|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Minun HJT-logi
|
|
|
ImaMar
Newbie
|
23. elokuuta 2008 @ 12:48 |
Linkki tähän viestiin
|
Tervehdys prosällit!
Ostin koneeni käytettynä kaveriltani joka oli tämän koonnut, hänellä kone toimi hyvin. Nyt on kumminkin ilmeentynyt ongelmia, kuten kaikkien exe.tiedostojen käynnistymisen hitaus. Olen ajanut adawarella, ja käytän zonealarmin security suitea jossa on virus/spywaretutka mukana. Mitkään näistä eivät ole löytäneet kuin cookieita.EI yhtään viirusta. Muutama kuukausi sitten ZOnealarm löysi viiruksen, jonka nimeä en nyt muista mutta se laittoi sen karanteeniin josta sen sitten poistin. Start-up valikosta olen poistanut kaiken melkein minkä voi vielä turvallisesti poistaa. Rekisterini puhdistan viikottain.Olen juuri fragmentoinut levyni. KOneeni on kyllä aika pölyssä, mutta ei kai se nyt siitä voi johtua koska lämmöt pysyvät kurissa.Ylikellotusta minulla ei ole. Noh enpä tiedä mitä muuta selittäisin. JOten tässäpä teille logini:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:31, on 23.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwininstaller.tk
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4885 bytes
Kiitoksia tälläsestä palvelusta.Ya guys roks!
|
|
Atsuah
Suspended due to non-functional email address
|
23. elokuuta 2008 @ 13:29 |
Linkki tähän viestiin
|
Juuh, mie sain tälläisen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:22, on 23.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lphcpboj0eg6n.exe
C:\Program Files\rhctboj0eg6n\rhctboj0eg6n.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\CA.tmp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pphcpboj0eg6n.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: load=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A836EAF-53BF-449F-8387-2E73BDA3A142} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphcpboj0eg6n] C:\WINDOWS\system32\lphcpboj0eg6n.exe
O4 - HKLM\..\Run: [SMrhctboj0eg6n] C:\Program Files\rhctboj0eg6n\rhctboj0eg6n.exe
O4 - HKLM\..\RunServices: [Microsoft Update] livemessenger.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\CA.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Matkaviestimen suosikkien luominen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Nokia Media Bar) - http://img.euro1.music.nokia.com/install...nagerPlugin.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O20 - Winlogon Notify: iifdcDVl - iifdcDVl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://kotisivu.dnainternet.net/kauttok/tutka/ukkonen.jpg
--
End of file - 10387 bytes
|
|
Hujo
Suspended permanently
|
23. elokuuta 2008 @ 14:03 |
Linkki tähän viestiin
|
|
Atsuah
Pyyhkäse lokisi pois tästä viestiketjusta ja aloita oma ketju
Voiko tietsikka koskaan toimia?
|
|
ImaMar
Newbie
|
26. elokuuta 2008 @ 22:54 |
Linkki tähän viestiin
|
EIkö kukaan kerkee?EN tiedä mitä kaikkia ohjelmia tässä on ollut, sain sen pakettina. Mutta voiko Adaware ja ZOne Alarm tehä tän?Se kyllä teki sitä aikaisemminkin..
|
|
Hujo
Suspended permanently
|
27. elokuuta 2008 @ 00:40 |
Linkki tähän viestiin
|
ImaMar
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwininstaller.tk
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
============
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
======
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
============
Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.
Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
=============
Javan päivitys ja välimuistin tyhjennys:
Lataa JavaRa ja pura se työpöydällesi.
***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***
* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
Voiko tietsikka koskaan toimia?
|
|
ImaMar
Newbie
|
27. elokuuta 2008 @ 19:18 |
Linkki tähän viestiin
|
Kiitoksia.
