Logiin apua tarvisi!!!

teropetteri

Tässä logia katsottavaksi. Kiitos avusta jo etukäteen!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:06, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-603108637-3199107479-3560703841-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Vieras')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9923 bytes

7

629

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • 45665

      Lataa SDFix by AndyManchesta
      http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
      ja tallenna se työpöydällesi.

      Käynnistä koneesi vikasietotilaan:
      sammuta ja käynnistä
      käynnistyksen yhteydessä hakkaa F8 nappia
      valitse nuolinäppäimellä vikasietotila
      paina enter ja enter
      valitse käyttäjätilisi
      paina kyllä

      Jossakin koneissa hakataan F8:sin sijasta F5:tä
      •   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
      •   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
      •   Paina Y käynnistääksesi skriptin.
      •   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
      •   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
      •   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
      •   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
      •   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
      •   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

      • Teropetteri

        Tässä SDFix:


        [b]SDFix: Version 1.207 [/b]
        Run by Mikko Musakka on su 20.07.2008 at 17:30

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:

        [b]Name [/b]:
        sysrest.sys

        [b]Path [/b]:
        \??\C:\WINDOWS\system32\sysrest.sys

        sysrest.sys - Deleted



        Restoring Default Security Values
        Restoring Default Hosts File
        Restoring Default Desktop Wallpaper
        Restoring Default ScreenSaver value

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\WINDOWS\SYSTEM32\PHCGSF~1.BMP - Deleted
        C:\WINDOWS\SYSTEM32\BLPHCG~1.SCR - Deleted
        C:\WINDOWS\system32\2.tmp - Deleted
        C:\A.tmp - Deleted
        C:\WINDOWS\services.exe - Deleted





        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-07-20 17:41:34
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        scanning hidden registry entries ...

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:




        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
        "C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
        "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
        "C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE"="C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE:*:Enabled:FileMaker Pro Runtime"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
        "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
        "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
        "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
        "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
        "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Thu 4 May 2006 32,768 A..H. --- "C:\opinn„ytety”\~WRL0332.tmp"
        Mon 8 May 2006 26,112 A..H. --- "C:\opinn„ytety”\~WRL2916.tmp"
        Thu 15 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
        Thu 17 Aug 2006 30,208 ...H. --- "C:\Documents and Settings\Sirke Musakka\Omat tiedostot\Sirken ty”haku lomakkeet\~WRL0001.tmp"
        Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2cdfda265544b05233b12ad6d933aba\BIT10.tmp"
        Thu 15 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
        Thu 6 Jul 2006 20 A..H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
        Thu 6 Jul 2006 400 A.SH. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"

        [b]Finished![/b]

        Ja tässä HJT:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:44:40, on 20.7.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\hjt\HijackThis.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
        O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
        O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
        O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
        O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
        O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BTTray.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
        O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
        O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
        O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
        O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

        --
        End of file - 8825 bytes


      • 45665
        Teropetteri kirjoitti:

        Tässä SDFix:


        [b]SDFix: Version 1.207 [/b]
        Run by Mikko Musakka on su 20.07.2008 at 17:30

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:

        [b]Name [/b]:
        sysrest.sys

        [b]Path [/b]:
        \??\C:\WINDOWS\system32\sysrest.sys

        sysrest.sys - Deleted



        Restoring Default Security Values
        Restoring Default Hosts File
        Restoring Default Desktop Wallpaper
        Restoring Default ScreenSaver value

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\WINDOWS\SYSTEM32\PHCGSF~1.BMP - Deleted
        C:\WINDOWS\SYSTEM32\BLPHCG~1.SCR - Deleted
        C:\WINDOWS\system32\2.tmp - Deleted
        C:\A.tmp - Deleted
        C:\WINDOWS\services.exe - Deleted





        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-07-20 17:41:34
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        scanning hidden registry entries ...

