HjT-loki ammattilaisen tarkasteltavaksi. Ja anteeksi tämä luokattoman huono otsikko..

opaaliola · 23.02.2007

Eli siis vielä kerran anteeksi tuo otsikko, mutta minulla ei ole varsinaista ongelmaa vaan selitän asiani edellä.

Joo eli tässä HjT-loki tarkastettavaksi. Lähetin tämän siksi, koska haluan varmistaa, että koneeni on puhdas ja että minun ei aina epäillessäni jotain tarvitse postata tänne aina uutta lokia. Olen opetellut hieman tutkimaan näitä lokeja, mutta vielä eivät taidot ole niin hyvät, että sieltä jotain silmiin pistävää hyppäisi esiin ihan noin vain, vaan tarkistaminen käy ns. vertailun kautta. Eli siis vertaan puhdasta lokia uuteen.

Meinasin siis nyt tehdä niin, että jos tämä loki osoittautuu puhtaaksi, annan tämän kyseisen lokin olla koneella ja aina ladatessani koneelle jotain, ajan uuden tarkistuksen ja vertaan sitä siihen koneella olevaan puhtaaseen.

http://koti.mbnet.fi/pattaya1/hijackthis.htm (tämä sivu luettu muutamaan kertaan tarkasti ja hieman jotain on jo jäänyt päähän)

Asensin uuden bs-playerin ja siinä tuli se ärsyttävä WhenUSave. Yritin sitä poistaa, mutta luultavasti tuloksetta. Itse tutkin tuon lokin pikaisesti ja jotain epämääräistä siellä oli omaan silmään, mutta mitään en lähde fixaamaan ilman ammattilaisen neuvoja.

EDIT: Ajoin ad-awaren ja spybotin ennen tämän lähettämistä.

Ja tässä itse se hjt. Kiitos.

Logfile of HijackThis v1.99.1
Scan saved at 19:33, on 07-02-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Olli\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rljcxezoxqan.com/kaUzqARpfg0Pmuf0WPjQ73ydqncwg1_/xFqLeELxnX7GG1Q1nhK3ZL76mW/b3qOi.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09C0B97A-FF9A-0655-B928-D46AF5855FA6} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D34EB9AF-FBD2-4BA1-9B6B-CE28EF157B23} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

Ja jos siellä on jotain ei-vaarallista, mutta turhaa millä ei tee mitään niin ilmoitusta vaan, niin poistan rajulla kädellä. Mutta siis nyt kuitenkin haluaisin mahdollisesti siellä olevat "ilkeät" örvelöt pois.

Peace

AfterDawn

Hujo · 23.02.2007

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {09C0B97A-FF9A-0655-B928-D46AF5855FA6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

aja escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

ja laita lokit tänne

opaaliola · 24.02.2007

Escanin loki:

File C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\01software.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\Logo Meal.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\Okay kind.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\PINGSURF.0XE tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Olli\Application Data\Clock bat way\EGGSENC.0XE infected by "Trojan-Downloader.Win32.Swizzor.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Olli\Application Data\Clock bat way\EGGSENC.1XE infected by "Trojan-Downloader.Win32.Swizzor.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Olli\Application Data\Clock bat way\EGGSENC.2XE infected by "Trojan-Downloader.Win32.Swizzor.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Olli\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Olli\Työpöytä\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Olli\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Oona\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-50f9092a.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP311\A0246931.exe tagged as not-a-virus:AdWare.Win32.Casino.w. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP321\A0265809.exe tagged as not-a-virus:AdWare.Win32.Casino.ae. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP322\A0269261.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP322\A0269270.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bv. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP323\A0269297.exe tagged as not-a-virus:AdWare.Win32.Casino.ae. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP323\A0269593.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325\A0271084.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325\A0271105.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bv. No Action Taken.
File C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325\A0271258.exe tagged as not-a-virus:AdWare.Win32.SaveNow.by. No Action Taken.