Tässä lokini:
ComboFix 08-08-26.03 - Administrator 2008-08-27 17:08:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 01:12 . 2008-08-27 01:12 <DIR> d-------- C:\Program Files\Codemasters
2008-08-26 23:31 . 2008-08-27 01:01 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-26 23:25 . 2008-08-26 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-08-26 23:21 . 2008-08-26 23:21 <DIR> d-------- C:\Program Files\BillP Studios
2008-08-23 12:38 . 2008-08-23 12:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 01:45 . 2008-08-23 01:45 <DIR> d-------- C:\Program Files\Eidos
2008-08-23 01:27 . 2008-08-23 01:27 <DIR> d-------- C:\Program Files\PowerISO
2008-08-22 02:10 . 2008-08-22 02:10 0 --a------ C:\netstat
2008-08-21 11:23 . 2008-08-23 01:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-08-19 11:14 . 2008-08-19 11:15 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-19 11:14 . 2008-08-19 11:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-08-17 22:35 . 2008-08-20 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 23:27 . 2008-08-17 12:37 <DIR> d-------- C:\Program Files\eMule
2008-08-16 23:18 . 2008-08-23 02:10 <DIR> d-------- C:\Program Files\DC++
2008-08-16 23:15 . 2008-08-16 23:22 79,973,687 --a------ C:\Raappana - Päivä on nuori.rar
2008-08-16 20:01 . 2008-08-16 20:01 <DIR> d-------- C:\Program Files\Logitech
2008-08-16 20:01 . 2008-08-16 20:01 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-16 20:01 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-08-16 20:01 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-08-16 20:01 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-08-16 20:01 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-08-16 18:31 . 2008-08-16 18:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-16 18:31 . 2008-08-16 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-16 17:02 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-08-16 17:02 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-16 16:58 . 2008-08-16 16:58 <DIR> d-------- C:\Program Files\ESET
2008-08-16 16:58 . 2008-08-16 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-16 16:49 . 2008-08-16 16:49 <DIR> d-------- C:\fsaua.data
2008-08-16 16:29 . 2008-08-16 16:47 <DIR> d-------- C:\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO
2008-08-16 16:21 . 2008-08-16 16:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-08-14 14:41 . 2008-08-14 14:41 <DIR> d-------- C:\ProgramData
2008-08-14 14:41 . 2008-08-14 14:41 3,522 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-08-13 21:50 . 2008-08-13 21:50 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-13 20:06 . 2008-08-25 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2
2008-08-13 18:20 . 2008-08-13 18:20 <DIR> d-------- C:\WINDOWS\system32\ageia
2008-08-13 18:20 . 2008-08-13 18:20 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-13 18:18 . 2003-08-26 09:54 930,980 --a------ C:\WINDOWS\PUNKBUSTER.RTP
2008-08-13 18:10 . 2008-08-13 18:10 <DIR> d-------- C:\Program Files\Ubi Soft
2008-08-13 18:10 . 2002-09-29 03:09 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx
2008-08-13 18:10 . 2002-09-29 03:09 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX
2008-08-13 18:10 . 2002-09-29 03:09 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2008-08-13 18:10 . 2002-09-29 03:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2008-08-13 18:10 . 2002-09-29 03:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2008-08-13 18:10 . 2002-09-29 03:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2008-08-13 18:10 . 2002-12-23 19:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2008-08-13 18:10 . 2002-09-29 03:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll
2008-08-13 16:40 . 2008-08-13 16:40 <DIR> d-------- C:\Program Files\NovaLogic
2008-08-13 11:21 . 2008-08-13 11:21 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-08-13 11:20 . 2008-08-24 03:55 <DIR> d-------- C:\Program Files\America's Army
2008-08-13 10:26 . 2008-08-13 10:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ubi.com
2008-08-12 16:53 . 2008-08-13 10:27 <DIR> d-------- C:\Program Files\ubi.com
2008-08-12 16:53 . 2008-08-12 16:53 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-08-12 16:53 . 2001-04-12 18:00 182,272 --a------ C:\WINDOWS\patchw32.dll
2008-08-11 23:53 . 2008-08-11 23:53 <DIR> d-------- C:\petos
2008-08-11 21:26 . 2008-08-11 21:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-08-11 21:13 . 2008-08-13 18:04 <DIR> d-------- C:\Program Files\Red Storm Entertainment
2008-08-11 15:07 . 2008-08-11 15:07 <DIR> d-------- C:\WINDOWS\Sun
2008-08-10 13:57 . 2008-08-10 14:04 730,065 --a------ C:\pb.dbg
2008-08-10 00:10 . 2008-08-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Mount&Blade
2008-08-10 00:08 . 2008-08-10 00:21 <DIR> d-------- C:\Program Files\Mount&Blade
2008-08-09 21:18 . 2008-08-09 21:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-09 02:54 . 2008-08-09 02:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-08-09 02:39 . 2008-08-09 02:39 <DIR> d-------- C:\NeverwinterNights
2008-08-09 02:23 . 2008-08-11 00:02 <DIR> d-------- C:\Program Files\Ground Control II
2008-08-08 23:56 . 2008-08-08 23:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-08-08 20:13 . 2008-08-08 20:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-08-08 19:21 . 2008-08-08 19:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-08-08 19:19 . 2008-08-08 19:19 <DIR> d-------- C:\Program Files\Ventrilo
2008-08-08 19:19 . 2008-08-16 18:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 19:13 . 2008-08-21 01:44 <DIR> d-------- C:\Program Files\Xfire
2008-08-08 19:13 . 2008-08-18 01:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-08-07 23:27 . 2008-08-07 23:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-07 23:27 . 2008-08-07 23:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-07 23:24 . 2008-08-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-06 22:44 . 2008-08-06 22:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NSeries
