilester [22.07.2009|13:46] C:\Program Files\Trend Micro [11.12.2008|18:48] C:\Program Files\TryMedia [20.09.2008|22:02] C:\Program Files\Ubi Soft [20.09.2008|22:10] C:\Program Files\ubi.com [28.12.2008|14:54] C:\Program Files\Ubisoft [07.02.2007|23:01] C:\Program Files\Uninstall [07.12.2006|01:56] C:\Program Files\Uninstall Information [02.03.2007|00:58] C:\Program Files\URUSoft [07.10.2008|12:14] C:\Program Files\Valve [25.01.2009|18:17] C:\Program Files\vghd [04.04.2007|23:59] C:\Program Files\Video Access ActiveX Object [24.05.2007|01:54] C:\Program Files\Video ActiveX Access [29.03.2009|19:14] C:\Program Files\viewsonic [12.02.2007|17:50] C:\Program Files\Windows Live Toolbar [08.03.2007|18:40] C:\Program Files\Windows Media Connect 2 [05.03.2007|23:12] C:\Program Files\Windows Media Player [26.06.2000|09:38] C:\Program Files\Windows NT [07.12.2006|01:52] C:\Program Files\WindowsUpdate [21.01.2007|13:10] C:\Program Files\WinRAR [04.04.2007|21:29] C:\Program Files\WON [07.12.2006|01:53] C:\Program Files\xerox [21.01.2007|00:42] C:\Program Files\Xvid [08.05.2009|13:33] C:\Program Files\Yahoo! [07.03.2007|23:21] C:\Program Files\Zone Labs [16.01.2008|11:43] C:\Program Files\ZoneAlarmSB [0|tiedosto(a)] C:\Program Files\tavua [108|kansio(ta)] C:\Program Files\tavua vapaana --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files [16.01.2009|21:53] C:\Program Files\Common Files\Adobe [16.01.2007|10:36] C:\Program Files\Common Files\Ahead [03.02.2007|16:54] C:\Program Files\Common Files\Hewlett-Packard [03.02.2007|16:48] C:\Program Files\Common Files\HP [27.04.2007|22:01] C:\Program Files\Common Files\i4j_jres [20.05.2008|23:47] C:\Program Files\Common Files\InstallShield [17.02.2009|19:02] C:\Program Files\Common Files\IviSDK [30.04.2007|18:40] C:\Program Files\Common Files\Jasc Software Inc [21.01.2007|23:19] C:\Program Files\Common Files\Java [24.06.2009|14:54] C:\Program Files\Common Files\Microsoft Shared [07.12.2006|01:51] C:\Program Files\Common Files\MSSoap [28.11.2007|18:03] C:\Program Files\Common Files\Nero [07.12.2006|03:47] C:\Program Files\Common Files\ODBC [20.09.2008|22:10] C:\Program Files\Common Files\PocketSoft [26.06.2000|09:37] C:\Program Files\Common Files\Services [07.12.2006|03:47] C:\Program Files\Common Files\SpeechEngines [19.01.2007|19:18] C:\Program Files\Common Files\SupportSoft [02.10.2007|07:42] C:\Program Files\Common Files\Symantec Shared [14.06.2007|03:02] C:\Program Files\Common Files\System [0|tiedosto(a)] C:\Program Files\Common Files\tavua [21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana --------------------\\ Process ( 46 Processes ) ... OK ! --------------------\\ Etsii S_Lopilla C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1 --------------------\\ Etsii Lopin tiedostoja ja kansioita Lopin kansioita ei löytynyt ! --------------------\\ Etsii rekisterikohteita [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpl surf multi] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\FJS-PC\\APPLIC~1\\DELETE~1\\Rect noun.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Soft bone"="C:\\DOCUME~1\\FJS-PC\\APPLIC~1\\DELETE~1\\Rect noun.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] --------------------\\ Tarkistaa Hosts-tiedostoa Hosts-tiedosto SAASTUNUT 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 82 [ 70 ## added by CiD ] /!\ 11 Not 127.0.0.1 !! --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-22 23:11:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Tarkistaa muita infektioita [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{6623328D-642B-4938-BA88-C022DE0848C2}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{6623328D-642B-4938-BA88-C022DE0848C2}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{6623328D-642B-4938-BA88-C022DE0848C2}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{6623328D-642B-4938-BA88-C022DE0848C2}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{61A0850B-65A9-445A-A751-CD0ABF3DA8EB}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{6623328D-642B-4938-BA88-C022DE0848C2}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{6623328D-642B-4938-BA88-C022DE0848C2}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] NameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{73A07664-4E0B-42F5-9C4B-61AB80057C39}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C02B9786-4AAA-4755-AFF8-6DD9D64BB46E}] DhcpNameServer