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:




        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
        "C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
        "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
        "C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE"="C:\\Program Files\\Koti-Optimi DEMO\\Koti-Optimi DEMO.EXE:*:Enabled:FileMaker Pro Runtime"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
        "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
        "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
        "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
        "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
        "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\MIKKOM~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Thu 4 May 2006 32,768 A..H. --- "C:\opinn„ytety”\~WRL0332.tmp"
        Mon 8 May 2006 26,112 A..H. --- "C:\opinn„ytety”\~WRL2916.tmp"
        Thu 15 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
        Thu 17 Aug 2006 30,208 ...H. --- "C:\Documents and Settings\Sirke Musakka\Omat tiedostot\Sirken ty”haku lomakkeet\~WRL0001.tmp"
        Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2cdfda265544b05233b12ad6d933aba\BIT10.tmp"
        Thu 15 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
        Thu 6 Jul 2006 20 A..H. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
        Thu 6 Jul 2006 400 A.SH. --- "C:\Documents and Settings\Mikko Musakka\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"

        [b]Finished![/b]

        Ja tässä HJT:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:44:40, on 20.7.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\hjt\HijackThis.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
        O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
        O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
        O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
        O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
        O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BTTray.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
        O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
        O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
        O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
        O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

        --
        End of file - 8825 bytes

        SmitfraudFix

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

        =============

        scannaa hjt:llä merkkaa paina Fix checked

        O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)


      • Teropetteri
        45665 kirjoitti:

        SmitfraudFix

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

        =============

        scannaa hjt:llä merkkaa paina Fix checked

        O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
        O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

        Tässä Smitfraud:

        SmitFraudFix v2.330

        Scan done at 18:16:16,21, su 20.07.2008
        Run from C:\Documents and Settings\Mikko Musakka\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOM~1\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"


        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri



        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
        !!!Attention, following keys are not inevitably infected!!!

        404Fix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
        DNS Server Search Order: 62.241.198.245
        DNS Server Search Order: 62.241.198.246

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End


        Ja HJT:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 18:19:52, on 20.7.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
        O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
        O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
        O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
        O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
        O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BTTray.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
        O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
        O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
        O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
        O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

        --
        End of file - 8348 bytes


      • 45665
        Teropetteri kirjoitti:

        Tässä Smitfraud:

        SmitFraudFix v2.330

        Scan done at 18:16:16,21, su 20.07.2008
        Run from C:\Documents and Settings\Mikko Musakka\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Musakka\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOM~1\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"


        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri



        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
        !!!Attention, following keys are not inevitably infected!!!

        404Fix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
        DNS Server Search Order: 62.241.198.245
        DNS Server Search Order: 62.241.198.246

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB494F30-905E-4C21-A77E-8AECF262B140}: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246
        HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.198.245 62.241.198.246


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End


        Ja HJT:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 18:19:52, on 20.7.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Norman\Npm\bin\ELOGSVC.EXE
        C:\Norman\Npm\Bin\Zanda.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Norman\Npm\bin\NJEEVES.EXE
        C:\Norman\nse\bin\NSESVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Norman\Nvc\BIN\NVCSCHED.EXE
        C:\Norman\Nvc\bin\nvcoas.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Launch Manager\LaunchAp.exe
        C:\Launch Manager\HotkeyApp.exe
        C:\Launch Manager\OSD.exe
        C:\Launch Manager\OSDCtrl.exe
        C:\Launch Manager\Wbutton.exe
        C:\Norman\Npm\bin\ZLH.EXE
        C:\Norman\Nvc\BIN\NIP.EXE
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Norman\Nvc\bin\cclaw.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\BTTray.exe
        C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
        C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
        O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
        O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
        O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
        O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
        O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: BTTray.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth-ohjelmisto\bin\btwdins.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
        O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
        O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
        O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
        O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

        --
        End of file - 8348 bytes

        tämä ensin

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.

        =========

        ja tämä toisena

        Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
        OTMoveIt ja tallenna se työpöydällesi.

        Tuplaklikkaa OTMoveIt.exe.
        Klikkaa CleanUp!.
        Valitse Yes kun kysytään "Begin cleanup Process?".
        Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


        HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.


