Jatkuvasti yksi ohjelma päällä kirjautumisessa?

AfterDawn.com

AfterDawn.com Mainosta sivuillamme


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

sunnuntai 16.11.2025 / 07:31

Hae keskustelualueilta:

In English

Suomeksi

På svenska

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > jatkuvasti yksi ohjelma päällä kirjautumisessa?

Aiheet

Keskustelualueet

Keskustelualueet

Aloita uusi viestiketju

Jatkuvasti yksi ohjelma päällä kirjautumisessa?

Siirry:

Kirjoittaja

Viesti

Blackout

Newbie

9. joulukuuta 2008 @ 16:01

Linkki tähän viestiin

Joo siis, mulla on jatkuvasti "1 program running" tuolla kirjautumis ruudussa enkä löydä syytä siihen vaikka olen ajanut läpi scannit seuraavilla ohjelmilla moneen otteeseen;
Avast!
Ad-Aware
CCleaner
SpyBot S&D

Ajoin skannit viimeksin tänään ja menikin puoli päivää..

Nyt sitten kun olen yrittänyt hakea tietoa, kattella mikä vois olla vikana niin en ole löytänyt vastausta mokomaan.. Siellä se vaan toljottaa jatkuvasti että olisi yksi ohjelma koko ajan auki, vaikka kaikki suljen ja lukitsen koneen.. Myös kaikki ylimääräiset ja tarpeettomat prosessitkin olen ajanut alas.

Toinen ongelma tämän asian ilmestymisen jälkeen on että minulla pätkäsee netti välistä ja ei auta kuin ootella tai buutata kone että netti taas toimii.
Muilla koneilla ja LINUX ei ole tätä ongelmaa, vain tällä kyseisellä WinXP asennuksella.

Tässä ois HijackThis logi sitten tähän postin loppuun;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:47:50 PM, on 12/9/2008

Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\ADVANC~1\wh_exec.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\oodtray.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Last.fm\LastFM.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Blackout\Desktop\Desktop Files\SSH\putty.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Xfire\xfire.exe

D:\Games\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anime-ds.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.251:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: lsass.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221538593875

O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll,wbsys.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe



--

End of file - 8890 bytes

Hujo

Suspended permanently

10. joulukuuta 2008 @ 02:37

Linkki tähän viestiin

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

====================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

================

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Voiko tietsikka koskaan toimia?