REG_SZ 85.255.113.109,85.255.112.212 ==> WAREOUT <== [F:14][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\Temp [F:1][D:0]-> C:\DOCUME~1\FJS-PC\Cookies [F:14][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - ke 22.07.2009|23:12 - Option : [1] --------------------\\ Tarkistus valmistui 23:12:50
Ja tässä tämä, laitan vielä sen HJTlogin Malwarebytes' Anti-Malware 1.39 Tietokantaversio: 2421 Windows 5.1.2600 Service Pack 2 23.7.2009 0:24:52 mbam-log-2009-07-23 (00-24-52).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 174199 Kulunut aika: 1 hour(s), 3 minute(s), 20 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 15 Saastuneita rekisteriarvoja: 5 Saastuneita rekisterikohteita: 20 Saastuneita hakemistoja: 16 Saastuneita tiedostoja: 5 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\seekmotoolbar.skcommband (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmotoolbar.skcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntiVirusDoc (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband.1 (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirusDoc (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{61a0850b-65a9-445a-a751-cd0abf3da8eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6623328d-642b-4938-ba88-c022de0848c2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73a07664-4e0b-42f5-9c4b-61ab80057c39}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c02b9786-4aaa-4755-aff8-6dd9d64bb46e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.109,85.255.112.212 -> Quarantined and deleted successfully. Saastuneita hakemistoja: C:\Program Files\video access activex object (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\SeekmoToolbar (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\IESkins (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOI (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOI\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOL (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoOL\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\SeekmoToolbar (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\2 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\v3.0\seekmotoolbar\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully. c:\program files\AntivirusDoc1.0 (Rogue.AntiVirusDoc) -> Quarantined and deleted successfully. Saastuneita tiedostoja: c:\win servicepack crack\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\sys33\kill.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sys33\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\FJS-PC\application data\seekmotoolbar\skbar.log (Adware.Seekmo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\el32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HjT logi uudestaan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:47:46, on 23.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O1 - Hosts: 62.146.66.181 dl1.avgate.net O1 - Hosts: 62.146.66.182 dl2.avgate.net O1 - Hosts: 62.146.66.183 dl3.avgate.net O1 - Hosts: 62.146.66.184 dl4.avgate.net O1 - Hosts: 80.190.143.23 dl5.avgate.net O1 - Hosts: 80.190.143.23 dl6.avgate.net O1 - Hosts: 62.146.66.178 dl7.avgate.net O1 - Hosts: 62.146.66.179 dl8.avgate.net O1 - Hosts: 80.190.143.239 dl9.avgate.net O1 - Hosts: 80.190.143.230 dl10.avgate.ne O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Soft bone] C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1\Rect noun.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8983 bytes
Jatketaan => Käynnistä Lop S&D Valitse Optio 2 (Korjaa + Hosts) painamalla 2 ja Enter ÄLÄ sulje ikkunaa korjauksen aikana! Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt ja Uusi HJT:n logi .
