voisko joku tarkistaa hjt-login, mwav tuloksen ja comboFix tuloksen

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi pike86 01.05.2007.

  1. pike86

    pike86 Member

    Liittynyt:
    29.05.2006
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    voisko joku tarkistaa hjt-login, mwav tuloksen ja comboFix tuloksen? Mitä poistan? Mitä puhdistan ja millä?

    HJT-LOGI

    Logfile of HijackThis v1.99.1
    Scan saved at 23:06:17, on 1.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
    C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
    C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
    C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\mexe.com
    C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\kavss.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\sdtrayapp.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Documents and Settings\Pirjo Moilanen\Työpöytä\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [LaunchApp] LaunApp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835913432
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5017/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: UHE - Unknown owner - C:\DOCUME~1\PIRJOM~1\LOCALS~1\Temp\UHE.exe (file missing)

    MWAV TULOS


    Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Tietoturvapalvelu\backweb\227364\6.3.2.116-227364L\Program\PrvCnt.exe". Action Taken: Ei toimintoa.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Action Taken: Ei toimintoa.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".laskuri". Action Taken: Ei toimintoa.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: Ei toimintoa.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: Ei toimintoa.
    Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ste". Action Taken: Ei toimintoa.
    Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3075C5C3-0807-4924-AF8F-FF27052C12AE}". Action Taken: Ei toimintoa.

    ComboFix
    "Pirjo Moilanen" - 07-05-01 20:51:24 Service Pack 2
    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Pirjo Moilanen\Ty”p”yt„\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\taskmgr.com
    C:\WINDOWS\regedit.com


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))


    2007-05-01 20:57 146,944 --a------ C:\WINDOWS\R.COM
    2007-05-01 20:57 138,240 --a------ C:\WINDOWS\system32\T.COM
    2007-04-26 19:36 <KANSIO> d-------- C:\WINDOWS\McAfee.com
    2007-04-26 16:57 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\Talkback
    2007-04-26 16:45 <KANSIO> d-------- C:\Program Files\Gran Paradiso
    2007-04-26 16:04 <KANSIO> d-------- C:\WINDOWS\system32\Panda Software
    2007-04-23 15:13 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2007-04-23 15:13 33,840 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2007-04-23 15:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
    2007-04-23 14:37 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-227364L.exe
    2007-04-23 14:37 <KANSIO> d-------- C:\Program Files\Tietoturvapalvelu
    2007-04-19 12:34 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\PHP Designer 2007
    2007-04-19 12:33 <KANSIO> d-------- C:\Program Files\PHP Designer 2007 - Professional
    2007-04-19 08:27 29,696 --a------ C:\WINDOWS\system32\flcss.exe
    2007-04-15 19:34 <KANSIO> d-------- C:\WINDOWS\system32\ActiveScan
    2007-04-14 20:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-04-14 20:25 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-04-13 00:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-04-13 00:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-04-13 00:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-04-12 21:43 <KANSIO> d-------- C:\Program Files\ToniArts
    2007-04-09 17:02 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    2007-04-08 13:12 <KANSIO> d-------- C:\Program Files\Index.dat Analyzer
    2007-04-07 22:45 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-04-07 14:38 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot
    2007-04-05 22:44 <KANSIO> d-------- C:\Program Files\Lavasoft
    2007-04-05 14:19 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\PEX
    2007-04-05 12:46 <KANSIO> d-------- C:\DOCUME~1\PIRJOM~1\.housecall6.6
    2007-04-05 12:05 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-24 14:45 22636 --a------ C:\DOCUME~1\PIRJOM~1\APPLIC~1\phpdesigner2007_5_2.xml
    2007-04-01 16:44 1289 --a------ C:\WINDOWS\mozver.dat
    2007-03-31 14:02 -------- d-------- C:\Program Files\windows live safety center
    2007-03-30 22:40 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\icaclient
    2007-03-28 09:51 0 --a------ C:\WINDOWS\system32\cmmgr32.exe
    2007-03-27 23:10 -------- d-------- C:\Program Files\superantispyware
    2007-03-27 23:10 -------- d-------- C:\Program Files\Common Files\wise installation wizard
    2007-03-27 23:10 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\superantispyware.com
    2007-03-26 14:34 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\hewlett-packard
    2007-03-26 14:31 -------- d-------- C:\Program Files\ws_ftp
    2007-03-26 14:26 20458 --a------ C:\WINDOWS\hpoins01.dat
    2007-03-26 14:24 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-03-26 13:58 -------- d-------- C:\Program Files\Common Files\hewlett-packard
    2007-03-26 13:50 -------- d-------- C:\Program Files\hewlett-packard
    2007-03-26 11:52 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\microsoft web folders
    2007-03-25 23:11 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\utorrent
    2007-03-25 22:57 66096 --a------ C:\WINDOWS\system32\perfc00b.dat
    2007-03-25 22:57 356600 --a------ C:\WINDOWS\system32\perfh00b.dat
    2007-03-25 22:30 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\lavasoft
    2007-03-25 22:03 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\skype
    2007-03-25 22:01 -------- d-------- C:\Program Files\skype
    2007-03-25 21:17 -------- d-------- C:\DOCUME~1\PIRJOM~1\APPLIC~1\apple computer
    2007-03-25 21:15 -------- d-------- C:\Program Files\ipod
    2007-03-25 21:14 -------- d-------- C:\Program Files\itunes
    2007-03-25 21:07 -------- d-------- C:\Program Files\quicktime
    2007-03-25 21:05 -------- d-------- C:\Program Files\apple software update
    2007-03-25 20:22 0 --a------ C:\WINDOWS\nsreg.dat
    2007-03-25 19:57 -------- d-------- C:\Program Files\windows defender
    2007-03-25 17:58 -------- d-------- C:\Program Files\citrix
    2007-03-25 17:01 0 -rahs---- C:\MSDOS.SYS
    2007-03-25 17:01 0 -rahs---- C:\IO.SYS
    2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 18:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 18:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-05 23:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="LaunApp"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
    "LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
    "PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
    "HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
    "CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "F-Secure Manager"="\"C:\\Program Files\\Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\ispnews.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Scheduled scanning task.job
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1174908418.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-01 21:18:22
    Windows 5.1.2600 Service Pack 2 FAT

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 07-05-01 21:23:32
    C:\ComboFix-quarantined-files.txt ... 07-05-01 21:23


    Siis mitä poistan? Mitä puhdistan ja millä? Miksi netti selaimilla internet explorer ja firefax tulee koko ajan sellainen ettei sivua löydy. Siis ettei sivulle pääse siis minnekkään?
     
    pike86, 01.05.2007
    #1
  2.  
  3. Auttaja

    Auttaja Guest

    Moderaattorin viimeksi muokkaama: 01.05.2007
    Auttaja, 01.05.2007
    #2

Jaa tämä sivu