Blackout

Newbie

10. joulukuuta 2008 @ 10:00

Linkki tähän viestiin

SDFix

Lainaus:
SDFix: Version 1.240
Run by Blackout on Wed 12/10/2008 at 09:47 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Blackout\Desktop\SDFix\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 09:53:49
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e5,bc,40,42,3b,a6,d8,b7,d0,44,c3,7e,93,60,6e,08,2d,55,9a,c1,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,3e,54,d1,c8,f2,e8,1b,28,5e,36,8e,8c,a1,30,f5,ee,..
"khjeh"=hex:e5,c4,07,18,f4,70,01,e4,4c,4a,65,0e,07,83,9a,5b,18,1a,07,46,0d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c9,dc,d1,ee,f6,ac,c4,63,6f,0e,0f,b5,e8,13,ff,47,3f,e2,80,27,e6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e5,bc,40,42,3b,a6,d8,b7,d0,44,c3,7e,93,60,6e,08,2d,55,9a,c1,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,3e,54,d1,c8,f2,e8,1b,28,5e,36,8e,8c,a1,30,f5,ee,..
"khjeh"=hex:e5,c4,07,18,f4,70,01,e4,4c,4a,65,0e,07,83,9a,5b,18,1a,07,46,0d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c9,dc,d1,ee,f6,ac,c4,63,6f,0e,0f,b5,e8,13,ff,47,3f,e2,80,27,e6,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="93ADF500800589986108AB5E6742107F83B8E9DB63B909020F560DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E66710C8C38C4853B9F1BE03C8CCE769BEF4AEA55C8B50652F7830F41CD0E7AB050B110D9FF7996AEF6E9967002EF8A0405260642E6D3F31A69769EB92108F0C3CB3181D0776936560166B0A95B5E0F967221486125D30E5153E510A7B46E98DEA6A229AB2797E11BF6A48CC7D9E0A54348292505A025294E7C20694A6A28A120B5DC5EB925A7140B593D858650BB4931BB4BB4C9065A9D2001DB99399375B7E0B5E273CC6D3DB4ADD5FD916A87E729F061B7D436FF30F38B46DB3D30B7B97BD4FE58377A305FE0A49BB1BB6DBE0AAE451C1DF4866802DE0CF73CD68E847523DAE8E29D0B4F0705D7BBD812CC4FE17D24F547A2C193E05EE8E177626D3DBED6D73177C3F36009A27EB1D042F5E0948DAC3237B0BDD496785A3E02EA41FD8A444DDE1F37C9AFCB9CD87B430B9D6939FF7E724A33E421C00CEB57E8DC25447033D9F761A060697E0BCAD85A50B1097D3A3E8EEC8E6849AC8F6DC43BD21B00FE853607F901F5462F56132B398A6A170F05DE74153E89809902E29A4FD24A2018C8ABACB874C10D5B2AF5D06D053D5DE552BF97CC1EC25907D299BBB9F74504E7567BE4EC7597D4DA41E6C69AC9CAA883311A825245E073F05A0AAC68881118D81F2ED9E2D541008ACA68D6D9AD053F3119DEE639F6E4D86F3D14028B4FA7339E0BB4176270E72A803C8E6452084360E4A5FC0846F10BB3B697DB9E4B056362F9754A135379D8238AE060EC9D30DEDA88D6B017ADEFBC917DAE669289F4CCD3280506FDEF5DDD09F8DE590766288C7F55ED689D7502F22370E57163FB65AE26846CAFD180F6AA23154726D6C8D52481092BE27D83868249D201D799B4242D3DCEA6092ADC029739D863B1AEC281025F254C29AD69FAB652F8085C0D29E88AE7DC2B36A8E5E3CEE7EFDD1FDE21CA8C7FEA40798552642AB36F2E88F213FF53A1DF669B24BD091F64E68CEF357E346D07754B1CB78F9B8735E8E1C7A612A97EC72832C101E11D4A06CC84A4EFC105911068AEF5109625DEA3AC0008B9779BF7416B92A18DFAF78371CF3644FA445948F37C17037F33846F6BFC7F14269DB83B0873F13D68FCF33B70594BF2F49BCEE867B4AE785C8E8CA2FC6B7578F9E923A37AA8B9ECAD0A77FD13226021B8541226526458CB3BE74855D8EF899D828F4834F44EA8466E9059AEC93FC57B197B3AF4E702A1B30AEF0D9033646A5F9966C3FF5FD008313C5C408A17CBD6E8766885A18F54453D993896953C531EABE9F78925B683EDCA8F35B0DBDA362F72478C728CC39B1F7880FF81D34251B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a3
"TracesSuccessful"=dword:00000042

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Games\\Steam\\SteamApps\\Sleekker\\counter-strike source\\hl2.exe"="D:\\Games\\Steam\\SteamApps\\Sleekker\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"D:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="D:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="D:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\is-B1QLB.tmp"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 23 Sep 2008 15,394,248 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67a122bc8bd6a1697a6a1643fb1c86c2\BIT538.tmp"
Tue 16 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\94e2de28cb8ee27606822ca199876d4a\BIT1E.tmp"
Mon 3 Nov 2008 3,633 ...HR --- "C:\Documents and Settings\Blackout\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 7 Nov 2008 82,458 A.SH. --- "C:\Documents and Settings\Blackout\Start Menu\Programs\Startup\lsass.exe"

Finished!

HijackThis

Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:32 AM, on 12/10/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\ADVANC~1\wh_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anime-ds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.251:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: lsass.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1221538593875
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,wbsys.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8682 bytes

- postitan ton MallwareBytes tilanteen myöhemmin tuon ComboFIX tuolosten kanssa. Menee heti MallwareBytes skannilla kun on niin paljon tavaraa koneella ja kerkeän käydä asioilla sitä odotellessa.