--------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : FJS-PC ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 (Activated) Firewall : ZoneAlarm Firewall 7.0.470.000 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:70 Go) D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) J:\ (CD or DVD) K:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( to 23.07.2009|14:06 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa Poistettu! - C:\DOCUME~1\FJS-PC\APPLIC~1\DELETE~1 Poistettu! - C:\Program Files\DELETE~1 - [ Hosts-tiedosto ] .. Palautettu ! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listaa hakemistoja sijainnissa APPLIC~1 [02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [14.02.2009|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{90F3B5EB-A471-42F9-A905-991C2DB2312C} [14.02.2009|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D} [16.01.2009|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [16.01.2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [18.06.2007|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CITYAUDIOTWOWAIT [14.02.2009|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative [18.02.2009|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations [22.07.2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [15.03.2007|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [30.04.2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02.04.2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [28.09.2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [22.07.2009|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [01.07.2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [08.07.2007|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia [27.04.2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [07.03.2007|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [07.12.2006|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [21.01.2007|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12.02.2007|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua [23|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana [14.09.2008|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI [07.12.2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [07.12.2006|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua [5|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana [22.04.2008|12:08] C:\DOCUME~1\FJS-PC\APPLIC~1\Adobe [05.01.2008|09:57] C:\DOCUME~1\FJS-PC\APPLIC~1\AdobeUM [16.01.2007|12:54] C:\DOCUME~1\FJS-PC\APPLIC~1\Ahead [14.09.2008|19:34] C:\DOCUME~1\FJS-PC\APPLIC~1\ATI [12.09.2007|10:45] C:\DOCUME~1\FJS-PC\APPLIC~1\BitTorrent [17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\Common Files [14.02.2009|17:03] C:\DOCUME~1\FJS-PC\APPLIC~1\Creative [07.07.2009|01:00] C:\DOCUME~1\FJS-PC\APPLIC~1\DC++ [28.11.2007|01:18] C:\DOCUME~1\FJS-PC\APPLIC~1\fretsonfire [19.01.2007|21:30] C:\DOCUME~1\FJS-PC\APPLIC~1\F-Secure [21.01.2007|01:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Google [29.04.2007|18:43] C:\DOCUME~1\FJS-PC\APPLIC~1\Help [17.04.2007|06:16] C:\DOCUME~1\FJS-PC\APPLIC~1\HP [07.12.2006|01:56] C:\DOCUME~1\FJS-PC\APPLIC~1\Identities [16.01.2007|12:48] C:\DOCUME~1\FJS-PC\APPLIC~1\InterVideo [19.01.2007|19:54] C:\DOCUME~1\FJS-PC\APPLIC~1\ispnews [29.04.2007|22:52] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc [30.04.2007|18:39] C:\DOCUME~1\FJS-PC\APPLIC~1\Jasc Software Inc [12.03.2008|15:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Lavasoft [10.03.2008|01:36] C:\DOCUME~1\FJS-PC\APPLIC~1\Leadertech [22.07.2007|20:14] C:\DOCUME~1\FJS-PC\APPLIC~1\Macromedia [22.07.2009|23:17] C:\DOCUME~1\FJS-PC\APPLIC~1\Malwarebytes [17.02.2009|20:06] C:\DOCUME~1\FJS-PC\APPLIC~1\Microsoft [31.05.