Kun mikään ei auta!

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

lauantai 15.11.2025 / 12:14

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kun mikään ei auta!

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Kun mikään ei auta!

Siirry:

Kirjoittaja

Viesti

JoNazs

Junior Member

2. marraskuuta 2008 @ 16:09

Linkki tähän viestiin

Ei enää omat taidot tunnu riittävän. Olen ajanut koneen läpi seuraavilla ohjelmilla tältä sivustolta saamieni ohjeiden mukaan: AVG, Cureit ja CCleaner. Lisäksi olen tutkinut EasyCleanerilla josko turhaa rekisteriä löytyisi.

Tästä huolimatta kone tuntuu äärimmäisen rasakaalta käyttää :(

Tässä HJT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 16:05:10, on 2.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
E:\AntiVirukset\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\P2P\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
E:\AntiVirukset\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\AntiVirukset\AVG Anti-Spyware 7.5\avgas.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Pakkaus\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
E:\P2P\Client Manager3\cm3_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
E:\Adobe\Photoshop CS3\Adobe Photoshop CS3\Photoshop.exe
E:\Mozilla Firefox\firefox.exe
E:\AntiVirukset\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AntiVirukset\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [b8df1bf5] rundll32.exe "C:\WINDOWS\system32\kwykjjmf.dll",b
O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: xpjndt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AntiVirukset\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[ + lainaa]

Mullon sellanen perse

kalminen

AfterDawn Addict

2. marraskuuta 2008 @ 17:04

Linkki tähän viestiin

Tauhkaa on !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

-----------------------------------------------------------------

Poista ne rivit jotka on jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

[ + lainaa]

(:)

JoNazs

Junior Member

3. marraskuuta 2008 @ 22:10

Linkki tähän viestiin

No niin... Tässä on nyt ne kolme eri lokia:

Logfile of HijackThis v1.99.1
Scan saved at 22:04:40, on 3.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\P2P\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
E:\ANTIVI~1\AVGANT~1\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
E:\AntiVirukset\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\ANTIVI~1\AVGANT~1\avgtray.exe
E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
E:\Pakkaus\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\P2P\Client Manager3\cm3_tray.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
E:\AntiVirukset\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll rmicnh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

____________________________________________________________________

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1357
Windows 5.1.2600 Service Pack 2

3.11.2008 6:28:10
mbam-log-2008-11-03 (06-28-01).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 267809
Kulunut aika: 2 hour(s), 27 minute(s), 18 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 7
Saastuneita rekisteriavaimia: 15
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 22

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
C:\WINDOWS\system32\ddcdaArp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kwykjjmf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yypagdrh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xpjndt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRLcdAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lhgjdixm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rmicnh.dll (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrlcdar (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{96dca48e-f85f-46d9-a315-5e0da32df718} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96dca48e-f85f-46d9-a315-5e0da32df718} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdaarp -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdaarp -> No action taken.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\ddcdaArp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\prAadcdd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\prAadcdd.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kwykjjmf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmjjkywk.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yypagdrh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hrdgapyy.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xpjndt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRLcdAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lhgjdixm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rmicnh.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Joonas ja Piia\Local Settings\Temporary Internet Files\Content.IE5\SIKAFPDV\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Joonas ja Piia\Local Settings\Temporary Internet Files\Content.IE5\WO65WH8I\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{860247B8-C4D6-4B36-B831-6302D60D1F73}\RP313\A0057758.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uwxkbqxy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfDwWPI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\knefvt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\porsmtxl.dll (Trojan.Vundo) -> No action taken.
E:\Hex Workshop v5\Hex 4.2.3\Keygen.exe (Spyware.OnlineGames) -> No action taken.
G:\Downloads\Office 2007 Enterprice Fin\crack.exe (Trojan.Dropper) -> No action taken.
G:\Downloads\WinXP Manager 5.2.0\CORE10k.EXE (Trojan.Agent) -> No action taken.
C:\Program Files\Common Files\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

____________________________________________________________________

ComboFix 08-11-02.05 - Joonas ja Piia 2008-11-03 21:39:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT 2:00]
Sijainti: e:\antivirukset\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Joonas ja Piia\Application Data\inst.exe
c:\windows\system32\nrrintmr.ini
E:\Autorun.inf
G:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-10-03 to 2008-11-03 )))))))))))))))))
.