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. joulukuuta 2008 @ 10:10

Blackout

Newbie

10. joulukuuta 2008 @ 11:57

Linkki tähän viestiin

Malwarebytes

Lainaus:
Malwarebytes' Anti-Malware 1.31
Database version: 1482
Windows 5.1.2600 Service Pack 3, v.5657

12/10/2008 11:34:05 AM
mbam-log-2008-12-10 (11-34-05).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 194418
Time elapsed: 1 hour(s), 29 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\****\Software\Sony Vegas Movie Studio 60d and Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Blackout\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

ComboFix

Lainaus:
ComboFix 08-12-09.02 - Blackout 2008-12-10 11:40:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1459 [GMT 2:00]
Running from: c:\documents and settings\Blackout\Desktop\ASD\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 10:02 . 2008-12-10 10:02 <DIR> d-------- c:\program files\Malwarebytes Anti-Malware
2008-12-10 10:02 . 2008-12-10 10:02 <DIR> d-------- c:\documents and settings\Blackout\Application Data\Malwarebytes
2008-12-10 10:02 . 2008-12-10 10:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 10:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 10:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 09:44 . 2008-12-10 09:44 <DIR> d-------- c:\windows\ERUNT
2008-12-09 11:36 . 2008-12-09 11:38 <DIR> d-------- c:\documents and settings\Blackout\.onnet
2008-12-04 08:14 . 2008-12-04 08:28 <DIR> d-------- c:\program files\Atomic Alarm Clock
2008-12-03 02:04 . 2007-12-01 00:27 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-03 02:04 . 2007-12-01 00:27 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-03 02:02 . 2008-12-03 02:02 <DIR> d-------- c:\windows\system\Precopy
2008-12-03 02:02 . 2008-12-03 02:02 <DIR> d-------- c:\program files\BlazeVideo
2008-12-03 02:02 . 2008-12-03 02:02 668,938 --a------ c:\windows\unins000.exe
2008-12-03 02:02 . 2003-01-21 15:45 114,688 --a------ c:\windows\system\JpegCode.dll
2008-12-03 02:02 . 2004-01-22 12:41 46,944 --a------ c:\windows\system32\drivers\CoachUsb.sys
2008-12-03 02:02 . 2003-11-03 17:31 44,256 --a------ c:\windows\system32\drivers\CoachVc.sys
2008-12-03 02:02 . 2003-11-04 17:54 16,896 --a------ c:\windows\system\CoachDlg.dll
2008-12-03 02:02 . 2004-01-06 13:10 8,192 --a------ c:\windows\system\CoachWrp.dll
2008-12-03 02:02 . 2003-05-08 16:58 5,632 --a------ c:\windows\system\CoachSti.dll
2008-12-03 02:02 . 2008-12-03 02:02 1,433 --a------ c:\windows\unins000.dat
2008-12-02 16:32 . 2008-12-02 16:34 <DIR> d-------- c:\program files\VTFEdit
2008-12-02 13:54 . 2008-12-02 13:54 85,536 --a------ c:\windows\system32\Sdd000.dll
2008-12-02 13:44 . 2008-12-02 13:44 <DIR> d-------- c:\windows\PLAYXPERT In-Game Platform
2008-12-02 13:44 . 2008-12-02 13:44 <DIR> d-------- c:\documents and settings\Blackout\Application Data\PLAYXPERT In-Game Platform
2008-12-02 13:37 . 2008-12-02 13:53 <DIR> d-------- c:\program files\PLAYXPERT
2008-12-02 13:14 . 2008-12-02 13:14 0 --ah----- c:\windows\SwSys2.bmp
2008-12-02 13:14 . 2008-12-02 13:14 0 --ah----- c:\windows\SwSys1.bmp
2008-12-02 09:01 . 2008-12-02 13:25 <DIR> d-------- c:\program files\Game Overlay
2008-11-29 05:47 . 2008-11-29 05:48 <DIR> d-------- c:\program files\ManyCam 2.3
2008-11-28 01:41 . 2007-12-01 00:27 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-11-28 01:41 . 2007-12-01 00:27 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-11-28 01:41 . 2007-12-01 00:27 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-11-28 01:41 . 2007-12-01 00:27 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-11-28 01:41 . 2007-12-01 00:26 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-28 01:41 . 2007-12-01 00:26 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-28 01:41 . 2007-12-01 00:27 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-11-28 01:41 . 2007-12-01 00:27 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-11-28 01:41 . 2007-12-01 00:27 28,672 --a------ c:\windows\system32\vidcap.ax
2008-11-28 01:41 . 2007-12-01 00:27 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-11-28 01:41 . 2004-09-15 04:49 24,576 -ra------ c:\windows\system32\RunSetup.dll
2008-11-28 01:40 . 2008-11-28 01:40 <DIR> d-------- c:\windows\CatRoot
2008-11-28 01:40 . 2008-11-28 01:40 <DIR> d-------- c:\program files\Vimicro
2008-11-28 01:40 . 2000-10-31 12:00 307,200 --a------ c:\windows\vidcap32.Exe
2008-11-28 01:40 . 2004-08-31 13:26 233,539 --a------ c:\windows\system32\VM31bPrp.Ax
2008-11-28 01:40 . 2002-08-22 16:34 147,456 --a------ c:\windows\VMCap.exe
2008-11-28 01:40 . 2004-08-17 11:44 91,263 --a------ c:\windows\system32\drivers\usbVM31b.sys
2008-11-28 01:40 . 2003-05-15 17:17 61,440 --a------ c:\windows\system32\VM31bSTI.dll
2008-11-28 01:40 . 2002-08-22 17:02 53,248 --a------ c:\windows\StillCap.exe