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Mozilla [27.07.2007|14:21] C:\DOCUME~1\FJS-PC\APPLIC~1\Nokia [07.08.2007|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\PC Suite [22.07.2009|11:30] C:\DOCUME~1\FJS-PC\APPLIC~1\Samsung [01.07.2007|15:04] C:\DOCUME~1\FJS-PC\APPLIC~1\SecuROM [03.02.2007|16:37] C:\DOCUME~1\FJS-PC\APPLIC~1\Share-to-Web-latauskansio [20.08.2007|19:59] C:\DOCUME~1\FJS-PC\APPLIC~1\Soldat [21.01.2007|23:23] C:\DOCUME~1\FJS-PC\APPLIC~1\Sun [28.01.2007|22:25] C:\DOCUME~1\FJS-PC\APPLIC~1\Template [20.09.2008|22:10] C:\DOCUME~1\FJS-PC\APPLIC~1\ubi.com [24.01.2009|12:16] C:\DOCUME~1\FJS-PC\APPLIC~1\vghd [21.01.2007|13:10] C:\DOCUME~1\FJS-PC\APPLIC~1\WinRAR [12.02.2007|17:39] C:\DOCUME~1\FJS-PC\APPLIC~1\yahoo! [0|tiedosto(a)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua [38|kansio(ta)] C:\DOCUME~1\FJS-PC\APPLIC~1\tavua vapaana [24.06.2009|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe [05.03.2007|23:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua [4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana [07.12.2006|01:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua [3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana --------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks [23.07.2009 11:25][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [15.09.2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [23.07.2009 03:20][--ah-----] C:\WINDOWS\tasks\SA.DAT --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files [09.02.2008|22:06] C:\Program Files\7-Zip [07.12.2008|20:38] C:\Program Files\Activision [04.12.2008|13:48] C:\Program Files\Activision Value [16.01.2009|21:53] C:\Program Files\Adobe [16.01.2007|10:37] C:\Program Files\Ahead [31.10.2007|20:44] C:\Program Files\Alcohol Soft [07.03.2007|22:00] C:\Program Files\Alwil Software [17.02.2009|19:02] C:\Program Files\anysee [14.09.2008|19:53] C:\Program Files\ATI Technologies [14.02.2009|17:00] C:\Program Files\Audible [07.02.2007|22:57] C:\Program Files\base [15.02.2008|22:02] C:\Program Files\BUFFALO [13.12.2008|21:59] C:\Program Files\Call of Duty [08.01.2009|17:36] C:\Program Files\CCleaner [14.04.2009|16:43] C:\Program Files\Common Files [07.12.2006|01:51] C:\Program Files\ComPlus Applications [09.07.2008|16:35] C:\Program Files\Conduit [29.05.2007|22:17] C:\Program Files\CoolBasic [14.02.2009|17:01] C:\Program Files\Creative [24.12.2008|11:41] C:\Program Files\Creative Labs [18.06.2007|15:05] C:\Program Files\DAEMON Tools [22.04.2007|14:45] C:\Program Files\DaemonTools_WhenUSave_Installer [11.06.2009|06:14] C:\Program Files\DC++ [27.04.2007|21:58] C:\Program Files\DIFX [21.01.2007|15:22] C:\Program Files\directx [07.02.2007|23:01] C:\Program Files\Docs [24.05.2009|18:55] C:\Program Files\DOSBox-0.72 [31.01.2009|19:32] C:\Program Files\EA Games [22.07.2009|11:18] C:\Program Files\EA SPORTS [14.04.2009|16:36] C:\Program Files\Eidos Interactive [24.12.2008|11:41] C:\Program Files\EidosNet [07.06.2007|23:34] C:\Program Files\ePSXe [07.02.2007|22:56] C:\Program Files\Extras [09.02.2007|20:23] C:\Program Files\ffdshow [01.09.2008|16:40] C:\Program Files\free-downloads.net [07.02.2007|23:12] C:\Program Files\GameSpy Arcade [22.07.2009|11:14] C:\Program Files\Google [03.02.2007|16:53] C:\Program Files\Hewlett-Packard [03.02.2007|16:55] C:\Program Files\HP [08.12.2008|19:07] C:\Program Files\Infogrames [22.07.2009|11:30] C:\Program Files\InstallShield Installation Information [23.07.2009|03:09] C:\Program Files\Internet Explorer [07.12.2006|02:50] C:\Program Files\InterVideo [28.01.2007|00:32] C:\Program Files\IrfanView [30.04.2007|18:39] C:\Program Files\Jasc Software Inc [24.05.2009|18:06] C:\Program Files\Java [02.04.2009|11:16] C:\Program Files\Lavasoft [03.03.2007|11:06] C:\Program Files\MagicISO [22.07.2009|23:17] C:\Program Files\Malwarebytes' Anti-Malware [22.09.2008|03:03] C:\Program Files\Messenger [07.12.2006|01:53] C:\Program Files\microsoft frontpage [26.06.2000|09:37] C:\Program Files\Microsoft Office [07.12.2006|02:50] C:\Program Files\Microsoft Works [26.06.2000|09:37] C:\Program Files\Movie Maker [04.04.2007|23:50] C:\Program Files\MovieBox [23.07.2009|14:01] C:\Program Files\Mozilla Firefox [26.06.2000|09:37] C:\Program Files\MSN Gaming Zone [23.02.2007|08:20] C:\Program Files\MSN Messenger [05.02.2007|03:13] C:\Program Files\MSXML 4.0 [09.03.2007|17:36] C:\Program Files\MuSoft Builders [15.08.2008|00:21] C:\Program Files\netfilter [26.06.2000|09:39] C:\Program Files\NetMeeting [14.04.2009|16:43] C:\Program Files\Nokia [26.06.2000|09:40] C:\Program Files\Online Services [14.06.2007|03:02] C:\Program Files\Outlook Express [27.04.2007|21:57] C:\Program Files\PC Connectivity Solution [02.04.2009|17:24] C:\Program Files\ProPilkki2 [13.01.2009|10:39] C:\Program Files\Red Storm Entertainment [17.03.2007|12:18] C:\Program Files\Registry Mechanic [06.04.2009|15:48] C:\Program Files\Rockstar Games [27.04.2007|22:01] C:\Program Files\SimpleCenter [11.05.2007|07:04] C:\Program Files\Sonera [05.01.2007|16:40] C:\Program Files\Sonera Installers [05.01.2007|16:28] C:\Program Files\Sovellusten pikakuvakkeet [06.04.2009|14:32] C:\Program Files\Sports Interactive [23.07.2009|00:56] C:\Program Files\Steam [15.08.2008|11:26] C:\Program Files\Sun [18.07.2008|17:10] C:\Program Files\Thief2 [18.02.2009|19:18] C:\Program Files\THQ [29.05.2007|22:17] C:\Program Files\Tilester [22.07.2009|13:46] C:\Program Files\Trend Micro [11.12.2008|18:48] C:\Program Files\TryMedia [20.09.2008|22:02] C:\Program Files\Ubi Soft [20.09.2008|22:10] C:\Program Files\ubi.com [28.12.2008|14:54] C:\Program Files\Ubisoft [07.02.2007|23:01] C:\Program Files\Uninstall [07.12.2006|01:56] C:\Program Files\Uninstall Information [02.03.2007|00:58] C:\Program Files\URUSoft [07.10.2008|12:14] C:\Program Files\Valve [25.01.2009|18:17] C:\Program Files\vghd [29.03.2009|19:14] C:\Program Files\viewsonic [12.02.2007|17:50] C:\Program Files\Windows Live Toolbar [08.03.2007|18:40] C:\Program Files\Windows Media Connect 2 [05.03.2007|23:12] C:\Program Files\Windows Media Player [26.06.2000|09:38] C:\Program Files\Windows NT [07.12.2006|01:52] C:\Program Files\WindowsUpdate [21.01.2007|13:10] C:\Program Files\WinRAR [04.04.2007|21:29] C:\Program Files\WON [07.12.2006|01:53] C:\Program Files\xerox [21.01.2007|00:42] C:\Program Files\Xvid [08.05.2009|13:33] C:\Program Files\Yahoo! [07.03.2007|23:21] C:\Program Files\Zone Labs [16.01.2008|11:43] C:\Program Files\ZoneAlarmSB [0|tiedosto(a)] C:\Program Files\tavua [105|kansio(ta)] C:\Program Files\tavua vapaana --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files [16.01.2009|21:53] C:\Program Files\Common Files\Adobe [16.01.2007|10:36] C:\Program Files\Common Files\Ahead [03.02.2007|16:54] C:\Program Files\Common Files\Hewlett-Packard [03.02.2007|16:48] C:\Program Files\Common Files\HP [27.04.2007|22:01] C:\Program Files\Common Files\i4j_jres [20.05.2008|23:47] C:\Program Files\Common Files\InstallShield [17.02.2009|19:02] C:\Program Files\Common Files\IviSDK [30.04.2007|18:40] C:\Program Files\Common Files\Jasc Software Inc [21.01.2007|23:19] C:\Program Files\Common Files\Java [24.06.2009|14:54] C:\Program Files\Common Files\Microsoft Shared [07.12.2006|01:51] C:\Program Files\Common Files\MSSoap [28.11.2007|18:03] C:\Program Files\Common Files\Nero [07.12.2006|03:47] C:\Program Files\Common Files\ODBC [20.09.2008|22:10] C:\Program Files\Common Files\PocketSoft [26.06.2000|09:37] C:\Program Files\Common Files\Services [07.12.2006|03:47] C:\Program Files\Common Files\SpeechEngines [19.01.2007|19:18] C:\Program Files\Common Files\SupportSoft [02.10.2007|07:42] C:\Program Files\Common Files\Symantec Shared [14.06.2007|03:02] C:\Program Files\Common Files\System [0|tiedosto(a)] C:\Program Files\Common Files\tavua [21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana --------------------\\ Process ( 55 Processes ) ... OK ! --------------------\\ Etsii S_Lopilla Lopin kansioita ei löytynyt ! --------------------\\ Etsii Lopin tiedostoja ja kansioita Lopin kansioita ei löytynyt ! --------------------\\ Etsii rekisterikohteita ..... OK ! --------------------\\ Tarkistaa Hosts-tiedostoa Hosts-tiedosto PUHDAS --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-23 14:08:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Tarkistaa muita infektioita Muita infektiota ei löytynyt ! [F:15][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\Temp [F:5][D:0]-> C:\DOCUME~1\FJS-PC\Cookies [F:730][D:4]-> C:\DOCUME~1\FJS-PC\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - ke 22.07.2009|23:12 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - to 23.07.2009|14:09 - Option : [2] --------------------\\ Tarkistus valmistui 14:09:59
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:01, on 23.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://plaza.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://plaza.fi/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8683 bytes Siinäpä ne taas=)
Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki. Etsi Symantec Lic NetConnect service Klikkaa rivi aktiiviseksi ja Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers josta muutat Käynnistystapa Ei käytössä. => Oikeasta alakulmasta Klikkaa käytä ja OK Tämän lisäksi klikkaat vasemmalla puolella olevaa linkkiä Pysäytä palvelu . Poistu ohjelmasta. ---------------------------------------------------------------------------------- Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus Vistassa Ohjelmat ja toiminnot Etsi ja poista ohjelma jonka nimessä on: free-downloads.net Toolbar ZoneAlarm Spy Blocker BHO ----------------------------------------------------------------------------------- Lataa Atribunen ATF Cleaner Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. ---------------------------------------------- Skannaa koneesi Kaspersky Online Skannerilla * Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept. * Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run. * Kun lataus on valmis, klikkaa Settings. * Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases * Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta. * Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report. * Näet listan saastuneista kohteista. Klikkaa Save Report As.... * Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save. ------------------------------------------------------------------- Poista ne rivit jotka ovat vielä jäljellä: Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) sekä poista ne.(fix Chekked) napista. Tyhjennä roskakori ja käynnistä koneesi uudelleen. Poista kansio/t, jos löytyy: C:\Program Files\Common Files\Symantec Shared\ C:\Program Files\free-downloads.net\ C:\Program Files\ZoneAlarmSB\ Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * Kaperskyn raportti * * Kerro mikä on tilanne ??? .
Se on moro, en ole päässyt koneella käymään vähään aikaan, muuta kiireitä. =) Joo elikkä tuossa yksipäivä kokeilin tuota Kasperskya, mutta se tilttasi johonkin 32%. Eikä suostunut enää jatkamaan vaikka oli ruksattamassa koko yön, joten jouduin lopettamaan sen. Nyt se ei sitten anna skannata ollenkaan. Ei voi valita sitä acceptia siinä. Ja ohjauspaneelin kautta kun piti poistaa free-downloads.net Toolbar ZoneAlarm Spy Blocker BHO niin ei antanut poistaa kuin zone alarmin, tuota free downloadsia kun yrittää poistaa niin sanoo vain could not open INSTALL.LOG file
Menepä Järjestelmänvalvojan tunnuksilla vikasieto tilaan tee siellä Käynnistä kone vikasietotilaan => OHJE .
Juu, anteeksi en ole joutanut taaskaan tämän koneen kimppuun aikaisemmin.... Semmonen ongelma, että kone ei laske minua vikasietotilaan. Ruutu jää mustaksi ja jokin kursori vilkkuu vasemmassa yläkulmassa. ei siis käynnistä windowsia vikasietotilassa...=(