2008-11-02 21:09 . 2008-11-03 03:53 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-02 21:00 . 2008-11-02 21:00 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Malwarebytes
2008-11-02 21:00 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 20:59 . 2008-11-02 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 20:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-02 16:38 . 2008-11-02 16:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-02 16:37 . 2008-11-03 15:45 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-02 16:37 . 2008-11-03 19:15 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\AVGTOOLBAR
2008-11-02 16:37 . 2008-11-02 16:37 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-02 16:36 . 2008-11-02 16:36 <DIR> d-------- c:\program files\AVG
2008-11-02 11:01 . 2008-11-02 11:01 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Reallusion
2008-11-02 11:01 . 2008-11-02 11:12 43 --a------ c:\windows\FFS20ChtReg.ini
2008-11-01 11:43 . 2008-11-01 11:43 <DIR> d-------- c:\program files\KarntheBetrayer
2008-10-26 18:35 . 2008-10-26 18:35 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Leadertech
2008-10-23 17:43 . 2008-10-23 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-10-23 17:35 . 2008-10-23 17:35 0 --a------ c:\windows\ativpsrm.bin
2008-10-23 17:09 . 2008-08-08 15:12 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2008-10-23 17:09 . 2008-08-08 15:12 887,724 --a------ c:\windows\system32\ativva6x.dat
2008-10-23 17:09 . 2008-08-08 14:52 253,952 --a------ c:\windows\system32\atiok3x2.dll
2008-10-23 17:09 . 2008-08-05 16:15 90,112 --a------ c:\windows\system32\ATIBRTMON.EXE
2008-10-23 17:09 . 2008-08-08 14:58 48,640 --a------ c:\windows\system32\amdpcom32.dll
2008-10-23 17:09 . 2008-11-03 06:37 47,604 --a------ c:\windows\system32\ativvaxx.cap
2008-10-23 17:09 . 2008-08-08 14:53 35,328 --a------ c:\windows\system32\atiadlxx.dll
2008-10-23 17:09 . 2008-07-24 05:01 14,505 --a------ c:\windows\atiogl.xml
2008-10-21 15:34 . 2008-10-21 15:34 <DIR> d-------- c:\windows\Logs
2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\windows\system32\Adobe
2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\windows\Profiles
2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\InterTrust
2008-10-04 23:47 . 2004-05-17 08:15 17,536 --a------ c:\windows\system32\drivers\PCASp50.sys
2008-10-04 22:36 . 2006-06-02 08:25 1,536 --a------ c:\windows\system32\bwsvc_event.dll
2008-10-04 22:35 . 2008-10-04 22:35 21,275 --a------ c:\windows\system32\drivers\AegisP.sys
2008-10-04 22:35 . 2007-01-11 09:19 11,008 -ra------ c:\windows\system32\BUFADPT.SYS
2008-10-04 22:34 . 2008-10-04 22:34 <DIR> d-------- c:\windows\system32\driver