2008-11-28 01:40 . 2002-10-16 09:29 49,152 --a------ c:\windows\amcap.exe
2008-11-28 01:40 . 2004-06-09 15:37 40,960 --a------ c:\windows\VM_STI.EXE
2008-11-26 22:04 . 2008-11-26 22:04 <DIR> d-------- c:\documents and settings\Blackout\Application Data\vlc
2008-11-26 22:02 . 2008-11-26 22:03 <DIR> d-------- c:\program files\vlc-0.9.6
2008-11-25 22:19 . 2008-11-18 20:00 26,016 --a------ c:\windows\system32\drivers\KuirKbdFltr.sys
2008-11-25 22:19 . 2008-11-18 20:00 23,200 --a------ c:\windows\system32\drivers\KuirMouFltr.sys
2008-11-25 16:57 . 2008-11-25 16:57 <DIR> d-------- C:\Fraps
2008-11-25 01:13 . 2008-11-25 01:13 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-25 01:13 . 2008-11-25 01:13 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-20 22:44 . 2008-11-20 22:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-17 23:44 . 2008-06-16 14:43 6,272 --a------ c:\windows\system32\drivers\BS_I2cIo.sys
2008-11-17 23:44 . 2007-08-16 10:09 3,604 --a------ c:\windows\system32\drivers\BS_Flash.sys
2008-11-17 23:42 . 2008-11-17 23:44 <DIR> d-------- c:\program files\BIOS Update
2008-11-17 23:37 . 2008-11-17 23:57 <DIR> d-------- c:\program files\NOS
2008-11-17 23:37 . 2008-11-17 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-17 20:07 . 2008-11-17 20:22 <DIR> d-------- C:\HammerAutosave
2008-11-17 18:45 . 2008-11-17 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-17 02:13 . 2008-11-17 02:13 <DIR> d-------- c:\windows\system32\oodag
2008-11-17 02:10 . 2008-12-10 11:44 25,540 --a------ c:\windows\system32\oodbs.lor
2008-11-17 02:08 . 2008-11-17 02:08 0 --a------ c:\windows\oodcnt.INI
2008-11-17 02:07 . 2008-11-17 02:07 <DIR> d-------- c:\program files\OO Software
2008-11-17 01:16 . 2008-11-17 01:16 <DIR> d-------- c:\program files\Yahoo!
2008-11-14 16:31 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:39 . 2008-11-13 21:39 <DIR> d-------- c:\program files\Advanced Port Scanner
2008-11-11 21:42 . 2008-11-11 21:42 <DIR> d-------- C:\Logs
2008-11-11 15:08 . 2008-11-11 15:08 <DIR> d-------- c:\program files\Ventrilo
2008-11-11 15:08 . 2008-11-11 15:08 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 19:30 --------- d-----w c:\documents and settings\Blackout\Application Data\foobar2000
2008-12-09 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 12:58 --------- d-----w c:\documents and settings\Blackout\Application Data\Xfire
2008-12-05 14:32 --------- d-----w c:\documents and settings\Blackout\Application Data\uTorrent
2008-12-04 02:31 --------- d-----w c:\program files\Xfire
2008-11-27 23:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 08:19 99,216 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-27 08:19 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-27 08:19 143,096 ----a-w c:\windows\system32\guard32.dll
2008-11-25 20:51 --------- d-----w c:\documents and settings\Blackout\Application Data\Ventrilo
2008-11-24 12:48 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-20 06:31 --------- d-----w c:\documents and settings\Blackout\Application Data\NoNameScript
2008-11-20 04:21 --------- d-----w c:\program files\mIRC
2008-11-18 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-17 21:39 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 13:38 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-16 13:37 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-15 23:24 22,328 ----a-w c:\documents and settings\Blackout\Application Data\PnkBstrK.sys
2008-11-15 23:23 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-11-15 23:23 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-11 14:47 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-11 13:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 10:17 --------- d-----w c:\program files\EvilLyrics
2008-11-09 21:41 --------- d-----w c:\program files\eMule
2008-11-08 18:58 --------- d-----w c:\program files\VentriloMIX
2008-11-08 18:42 --------- d-----w c:\program files\VentSrv 3
2008-11-05 10:57 --------- d-----w c:\program files\Trend Micro
2008-11-05 10:03 --------- d-----w c:\documents and settings\Blackout\Application Data\Nokia
2008-11-04 14:06 --------- d-----w c:\documents and settings\Blackout\Application Data\HLSW
2008-11-04 13:50 --------- d-s---w c:\program files\HLSW
2008-11-04 05:40 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 05:38 --------- d-----w c:\program files\MSBuild
2008-11-04 05:35 --------- d-----w c:\program files\Reference Assemblies
2008-11-04 05:27 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-04 05:22 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-04 05:22 --------- d-----w c:\documents and settings\Blackout\Application Data\DAEMON Tools
2008-11-03 09:09 --------- d-----w c:\documents and settings\Blackout\Application Data\Bioshock
2008-11-03 08:00 --------- d--h--r c:\documents and settings\Blackout\Application Data\SecuROM
