1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Suurin osa nettisivuista ei aukea joten saiskohan tällä HJT-logilla selvyyttä?

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi tp81 19.03.2008.

  1. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Tehty.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:39:11, on 20.3.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltalehti.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36CCBFED-B1C9-435D-B3EB-85227F176751}: NameServer = 62.148.192.130 62.148.192.154
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 9732 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    ok...
     
  4. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Oliskohan koneen asetuksis jotain vialla kun ei vieläkään kaikki sivut aukea? Latasin mozillan, niin esim huuto.net aukes hieman enemmän kuin IE:lla mutta kirjautuminen ei onnistu. Nyt pääsin Ccleanerin sivuille mutta eilen en vaan kaveri lähetti sen skypen kautta.
     
  5. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
  6. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-03-20.5 - Toni 2008-03-21 14:42:20.1 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1035.18.671 [GMT 2:00]
    Running from: C:\Users\Toni\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-21 to 2008-03-21 )))))))))))))))))
    .

    Tiedostoja ei ole luotu tällä aikavälillä

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 12:42 --------- d-----w C:\Users\Toni\AppData\Roaming\uTorrent
    2008-03-21 12:37 --------- d-----w C:\Users\Toni\AppData\Roaming\Skype
    2008-03-21 10:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-21 10:15 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
    2008-03-20 18:06 --------- d-----w C:\Program Files\CCleaner
    2008-03-20 17:28 --------- d-----w C:\PROGRA~2\Symantec
    2008-03-19 19:40 --------- d-----w C:\Program Files\Java
    2008-03-19 19:35 --------- d-----w C:\Program Files\Common Files\Java
    2008-03-19 16:22 --------- d-----w C:\PROGRA~2\Avg7
    2008-03-19 14:21 --------- d-----w C:\Program Files\Trend Micro
    2008-03-18 20:49 --------- d-----w C:\Program Files\Windows Mail
    2008-03-18 20:31 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-03-18 19:55 1,620 ----a-w C:\Users\Toni\AppData\Roaming\wklnhst.dat
    2008-03-18 18:34 --------- d-----w C:\Program Files\EMCO Malware Destroyer
    2008-03-18 15:24 --------- d-----w C:\Users\Toni\AppData\Roaming\PeerNetworking
    2008-03-17 15:35 --------- d-----w C:\PROGRA~2\Roxio
    2008-03-16 12:03 --------- d-----w C:\Program Files\WIBUKEY
    2008-03-15 15:16 82,432 ----a-w C:\Windows\System32\IEDFix.exe
    2008-03-14 07:09 86,528 ----a-w C:\Windows\System32\VACFix.exe
    2008-03-12 11:17 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-03-10 20:55 --------- d-----w C:\Users\Toni\AppData\Roaming\Graphisoft
    2008-03-09 17:51 --------- d-----w C:\Program Files\Rakennustieto
    2008-03-09 17:46 --------- d-----w C:\Program Files\RT-kortisto
    2008-03-01 15:34 --------- d-----w C:\Program Files\Office 2007 Enterprice Fin ( SUOMI )
    2008-03-01 15:30 --------- d-----w C:\Program Files\WIBU-SYSTEMS
    2008-02-15 17:33 --------- d-----w C:\Users\Toni\AppData\Roaming\Image Zone Express
    2008-02-14 19:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 19:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 19:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 19:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 19:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 19:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 19:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 19:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 19:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 19:13 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 19:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 19:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 19:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 19:13 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 19:13 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 19:13 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 19:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 19:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 19:13 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 19:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 19:09 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 19:09 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 19:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 19:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:34 --------- d-----w C:\Users\Toni\AppData\Roaming\LimeWire
    2008-02-04 18:39 --------- d-----w C:\Program Files\Neoact
    2008-02-04 18:01 --------- d-----w C:\Program Files\Mario Forever
    2008-02-04 15:16 --------- d-----w C:\PROGRA~2\Lavasoft
    2008-02-04 15:09 --------- d-----w C:\Program Files\Lavasoft
    2008-02-04 15:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-01 20:30 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
    2008-02-01 20:30 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
    2008-02-01 20:30 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-02-01 20:20 --------- d-----w C:\Users\Toni\AppData\Roaming\Lavasoft
    2008-01-24 19:06 --------- d-----w C:\Users\Toni\AppData\Roaming\Nokia
    2008-01-24 19:02 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-01-24 19:01 --------- d-----w C:\Program Files\Nokia
    2008-01-24 19:01 --------- d-----w C:\Program Files\DIFX
    2008-01-24 19:01 --------- d-----w C:\Program Files\Common Files\PCSuite
    2008-01-24 18:58 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-01-10 13:39 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-04 13:32 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
    2007-09-03 06:20 174 --sha-w C:\Program Files\desktop.ini
    2002-08-08 04:11 319,488 ----a-r C:\Users\Toni\AppData\Roaming\MafiaSetup.exe
    2007-04-12 19:11 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 15:39 1232896]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 09:20 1006264]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe]
    "DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-11-07 23:52 81920]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
    "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:34 176128]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-18 16:16:02 727856]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{10F899AF-188C-4D5B-8A27-FDCE90F55F08}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{D4A31CF1-5C2F-45CC-9727-2F216F9BE2C1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{8DD188EA-11E1-4802-A56B-54501E6A09B6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{F5C4C143-F75D-4F53-B609-D947DB6D3FFF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{922CEE90-B621-4136-B5E2-D03D607E7FA9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{1DC695F6-AB27-4A17-B081-B509FD3A3F36}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{C7CD919C-DB65-4892-ABB0-2974A287D0C3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{6B428CB9-236D-4DFF-AA29-078730E1094C}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "{24CA76FD-CC61-42EE-9BAC-D78C988C8EAA}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
    "TCP Query User{CB25F46F-6E7F-4A85-8185-D4BC1F36FB5F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{5D765713-1D2B-4C80-8EA1-1A8362EFB739}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
    S3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 02:46]
    S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 13:20]
    S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 13:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    bthsvcs REG_MULTI_SZ BthServ