2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\Temp
2008-08-06 21:17 . 2008-08-06 21:17 <DIR> d-------- C:\Program Files\QuickTime
2008-08-06 21:05 . 2008-08-06 21:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation
2008-08-06 21:04 . 2008-08-06 21:17 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-06 20:30 . 2008-08-06 20:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-06 20:23 . 2008-08-06 22:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-06 20:18 . 2008-08-06 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-06 20:17 . 2008-08-06 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-06 20:15 . 2008-08-06 20:15 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-06 20:10 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-06 20:03 . 2008-08-06 20:08 <DIR> d-------- C:\Program Files\SimpleCenter
2008-08-06 20:03 . 2008-08-06 20:03 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-08-06 19:59 . 2008-08-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-06 19:59 . 2008-08-07 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-08-06 19:58 . 2008-08-06 19:58 <DIR> d-------- C:\Program Files\DIFX
2008-08-06 19:57 . 2008-08-06 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-08-06 19:56 . 2008-08-06 19:56 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-06 19:56 . 2008-08-06 20:17 <DIR> d-------- C:\Program Files\Nokia
2008-08-06 19:56 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-08-06 19:56 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-06 19:56 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-06 19:56 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-08-06 19:56 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-08-06 19:56 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-08-06 03:26 . 2008-08-06 03:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-05 13:58 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-08-05 13:58 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-05 13:58 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-08-03 17:22 . 2008-08-03 17:22 <DIR> d-------- C:\Program Files\RivaTuner v2.09
2008-08-02 11:24 . 2008-08-03 19:56 <DIR> d-------- C:\Program Files\OpenAL
2008-08-02 11:15 . 2008-08-02 11:15 <DIR> d-------- C:\Program Files\Bohemia Interactive
2008-08-02 03:30 . 2008-08-02 03:30 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-02 03:29 . 2008-08-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-02 03:16 . 2008-08-02 03:16 <DIR> d-------- C:\Program Files\THQ
2008-08-02 02:49 . 2008-08-02 03:01 <DIR> d-------- C:\Program Files\HiTilesAF
2008-08-02 02:41 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\system32\pw32a.dll
2008-08-02 02:41 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\pw32a.dll
2008-08-02 02:41 . 2005-09-14 09:25 28 --a------ C:\WINDOWS\system32\copytowin.bat
2008-08-02 02:29 . 2008-08-02 02:29 <DIR> d-------- C:\Program Files\Lead Pursuit
2008-08-01 15:09 . 2008-08-23 21:10 <DIR> d-------- C:\Program Files\mIRC
2008-08-01 15:09 . 2008-08-24 01:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 14:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-08-27 07:01 14,877,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-26 22:55 137,312 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-26 22:53 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-26 20:02 --------- d-----w C:\Program Files\Steam
2008-08-26 19:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-25 23:58 100,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-25 17:43 2,431,488 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-08-23 12:33 --------- d-----w C:\Program Files\BlackBean
2008-08-22 23:00 3,576,832 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-08-22 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 16:43 2,384,384 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-08-18 20:30 2,378,240 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-08-18 17:51 2,377,728 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-08-17 19:00 2,362,880 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-08-17 19:00 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-08-17 18:53 2,363,904 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-16 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 13:30 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-16 13:30 2,306,560 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-15 12:55 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-08-14 21:55 220,160 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-14 21:55 2,302,464 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-14 17:07 --------- d-----w C:\Program Files\Electronic Arts
2008-08-13 17:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-08-13 15:15 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 15:54 218,624 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-08-10 19:02 2,116,608 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-10 12:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-10 11:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-10 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-07 19:36 2,013,696 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-08-07 19:36 1,244,160 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-08-07 19:11 2,011,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-08-06 14:34 1,920,000 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-03 17:04 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-03 17:04 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-01 22:51 --------- d-----w C:\Program Files\Free Download Manager
2008-08-01 12:27 --------- d-----w C:\Program Files\RegCleaner