2008-11-03 07:10 --------- d-----w c:\program files\RivaTuner v2.11
2008-11-01 13:57 --------- d-----w c:\program files\QuickTime
2008-11-01 08:27 --------- d-----w c:\program files\MSXML 4.0
2008-10-30 20:24 --------- d-----w c:\documents and settings\Blackout\Application Data\Ahead
2008-10-30 20:10 --------- d-----w c:\documents and settings\Blackout\Application Data\Nero
2008-10-30 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-10-30 19:59 --------- d-----w c:\program files\Common Files\Ahead
2008-10-30 19:58 --------- d-----w c:\program files\Windows Sidebar
2008-10-30 19:58 --------- d-----w c:\program files\Nero
2008-10-30 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-29 06:33 --------- d-----w c:\program files\DirectX Happy Uninstall
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-10-24 05:43 --------- d-----w c:\program files\Nokia
2008-10-24 05:43 --------- d-----w c:\program files\MSXML 6.0
2008-10-24 05:43 --------- d-----w c:\program files\Common Files\Nokia
2008-10-24 05:42 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-24 05:39 --------- d-----w c:\documents and settings\Blackout\Application Data\PC Suite
2008-10-24 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-24 05:00 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-24 05:00 --------- d-----w c:\program files\DIFX
2008-10-24 05:00 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-24 04:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 04:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-23 19:36 --------- d-----w c:\documents and settings\Blackout\Application Data\Warsow
2008-10-22 19:23 --------- d-----w c:\program files\DivX
2008-10-22 17:18 --------- d-----w c:\program files\CCleaner
2008-10-22 13:01 --------- d-----w c:\documents and settings\Blackout\Application Data\Move Networks
2008-10-21 04:45 --------- d-----w c:\program files\RivaTuner
2008-10-21 04:13 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-21 04:10 --------- d-----w c:\program files\ATI Technologies
2008-10-19 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:22 --------- d-----w c:\documents and settings\Blackout\Application Data\Ubisoft
2008-10-14 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2008-10-14 20:37 --------- d-----w c:\documents and settings\Blackout\Application Data\InstallShield
2008-10-14 14:50 --------- d-----w c:\program files\AlienGUIse
2008-10-14 14:48 --------- d-----w c:\program files\Common Files\Stardock
2008-10-14 14:16 --------- d-----w c:\program files\FileSubmit
2008-10-13 15:01 --------- d-----w c:\program files\Gaming Mouse
2008-10-11 20:44 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-10 15:03 --------- d-----w c:\program files\foobar2000
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 23:16 131,072 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-27 1796856]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2008-02-21 98304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-27 1796856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-01 413696]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.XFR1"= xfcodec.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Games\\Steam\\SteamApps\\Sleekker\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-16 110160]
R1 BS_I2cIo;BS_I2cIo;\??\c:\windows\system32\drivers\BS_I2cIo.sys [2008-11-17 6272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-16 99216]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-16 31504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-16 20560]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem;c:\windows\system32\DRIVERS\KuirKbdFltr.sys [2008-11-25 26016]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem;c:\windows\system32\DRIVERS\KuirMouFltr.sys [2008-11-25 23200]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2008-11-28 91263]
S3 BS_Flash;BS_Flash;\??\c:\program files\BIOS Update\Award\BS_Flash.sys [2008-11-17 3604]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-24 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-24 8320]
S3 Usb;Digital Camera on USB;c:\windows\system32\DRIVERS\CoachUsb.sys [2008-12-03 46944]
S3 Vc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys [2008-12-03 44256]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.anime-ds.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 67.69.254.251:80
FireFox -: Profile - c:\documents and settings\Blackout\Application Data\Mozilla\Firefox\Profiles\dpc33z7v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://maxwelldon.no-ip.info/
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 11:44:51
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\msiexec.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2008-12-10 11:48:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 09:48:13