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 04:35 4,084,224 ----a-w c:\windows\Internet Logs\xDB22.tmp
2008-11-03 04:35 2,896,896 ----a-w c:\windows\Internet Logs\xDB21.tmp
2008-11-03 04:34 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\uTorrent
2008-11-02 14:36 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-02 13:24 4,062,720 ----a-w c:\windows\Internet Logs\xDB20.tmp
2008-11-02 13:24 3,004,416 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-11-02 08:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 21:44 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\Vso
2008-11-01 16:41 47,360 ----a-w c:\documents and settings\Joonas ja Piia\Application Data\pcouffin.sys
2008-11-01 10:58 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\dvdcss
2008-10-27 16:14 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\OpenOffice.org2
2008-10-26 17:14 4,029,440 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-26 17:14 221,184 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-26 17:04 60,416 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-26 17:04 4,028,928 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-24 21:03 4,010,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-24 21:03 3,214,336 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-23 15:43 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\ATI
2008-10-23 15:22 --------- d-----w c:\program files\ATI Technologies
2008-10-23 14:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-22 05:32 3,982,848 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-22 05:32 1,991,680 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-21 13:33 22,328 ----a-w c:\documents and settings\Joonas ja Piia\Application Data\PnkBstrK.sys
2008-10-21 13:11 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-18 14:01 15,098,776 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-18 13:59 3,961,856 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-18 13:59 3,515,904 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-10-04 23:21 --------- d-----w c:\program files\Common Files\Adobe
2008-10-04 19:10 3,937,280 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-10-04 19:10 2,757,632 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-10-03 20:32 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\Vidalia
2008-10-03 20:32 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\tor
2008-09-19 12:16 2,960,896 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-09-06 06:50 3,886,080 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-09-06 06:50 2,861,056 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-08-29 19:45 3,879,936 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-08-29 19:45 1,053,184 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-08-16 22:52 3,865,600 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-08-16 22:52 2,184,192 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-08-08 13:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-08-08 13:48 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-08-08 13:38 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-08-08 13:38 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-08-08 13:38 184,320 ----a-w c:\windows\system32\atipdlxx.dll
2008-08-08 13:38 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-08-08 13:37 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-08-08 13:36 573,440 ----a-w c:\windows\system32\ati2evxx.exe
2008-08-08 13:34 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-08-08 13:33 9,932,800 ----a-w c:\windows\system32\atioglxx.dll
2008-08-08 13:31 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-08-08 13:25 3,917,984 ----a-w c:\windows\system32\ati3duag.dll
2008-08-08 13:13 2,183,680 ----a-w c:\windows\system32\ativvaxx.dll
2008-08-08 12:54 376,832 ----a-w c:\windows\system32\atikvmag.dll
2008-08-08 12:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-08-08 12:46 561,152 ----a-w c:\windows\system32\ati2cqag.dll
2008-08-04 09:41 3,857,920 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-08-04 09:41 2,053,632 ----a-w c:\windows\Internet Logs\xDBA.tmp
.

------- Sigcheck -------

2007-09-03 11:09 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="e:\video-audio\AnyDVD 6.1.7.4\AnyDVD.exe" [2004-09-09 439808]
"DAEMON Tools"="e:\pakkaus\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ZoneAlarm Client"="e:\antivirukset\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"GrooveMonitor"="e:\microsoft office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"AVG8_TRAY"="e:\antivi~1\AVGANT~1\avgtray.exe" [2008-11-02 1234712]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - e:\p2p\Client Manager3\cm3_tray.exe [2008-10-04 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll rmicnh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"e:\\P2P\\uTorrent\\utorrent.exe"=
"e:\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Yahoo!\\Messenger\\YServer.exe"=
"e:\\Video-Audio\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Call Of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Company of Heroes\\RelicCOH.exe"=
"e:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\P2P\\SmartFTP Client\\SmartFTP.exe"=
"e:\\P2P\\Client Manager3\\BWSVC\\bwsvc.exe"=
"e:\\P2P\\Client Manager3\\AOSS\\aoss.exe"=
"f:\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\AntiVirukset\\AVG Anti-Spyware 8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-02 97928]
R1 BUFADPT;BUFADPT;c:\windows\system32\BUFADPT.SYS [2007-01-11 11008]
R2 avg8wd;AVG Free8 WatchDog;e:\antivi~1\AVGANT~1\avgwdsvc.exe [2008-11-02 231704]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2004-08-04 36224]
R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [ ]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2004-05-17 17536]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc41ca9-5a0e-11dc-b0f5-806d6172696f}]
\Shell\AutoRun\command - H:\Setup.exe

*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- e:\tuneup\OneClick.exe []

2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - c:\documents and settings\Joonas ja Piia\Application Data\Mozilla\Firefox\Profiles\ah6cc1zq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sports-ak.espn.go.com/nhl/index
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - e:\adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - e:\mozilla firefox\plugins\np-mswmp.dll
FF -: plugin - e:\mozilla firefox\plugins\np32dsw.dll
FF -: plugin - e:\mozilla firefox\plugins\npdivx32.dll
FF -: plugin - e:\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - e:\mozilla firefox\plugins\npitunes.dll
FF -: plugin - e:\mozilla firefox\plugins\npmozax.dll
FF -: plugin - e:\mozilla firefox\plugins\npnul32.dll
FF -: plugin - e:\mozilla firefox\plugins\NPOFF12.DLL
FF -: plugin - e:\mozilla firefox\plugins\nppdf32.dll
FF -: plugin - e:\mozilla firefox\plugins\nppl3260.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin2.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin3.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin4.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin5.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin6.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin7.dll
FF -: plugin - e:\mozilla firefox\plugins\nprpjplug.dll
FF -: plugin - e:\video-audio\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - e:\video-audio\DivX\DivX Web Player\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 21:46:33
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-11-03 21:50:04
ComboFix-quarantined-files.txt 2008-11-03 19:49:37