HjT-lokinen:

Logfile of HijackThis v1.99.1
Scan saved at 10:33, on 07-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olli\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rljcxezoxqan.com/kaUzqARpfg0Pmuf0WPjQ73ydqncwg1_/xFqLeELxnX7GG1Q1nhK3ZL76mW/b3qOi.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\PROGRAM FILES\BSPLAYER_WHENUSAVE_INSTALLER\BSPLAYER_WHENUSAVE_INSTALLER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D34EB9AF-FBD2-4BA1-9B6B-CE28EF157B23} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

Hujo · 24.02.2007

Lataa NoLoptyöpöydällesi yhdestä seuraavista linkeistä...
Linkki1 Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

opaaliola · 24.02.2007

Huomasin juuri, että kone ei sammu normaalisti, vaikka sen antaa seistä 30 min paikoillaan. Ruudussa vain lukee:Windows suljetaan ja koneen voi sammuttaa vain painamalla käynnistysnappia pohjassa. Mitähän tuolle asialle voisi tehdä. Kyllä se aina ennen on ihan normaalisti sammunut.

Tässä NoLop!-loki: (ei tullut sitä ilmoitusta minkä mainitsit)

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Olli\Työpöytä
[07-02-24]
[18:12:11]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\01software.exe
C:\Documents and Settings\All Users\Application Data\Programgreywmasoft\Okay kind.exe

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Antti\Application Data\Adobe
C:\Documents and Settings\Antti\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Antti\Application Data\Apple Computer
C:\Documents and Settings\Antti\Application Data\Bsplayer
C:\Documents and Settings\Antti\Application Data\Google
C:\Documents and Settings\Antti\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Antti\Application Data\Identities
C:\Documents and Settings\Antti\Application Data\Installshield
C:\Documents and Settings\Antti\Application Data\Installshield Installation Information
C:\Documents and Settings\Antti\Application Data\Lavasoft
C:\Documents and Settings\Antti\Application Data\Macromedia
C:\Documents and Settings\Antti\Application Data\Microsoft
C:\Documents and Settings\Antti\Application Data\Mozilla
C:\Documents and Settings\Antti\Application Data\Netscape
C:\Documents and Settings\Antti\Application Data\Securom
C:\Documents and Settings\Antti\Application Data\Skype
C:\Documents and Settings\Antti\Application Data\Sun
C:\Documents and Settings\Antti\Application Data\Talkback
C:\Documents and Settings\Antti\Application Data\Winpatrol
C:\Documents and Settings\Antti\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Esa\Application Data\Adobe
C:\Documents and Settings\Esa\Application Data\Adobeum
C:\Documents and Settings\Esa\Application Data\Apple Computer
C:\Documents and Settings\Esa\Application Data\Identities
C:\Documents and Settings\Esa\Application Data\Intervideo
C:\Documents and Settings\Esa\Application Data\Macromedia
C:\Documents and Settings\Esa\Application Data\Microsoft
C:\Documents and Settings\Esa\Application Data\Mozilla
C:\Documents and Settings\Esa\Application Data\Netscape
C:\Documents and Settings\Esa\Application Data\Real
C:\Documents and Settings\Esa\Application Data\Skype
C:\Documents and Settings\Esa\Application Data\Sun
C:\Documents and Settings\Esa\Application Data\Talkback
C:\Documents and Settings\Esa\Application Data\Template
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Olli\Application Data\Adobe
C:\Documents and Settings\Olli\Application Data\Adobeaum
C:\Documents and Settings\Olli\Application Data\Adobeum
C:\Documents and Settings\Olli\Application Data\Apple Computer
C:\Documents and Settings\Olli\Application Data\Bersirc
C:\Documents and Settings\Olli\Application Data\Bsplayer
C:\Documents and Settings\Olli\Application Data\Bsplayer Pro
C:\Documents and Settings\Olli\Application Data\Clock Bat Way -- EMPTY Directory
C:\Documents and Settings\Olli\Application Data\Fotowire
C:\Documents and Settings\Olli\Application Data\Fretsonfire
C:\Documents and Settings\Olli\Application Data\Getrighttogo
C:\Documents and Settings\Olli\Application Data\Google
C:\Documents and Settings\Olli\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Olli\Application Data\Identities
C:\Documents and Settings\Olli\Application Data\Idlethunk -- EMPTY Directory
C:\Documents and Settings\Olli\Application Data\Intervideo
C:\Documents and Settings\Olli\Application Data\Lavasoft
C:\Documents and Settings\Olli\Application Data\Limewire
C:\Documents and Settings\Olli\Application Data\Macromedia
C:\Documents and Settings\Olli\Application Data\Microsoft
C:\Documents and Settings\Olli\Application Data\Mozilla
C:\Documents and Settings\Olli\Application Data\Neo-modus.com
C:\Documents and Settings\Olli\Application Data\Netscape
C:\Documents and Settings\Olli\Application Data\Opera
C:\Documents and Settings\Olli\Application Data\Real
C:\Documents and Settings\Olli\Application Data\Skype
C:\Documents and Settings\Olli\Application Data\Sun
C:\Documents and Settings\Olli\Application Data\Talkback
C:\Documents and Settings\Olli\Application Data\Teamspeak2
C:\Documents and Settings\Olli\Application Data\Template
C:\Documents and Settings\Olli\Application Data\Thunderbird
C:\Documents and Settings\Olli\Application Data\Utorrent
C:\Documents and Settings\Olli\Application Data\Winpatrol
C:\Documents and Settings\Olli\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Oona\Application Data\Adobe
C:\Documents and Settings\Oona\Application Data\Apple Computer
C:\Documents and Settings\Oona\Application Data\Identities
C:\Documents and Settings\Oona\Application Data\Lavasoft
C:\Documents and Settings\Oona\Application Data\Macromedia
C:\Documents and Settings\Oona\Application Data\Microsoft
C:\Documents and Settings\Oona\Application Data\Mozilla
C:\Documents and Settings\Oona\Application Data\Netscape
C:\Documents and Settings\Oona\Application Data\Skype
C:\Documents and Settings\Oona\Application Data\Sun
C:\Documents and Settings\Oona\Application Data\Talkback
C:\Documents and Settings\Oona\Application Data\Template
C:\Documents and Settings\Oona\Application Data\Winpatrol
C:\Documents and Settings\Oona\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Päivi\Application Data\Adobe
C:\Documents and Settings\Päivi\Application Data\Adobeum
C:\Documents and Settings\Päivi\Application Data\Apple Computer
C:\Documents and Settings\Päivi\Application Data\Identities
C:\Documents and Settings\Päivi\Application Data\Macromedia
C:\Documents and Settings\Päivi\Application Data\Microsoft
C:\Documents and Settings\Päivi\Application Data\Mozilla
C:\Documents and Settings\Päivi\Application Data\Netscape
C:\Documents and Settings\Päivi\Application Data\Sun
C:\Documents and Settings\Päivi\Application Data\Talkback
C:\Documents and Settings\Vieras\Application Data\Identities
C:\Documents and Settings\Vieras\Application Data\Microsoft