Pre-Run: 41,152,393,216 bytes free
Post-Run: 41,061,539,840 bytes free

318 --- E O F --- 2008-11-29 20:15:07

Muuten ihan kivat mutta ComboFix poisti tuon "Autorun" filun mun ulkoselta kiinnolta.. Noh, pitänee kirjotella uus tai etti korvaava.
Niin ja vielä ilmenee "1 program running" tuossa kirjautumis ruudulla kun lukitsee koneen, netin pätkimisestä en tiedä vielä.

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. joulukuuta 2008 @ 12:06

Hujo

Suspended permanently

10. joulukuuta 2008 @ 15:46

Linkki tähän viestiin

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

==============

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

Voiko tietsikka koskaan toimia?

Blackout

Newbie

11. joulukuuta 2008 @ 14:40

Linkki tähän viestiin

JavaRa

Lainaus:
JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Dec 11 14:22:56 2008

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

Netti ei ole katkeillut nytten mutta tuo "1 ohjelma auki" ongelma vieläkin ilmenee.. Aika omituinen vika kyllä.

Hujo

Suspended permanently

12. joulukuuta 2008 @ 05:05

Linkki tähän viestiin

scannaa uusi hjt:n loki

Voiko tietsikka koskaan toimia?

Blackout

Newbie

12. joulukuuta 2008 @ 05:29

Linkki tähän viestiin

HijackThis

Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:15 AM, on 12/12/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ADVANC~1\wh_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Blackout\Desktop\Desktop Files\SSH\putty.exe
D:\Games\Steam\Steam.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anime-ds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.251:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1221538593875
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8848 bytes

Mainos

Hujo

Suspended permanently

12. joulukuuta 2008 @ 06:43

Linkki tähän viestiin

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

====================

Tarkista Kaspersky Online Skannerilla

1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
3. Kun lataus on valmis, klikkaa Settings.
4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

Voiko tietsikka koskaan toimia?

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > jatkuvasti yksi ohjelma päällä kirjautumisessa?

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme

© 1999-2025 AfterDawn Oy