Ennen ajoa: 6 882 246 656 bytes free
Ajon jälkeen: 6,864,445,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2007-12-04 13:17:19

[ + lainaa]

Mullon sellanen perse

kalminen

AfterDawn Addict

4. marraskuuta 2008 @ 13:15

Linkki tähän viestiin

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 10.
jre-6u10-windows-i586-p.exe => 15.?? MB

--------------------------------------------------

Aja MB-AM uudelleen:

* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.

Lähetä HJT ja MB-AM logit =>
.

[ + lainaa]

(:)

JoNazs

Junior Member

5. marraskuuta 2008 @ 16:17

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 16:16:24, on 5.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
E:\AntiVirukset\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
E:\ANTIVI~1\AVGANT~1\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\P2P\Client Manager3\bwsvc\bwsvc.exe
E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
E:\ANTIVI~1\AVGANT~1\avgrsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
E:\Pakkaus\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehSched.exe
E:\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
E:\P2P\Client Manager3\cm3_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Mozilla Firefox\firefox.exe
E:\P2P\uTorrent\utorrent.exe
E:\AntiVirukset\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\AntiVirukset\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll rmicnh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Java\jre6\bin\jqs.exe" -service -config "E:\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

_____________________________________________________________________

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1357
Windows 5.1.2600 Service Pack 2

5.11.2008 6:28:49
mbam-log-2008-11-05 (06-28-49).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 268872
Kulunut aika: 2 hour(s), 35 minute(s), 23 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{860247B8-C4D6-4B36-B831-6302D60D1F73}\RP314\A0057839.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

_____________________________________________________________________

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 04 15:44:59 2008

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

[ + lainaa]

Mullon sellanen perse

kalminen

AfterDawn Addict

5. marraskuuta 2008 @ 16:40

Linkki tähän viestiin

Päivitä Windows SP3:
http://www.microsoft.com/downloads/Search.aspx?displaylang=fi

******************************************
Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

*************************************************************

Ota ensin rekisteristä näin varmuuskopio:

Alapalkista > Käynnistä > Suorita -> regedit -> ok.
Klikkaa hiirellä omatietokone rivi aktiiviseksi.
Sitten Tiedosto -> Vie. Kirjoita sille Roope Tiedoston nimi ja
Tallennus Kohde sarakkeeseen valitset (C:) juureen. Vientialueeseen "täppi" kohtaan kaikki.
Poistu Regeditistä.

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg Notepad muistiossa
työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00 



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

Tuplaklikkaa työpöydällä fix.reg ja paina kyllä ja ok.
Käynnistä kone uudelleen.

Lähetä vielä HJT logi =>

Kuinka kone pelittää nyt ???
D:

[ + lainaa]

(:)

JoNazs

Junior Member

6. marraskuuta 2008 @ 19:20

Linkki tähän viestiin

Kiitos paljon avusta! Nyt ainakin tuntuu että menee paremmin. Toki pientä raskautta on mutta liekö vaan liikaa ohjelmia asennettuna :)

Jos jotain voi vielä tehdä niin teen mielelläni mutta nyt on jo mukavempi käyttää konetta. Iso tattis.

Logfile of HijackThis v1.99.1
Scan saved at 19:18:52, on 6.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\P2P\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
E:\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
E:\ANTIVI~1\AVGANT~1\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
E:\AntiVirukset\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\ANTIVI~1\AVGANT~1\avgtray.exe
E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
E:\Pakkaus\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
E:\P2P\Client Manager3\cm3_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Adobe\Photoshop CS3\Adobe Photoshop CS3\Photoshop.exe
E:\Mozilla Firefox\firefox.exe
E:\AntiVirukset\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Java\jre6\bin\jqs.exe" -service -config "E:\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[ + lainaa]

Mullon sellanen perse

kalminen

AfterDawn Addict

6. marraskuuta 2008 @ 19:54

Linkki tähän viestiin

Muuten OK !!!

Tämän Fixaa HJT:llä pois:
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

D:

[ + lainaa]

(:)

Mainos