Ja tässä HjT:

Logfile of HijackThis v1.99.1
Scan saved at 18:26, on 07-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olli\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\PROGRAM FILES\BSPLAYER_WHENUSAVE_INSTALLER\BSPLAYER_WHENUSAVE_INSTALLER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D34EB9AF-FBD2-4BA1-9B6B-CE28EF157B23} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

Hujo · 24.02.2007

scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rljcxezoxqan.com/kaUzqARpfg0P...76mW/b3qOi.html
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\PROGRAM FILES\BSPLAYER_WHENUSAVE_INSTALLER\BSPLAYER_WHENUSAVE_INSTALLER.EXE

Poista vikasiedossa
C:\PROGRAM FILES\BSPLAYER_WHENUSAVE_INSTALLER

opaaliola · 24.02.2007

Tuota tuota.. Noita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rljcxezoxqan.com/kaUzqARpfg0P...76mW/b3qOi.html[/b]

ja

O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\PROGRAM FILES\BSPLAYER_WHENUSAVE_INSTALLER\BSPLAYER_WHENUSAVE_INSTALLER.EXE ei enää löydy kun skannaan hjt:llä. Outoo. Käynpäs vielä kattoo vikasiedossa ton whenukka-jutun.

opaaliola · 24.02.2007

Ei löytyny vikasiedossa tuota kansiota. Haluatko, että laitan uuden HjT-lokin?

opaaliola · 24.02.2007

Noh, joka tapauksessa.. Tässä uusi HjT-loki. Omien "fixauksien" jälkeen vielä jotain vikaa??