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-21 14:47:19
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-21 14:48:37
    .
    2008-03-15 15:08:36 --- E O F ---
     
  7. Hujo

    Hujo Guest

    niiin laitetaas tuosta

    Poista nuo kumpikin koneelta

    spybot
    Windows Defender


    Lataa: RegSeeker.zip työpöydälle:

    Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
    Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
    Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
    Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
    Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
    klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
    Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
    Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
    Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
    Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.
     
    Moderaattorin viimeksi muokkaama: 21.03.2008
  8. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Reqseekerin ajoin mutta Defenderiä en pystynyt poistamaan edes vikasietotilassa. Spybotin poistin jo aamulla eikä sitä löytynyt koneesta.
     
  9. Hujo

    Hujo Guest

    scanaas uusi hjt:n loki
     
  10. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:03:48, on 21.3.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltalehti.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36CCBFED-B1C9-435D-B3EB-85227F176751}: NameServer = 62.148.192.130 62.148.192.154
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8579 bytes
     
  11. Hujo

    Hujo Guest

    tehään sitten näin

    Avaa Windows Defender.
    Klikkaa Tools ja General Settings.
    Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
    Tämän jälkeen klikkaa Save ja sulje Windows Defender.

    tuossa näyttää olevan sen kansio

    C:\Program Files\Windows Defender
     
    Moderaattorin viimeksi muokkaama: 21.03.2008
  12. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Defenderi pois käytöstä. Mitä sitten kannattaa yrittää?
     
  13. Hujo

    Hujo Guest

    sitten kantsii yrittää tuota netissä surfailua ilman ongelmia ;)
     
  14. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Kiitoksia neuvoista. Harmi vaan kun ei pääse kaikkiin tarpeellisiin sivustoihin vieläkään kaiken tämän jälkeen. Pitää varmaan kysyä onko taloyhtiön modeemis kenties vikaa.
     
  15. tp81

    tp81 Member

    Liittynyt:
    19.03.2008
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Vihdoin netti toimii. Syy temppuiluun oli väärä mtu-arvo koneessa, jolla se ei toiminut taloyhtiöliittymällä.
     

Jaa tämä sivu