Tarkistaisko joku Hijackthis-logini

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Pukli 24.10.2007.

  1. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:41:43, on 24.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\svchost.exe
    e:\F-Secure\Anti-Virus\fsgk32st.exe
    e:\F-Secure\Anti-Virus\FSGK32.EXE
    e:\F-Secure\Anti-Virus\fssm32.exe
    e:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\system32\wscntfy.exe
    e:\F-Secure\Common\FSMA32.EXE
    e:\F-Secure\Common\FSMB32.EXE
    e:\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\System32\alg.exe
    e:\F-Secure\Common\FAMEH32.EXE
    e:\F-Secure\Common\FNRB32.EXE
    e:\F-Secure\Common\FIH32.EXE
    e:\F-Secure\Anti-Virus\fsav32.exe
    e:\F-Secure\DFW\Program\fsdfwd.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    E:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    J:\counter strike sourse\steam.exe
    E:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    E:\Avant Browser\avant.exe
    E:\Leevi\Hijack\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "e:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [F-Secure Manager] "e:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Steam] "j:\counter strike sourse\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - E:\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Avaa uudessa Avant Browserissa - E:\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Etsi - E:\Avant Browser\Search.htm
    O8 - Extra context menu item: Korosta - E:\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Lisää torjuttavien mainosten luetteloon - E:\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - E:\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB4A1DE-5908-4E68-9600-0E5907C44C5A}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B2457F8-1779-460E-B5BE-ACAF7FB32294}: NameServer = 85.255.115.82,85.255.112.25
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A660F9B5-01B6-4DF3-9D62-D5725AD9B7C5}: NameServer = 85.255.115.82,85.255.112.25
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE14D0A9-EC70-483E-8120-02ED4BB70E9B}: NameServer = 85.255.115.82,85.255.112.25
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EFEEBF74-5DFB-41D6-990B-D5D889CA64A6}: NameServer = 85.255.115.82,85.255.112.25
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - e:\F-Secure\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\F-Secure\Common\FSMA32.EXE
    O23 - Service: HDD Temperature (HDDTService) - Unknown owner - E:\Temp\HDDTSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://wallpapers.insanepwning.net/album...sh_1024x768.jpg

    --
    End of file - 7350 bytes
     
    Pukli, 24.10.2007
    #1
  2.  
  3. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Lataa fixwareout.exe täältä > Täältä
    tai > Täältä
    ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.


    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    [*]Käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    [*]Sitten "Reports" valikon alta:
    [*]Laita täppi kohtaan "Do not Automatically generate report"
    [*]Ota täppi pois kohdasta"Only if threats were found"

    [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    [*]"Resident shield is", muuta tila active:sta inactive:ksi
    [*]Sulje ohjelma, ÄLÄ skannaa vielä.
    Käynnistä koneesi vikasietotilaan, Ohje!

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.



    Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö+ Anti-Spyware:n raportti viestikejuusi.
     
    hannu71, 25.10.2007
    #2
  4. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    Nonni kiitos avusta. Tarkistan koneen noiden ohjeiden mukaan sitten kun pääsen omalle koneelle.
     
    Pukli, 25.10.2007
    #3
  5. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:17:57 25.10.2007

    + Scan result:



    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
    E:\BSplayer\SetupInstRe.exe/Setup.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined).
    E:\SetupInstRe.exe/Setup.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined).
    C:\Documents and Settings\Pelit\Cookies\pelit@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\Pelit\Cookies\pelit@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\WINDOWS\Temp\Cookies\pelit@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.


    ::Report end

    Username "Pelit" - 25.10.2007 15:03:02 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kduvt.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9B2457F8-1779-460E-B5BE-ACAF7FB32294}
    "nameserver"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A660F9B5-01B6-4DF3-9D62-D5725AD9B7C5}
    "nameserver"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AE14D0A9-EC70-483E-8120-02ED4BB70E9B}
    "nameserver"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EFEEBF74-5DFB-41D6-990B-D5D889CA64A6}
    "nameserver"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5AB4A1DE-5908-4E68-9600-0E5907C44C5A}
    "DhcpNameServer"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8AF5F511-6770-46F7-82E9-A03A38C0DE68}
    "DhcpNameServer"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9B2457F8-1779-460E-B5BE-ACAF7FB32294}
    "DhcpNameServer"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AE14D0A9-EC70-483E-8120-02ED4BB70E9B}
    "DhcpNameServer"="85.255.115.82,85.255.112.25" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EFEEBF74-5DFB-41D6-990B-D5D889CA64A6}
    "DhcpNameServer"="85.255.115.82,85.255.112.25" <Value cleared.

    DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui.
    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....
    ~~~~~ Other
    C:\WINDOWS\Temp\kduvt.ren 72212 13.06.2007

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "F-Secure TNB"="\"e:\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL"
    "F-Secure Manager"="\"e:\\F-Secure\\Common\\FSM32.EXE\" /splash"
    "QuickTime Task"="\"E:\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="\"j:\\counter strike sourse\\steam.exe\" -silent"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:24:12, on 25.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    E:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    E:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    E:\AVG\AVG Anti-Spyware 7.5\guard.exe
    e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    e:\F-Secure\Anti-Virus\fsgk32st.exe
    e:\F-Secure\Anti-Virus\FSGK32.EXE
    e:\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\sessmgr.exe
    e:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    e:\F-Secure\Common\FSMA32.EXE
    C:\WINDOWS\system32\wscntfy.exe
    e:\F-Secure\Common\FSMB32.EXE
    e:\F-Secure\Common\FCH32.EXE
    e:\F-Secure\Common\FAMEH32.EXE
    e:\F-Secure\Common\FNRB32.EXE
    e:\F-Secure\Common\FIH32.EXE
    e:\F-Secure\Anti-Virus\fsav32.exe
    e:\F-Secure\DFW\Program\fsdfwd.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Avant Browser\avant.exe
    E:\Leevi\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "e:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [F-Secure Manager] "e:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Steam] "j:\counter strike sourse\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - E:\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Avaa uudessa Avant Browserissa - E:\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Etsi - E:\Avant Browser\Search.htm
    O8 - Extra context menu item: Korosta - E:\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Lisää torjuttavien mainosten luetteloon - E:\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - E:\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB4A1DE-5908-4E68-9600-0E5907C44C5A}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - e:\F-Secure\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\F-Secure\Common\FSMA32.EXE
    O23 - Service: HDD Temperature (HDDTService) - Unknown owner - E:\Temp\HDDTSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://wallpapers.insanepwning.net/albums/00660_splash_1024x768.jpg

    --
    End of file - 6781 bytes
     
    Pukli, 25.10.2007
    #4
  6. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    Siinä nyt sitten olis nua raportit. Mitäs seuraavaks?
     
    Pukli, 25.10.2007
    #5
  7. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    No oliko se sitten tässä ku ei enempää tietoo tule?
     
    Pukli, 25.10.2007
    #6
  8. hannu71

    hannu71 Regular member

    Liittynyt:
    09.02.2006
    Viestejä:
    256
    Kiitokset:
    0
    Pisteet:
    26
    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - Startup: PowerReg Scheduler.exe

    muuten on ihan ok.
     
    hannu71, 25.10.2007
    #7
  9. Pukli

    Pukli Regular member

    Liittynyt:
    17.10.2007
    Viestejä:
    303
    Kiitokset:
    0
    Pisteet:
    26
    Loisto homma monet kiitokset :DD
     
    Pukli, 25.10.2007
    #8

Jaa tämä sivu