      • Teropetteri
        45665 kirjoitti:

        tämä ensin

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.

        =========

        ja tämä toisena

        Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
        OTMoveIt ja tallenna se työpöydällesi.

        Tuplaklikkaa OTMoveIt.exe.
        Klikkaa CleanUp!.
        Valitse Yes kun kysytään "Begin cleanup Process?".
        Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


        HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

        Ja tässä :

        Malwarebytes' Anti-Malware 1.21
        Tietokantaversio: 966
        Windows 5.1.2600 Service Pack 2

        20:11:47 20.7.2008
        mbam-log-7-20-2008 (20-11-47).txt

        Tarkistustyyppi: Täysi tarkistus (C:\|)
        Tarkistetut kohteet: 104075
        Kulunut aika: 57 minute(s), 52 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 1
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 23
        Saastuneita tiedostoja: 12

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        C:\Program Files\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

        Saastuneita tiedostoja:
        C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042862.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\rhclsfj0e76a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\info.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\mui.cmd (Trojan.Agent) -> Quarantined and deleted successfully.


      • 45665
        Teropetteri kirjoitti:

        Ja tässä :

        Malwarebytes' Anti-Malware 1.21
        Tietokantaversio: 966
        Windows 5.1.2600 Service Pack 2

        20:11:47 20.7.2008
        mbam-log-7-20-2008 (20-11-47).txt

        Tarkistustyyppi: Täysi tarkistus (C:\|)
        Tarkistetut kohteet: 104075
        Kulunut aika: 57 minute(s), 52 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 1
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 23
        Saastuneita tiedostoja: 12

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        C:\Program Files\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Vieras\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Mikko Musakka\Application Data\rhclsfj0e76a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

        Saastuneita tiedostoja:
        C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042862.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{197AFCC0-EF41-4AEE-AAF3-1A048F3B4596}\RP476\A0042870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\rhclsfj0e76a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\rhclsfj0e76a\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\info.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\mui.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

        1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
        http://download.bleepingcomputer.com/sUBs/ComboFix.exe
        http://subs.geekstogo.com/ComboFix.exe

        2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
        3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
        Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ymmärrän paremmin kuin koskaan

      Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän
      Tunteet
      47
      5146
    2. Pyhäinpäivän aamua

      Oikein hyvää huomenta ja rauhallista päivää. ❄️😊🥱☕❤️
      Ikävä
      326
      1918
    3. Nainen, se auttaisi jo paljon minua

      tuskissani, jos tunnustaisit sinulla olevan tunteita, vaikka et haluaisikaan suhdetta. Olisi upeaa tietää, että olen sin
      Ikävä
      113
      1838
    4. Anja ja Janne

      Eli nämä kosulan manipellet sai raploojan tubetuksen loppumaan,sitten selitellään uusimmalla videolla ettei heillä ollut
      Tuusniemi
      70
      1517
    5. Tässä epämiellyttävä totuus

      Sinä olet henkisesti sairas ja se on epämiellyttävä totuus jota välttelet ja jota et halua kuulla sanottavan. Sinä elät
      Ikävä
      68
      1467
    6. Miksi olet niin ehdoton mies?

      Yksi virhe ja heti pihalle?
      Ikävä
      81
      1214
    7. Elämäni rakkaus

      Miten hirveästi haluaisin olla lähelläsi, halata sinua ja kuiskata monta kertaa, että rakastan sinua. Hyvää yötä! Mieh
      Ikävä
      32
      1213
    8. Entä jos sinäkin?

      Ehkä sinäkin ajattelet minua?
      Ikävä
      36
      1056
    9. On vaikea uskoa

      Että hän olisi niin syvästi rakastunut
      Ikävä
      42
      1035
    10. Mikä sinussa on parasta

      Olet sellainen ihana kokonaisuus, että en löydä huonoa juttua. Mutta siis parasta. Tarmokkuus, pitkäjänteisyys, kädet, ä
      Ikävä
      21
      984
    Aihe