2008-07-23 21:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-07-23 20:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-23 16:53 1,687,040 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-23 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-23 09:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-23 09:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-07-23 09:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-07-22 21:31 --------- d-----w C:\Program Files\Zone Labs
2008-07-22 19:48 --------- d-----w C:\Program Files\Windows Live
2008-07-22 19:37 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-22 19:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-22 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:21 --------- d-----w C:\Program Files\Realtek AC97
2008-07-22 18:39 --------- d-----w C:\Program Files\AMD
2008-07-22 18:26 --------- d-----w C:\Program Files\Java
2008-07-22 18:16 --------- d-----w C:\Program Files\Software Informer
2008-07-22 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-22 18:05 --------- d-----w C:\Program Files\uTorrent
2008-07-22 14:46 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-22 14:46 --------- d-----w C:\Program Files\Common Files\Java
2008-07-22 14:45 --------- d-----w C:\Program Files\Skype
2008-07-22 14:45 --------- d-----w C:\Program Files\NaturalPoint
2008-07-22 14:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-22 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-22 09:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-09 03:35 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 03:35 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
------- Sigcheck -------
2006-05-30 10:28 1289728 cca49b59735bb6efe1f22ac414ff4041 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 09:04 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 08:36 77824]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 06:35 919016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 11:31 13529088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 22:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2006-05-30 10:28 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 09:04 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 11:31 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 11:31 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-07-23 00:54 1271032 C:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 01:57 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 11:31 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-11-17 03:12 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32FiXTemDono"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
R3 NPUSB;NPUSB;C:\WINDOWS\system32\DRIVERS\npusb.sys [2007-03-23 16:21]
S3 jfdcd;jfdcd;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfdcd.sys []
S4 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-05-30 10:28]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qdkzg1cm.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 17:13:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-27 17:14:11
ComboFix-quarantined-files.txt 2008-08-27 14:14:09
Pre-Run: 66,429,980,672 bytes free
Post-Run: 66,743,640,064 bytes free
295 --- E O F --- 2008-08-14 21:55:20
Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 2
18:26:26 27.8.2008
mbam-log-08-27-2008 (18-26-26).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144101
Time elapsed: 43 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SDFix: Version 1.219
Run by Administrator on ke 27.08.2008 at 18:32
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix
Checking Services :
AUTOEXEC.NT Restored from backups
Config.nt Restored from backups
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 18:41:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
Files with Hidden Attributes :
Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Sat 5 Jul 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Wed 23 Jul 2008 64,354,496 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\94.24_forceware_winxp_international_whql.exe"
Sun 24 Aug 2008 2,045,693,512 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\AA283FullInstaller_SeeMePlayMe.exe"
Wed 23 Jul 2008 385,524,406 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_update_1.40.exe"
Wed 23 Jul 2008 185,192,855 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_incremental_update_1.401.50.exe"
Wed 23 Jul 2008 185,192,855 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_incremental_update_1.401.50(2).exe"
Sat 2 Aug 2008 509,996,350 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\ffur_2007_1.0_installation.exe"
Tue 22 Jul 2008 26,062,330 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\WDM_R199.exe"
Wed 6 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 22 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT4.tmp"
Tue 22 Jul 2008 9,597,926 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ef77232e6f7faea77bfc1ae4b57d4af\download\BIT76.tmp"
Tue 22 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\588786e399909bbe558853aada5a75c8\download\BIT81.tmp"
Finished!
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Aug 27 18:53:11 2008
Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
|
|
ImaMar
Newbie
|
27. elokuuta 2008 @ 19:35 |
Linkki tähän viestiin
|
Ja hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:01, on 27.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4274 bytes
|
|
Hujo
Suspended permanently
|
27. elokuuta 2008 @ 19:45 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
ImaMar
Newbie
|
28. elokuuta 2008 @ 02:50 |
Linkki tähän viestiin
|
|
MOro.
On mulla ne ne oli vaa disabloituna. :)
No toimii ihan hyvin mut esim mozillan avaaminen kestää edelleen.
Start up ehkä hieman parantunut.
Mikäköhän tossa Mozillassa oikein on?
|
|
Hujo
Suspended permanently
|
28. elokuuta 2008 @ 11:03 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
ImaMar
Newbie
|
31. elokuuta 2008 @ 18:30 |
Linkki tähän viestiin
|
Nyt löysin missä vika. Mozillassa oli asennettuna chatzilla eli mircciä vastaava ohjelma. Ja minulla on myös Mirc käytössä. Tuon Chatzillan kun poisti , kaikki alko toimii ku unelma.
Kiitos muuten neuvoista.
|
|