Logfile of HijackThis v1.99.1
Scan saved at 21:58, on 07-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olli\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

Hujo · 24.02.2007

• Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

opaaliola · 10.03.2007

Sori kun kesti tämän Dr. Web Cureltin lokin lähettämisen kanssa. Olin muutaman viikon matkalla joten en siis päässyt skannailemaan omaa konetta

Joten tässä nyt vihdoinkin tämä Dr.Web Cureltin loki:

Process.exe C:\Program Files\Mozilla Firefox\SmitfraudFix Tool.Prockill Incurable.Moved.
restart.exe C:\Program Files\Mozilla Firefox\SmitfraudFix Tool.ShutDown.11 Incurable.Moved.
A0246931.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP311 Adware.Casino Incurable.Moved.
A0269261.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP322 Adware.SaveNow Incurable.Moved.
A0269593.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP323 Adware.SaveNow Incurable.Moved.
A0272572.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325 Trojan.Swizzor Deleted.
A0272573.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325 Trojan.Swizzor Incurable.Moved.
A0272574.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP325 Trojan.Swizzor Incurable.Moved.
A0281007.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.Prockill Incurable.Moved.
A0281009.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.ShutDown.11 Incurable.Moved.
A0281020.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.Prockill Incurable.Moved.
A0281022.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.ShutDown.11 Incurable.Moved.
A0281031.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.Prockill Incurable.Moved.
A0281033.exe C:\System Volume Information\_restore{AA957118-9A88-4151-BD5A-92E17054AFD5}\RP328 Tool.ShutDown.11 Incurable.Moved.
Process.exe C:\WINDOWS\system32 Tool.Prockill Incurable.Moved.

Hujo · 10.03.2007

tuosta

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

päälle vielä

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

opaaliola · 10.03.2007

Noniin.. Järjestelmän palauttaminen-jutut tehty ja tuosta ATF-cleanerista, että se minulla on jo ja käytän usein. Laitanko vielä uuden HjT-lokin tänne?

Hujo · 10.03.2007

Mites kone nyt toimii?

opaaliola · 10.03.2007

No eipä oikeastaan takkua enää kovinkaan paljoa. Eheytin tänään kovalevyn PerfectDiskillä ja sen jälkeen kokeilin huvikseen analysoida vielä Windowsin omalla softalla. Löyty vielä paljo pirstoutuneita tiedostoja vaikka just eheytetty!? Eli siis kannattaisko eheytys tehdä nyt vaikka vikasiedossa että tulee parempi jälki? Voisitko kuitenkin ihan varmuuden vuoksi tarkistaa HjT:n jos laitan sen.

Hujo · 10.03.2007

laita vain se uusi hjt loki

opaaliola · 10.03.2007

Kiitän

Logfile of HijackThis v1.99.1
Scan saved at 18:11, on 07-03-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olli\Työpöytä\HijackThis 1.99.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

EDIT:Ainakin varmaan nuo 09-pokerijutut voi poistaa koska poistin koko ohjelman, mutta näköjään jäi jotain jämiä. Ja jos siellä on jotain turhaa esim. jotain Yahoo!-juttuja joita ei todellakaan tarvitse niin kerrothan

Hujo · 10.03.2007

scannaa hjt:llä merkkaa paina Fix checked

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker\Absolute Poker.lnk (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Poista vikasiedossa

C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker
C:\Program Files\Yahoo!

opaaliola · 12.03.2007

Joo nyt on tehty muo fixaukset mutta noita:
C:\Documents and Settings\Olli\Käynnistä-valikko\Ohjelmat\Absolute Poker
C:\Program Files\Yahoo! ei löydy edes vikasiedossa eli varmaan ovat poissa ilmeisesti Kone on nyt luultavasti puhdas, vai?? Ainakin lokin perusteella.

Auttaja · 12.03.2007

Eipä olekkaan , sinulla on yksi reikä vielä koneessa, se yleisin eli java

********

lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

*****************

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

*******************

Olisitko ystävällinen ja laittaisit vielä kerran uuden HijackThis login, kiitos

Kirjaudu tai liity jäseneksi

HjT-loki ammattilaisen tarkasteltavaksi. Ja anteeksi tämä luokattoman huono otsikko..

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

opaaliola Regular member

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Auttaja Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HjT-loki ammattilaisen tarkasteltavaksi. Ja anteeksi tämä luokattoman huono otsikko..

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

opaaliola Regular member

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Hujo Guest

opaaliola Regular member

Auttaja Guest

Jaa tämä sivu

Hyödyllisiä hakuja