Liikaa prosesseja - haittaohjelmia?

AfterDawn.com

AfterDawn.com Mainosta sivuillamme


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

sunnuntai 8.6.2025 / 21:10

Hae keskustelualueilta:

In English

Suomeksi

På svenska

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > liikaa prosesseja - haittaohjelmia?

Aiheet

Keskustelualueet

Keskustelualueet

Aloita uusi viestiketju

Liikaa prosesseja - haittaohjelmia?

Siirry:

Kirjoittaja

Viesti

elchico_

Newbie

11. elokuuta 2009 @ 23:54

Linkki tähän viestiin

Koneessani oli virus, joka hävitti kovalevyn jotenkin näkyvistä. "Ammattilainen" hoiti sen asian kuntoon, mutta koneella on edelleen liikaa kaikkea turhaa ja se on käsittämättömän hidas.

Poistelin ohjelmia joita uskalsin, edelleen käynnistysvaiheessa yhdessä Winukan kanssa aukeaa n.40 muuta ohjelmaa ja niitä pitäisi karsia. Laitoin login nyt kuitenkin tähän, koska jotenkin tuntuu ettei kaikki ole kunnossa.

-----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:56, on 11.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Ohjelmat\vpn\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Ohjelmat\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {23DC814C-C8AE-464D-993A-A55DEF80F86B} (NewLogin.ctlLogin) - http://timesheet.lionbridge.com/login/Login.CAB
O16 - DPF: {3A69525E-7CF7-446A-8C5F-9D734E751B8C} (Timesheet.ctlTS) - http://timesheet.lionbridge.com/Timesheet/Timesheet.CAB
O16 - DPF: {869918A4-D254-4CCB-AA52-7E8306AF937A} (xLogin.ctlLogin) - http://timesheet.lionbridge.com/twin.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {E14385A9-F2F1-41D0-BD5B-3043BC045FC5} (xToolbar.ctlToolbar) - http://timesheet.lionbridge.com/Toolbar/xToolbar.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7868 bytes

AfterDawn Addict

12. elokuuta 2009 @ 12:29

Linkki tähän viestiin

Ei paha !!!

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 16.
jre-6u16-windows-i586-p.exe => 15.?? MB
Lataa työpöydälle ja sammuta kaikki selaimet ennen asennusta

---------------------------------------------------------------------------------------

Lataus ja siivous ohjeet: TÄÄLLÄ

--------------------------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {23DC814C-C8AE-464D-993A-A55DEF80F86B} (NewLogin.ctlLogin) - http://timesheet.lionbridge.com/login/Login.CAB
O16 - DPF: {3A69525E-7CF7-446A-8C5F-9D734E751B8C} (Timesheet.ctlTS) - http://timesheet.lionbridge.com/Timesheet/Timesheet.CAB
O16 - DPF: {869918A4-D254-4CCB-AA52-7E8306AF937A} (xLogin.ctlLogin) - http://timesheet.lionbridge.com/twin.CAB
O16 - DPF: {E14385A9-F2F1-41D0-BD5B-3043BC045FC5} (xToolbar.ctlToolbar) - http://timesheet.lionbridge.com/Toolbar/xToolbar.CAB

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* raportti
*
* Kerro mikä on tilanne ???
.

(:)

elchico_

Newbie

12. elokuuta 2009 @ 13:10

Linkki tähän viestiin

Seuraavassa javara sekä hijack -logit. Siivosin ccleanerilla ja tuntuu auttaneen jonkun verran. Prosessien määrä käynnistyksen yhteydessä ei tosin ole muuttunut, edelleen 39 (normaali?).

En pysty poistamaan joitakin ohjelmia(daemon tools)+tiedostoa mutta niihin löytynee ohjeet toisesta topicista.

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Aug 23 19:03:40 2008

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 12 12:33:43 2009

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Documents and Settings\Käyttäjä\Application Data\Sun\Java\jre1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:51, on 12.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Ohjelmat\vpn\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Ohjelmat\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6701 bytes

elchico_

Newbie

12. elokuuta 2009 @ 13:11

Linkki tähän viestiin

tuplat.

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. elokuuta 2009 @ 13:13

AfterDawn Addict

12. elokuuta 2009 @ 13:35

Linkki tähän viestiin

Jos et tarvitse DAEMON Toolssia ollenkaan, niin
sen voit poistaa Lisää / Poista sovellus ohjelmalla.
Muussa tapauksessa se pitää ensin sammuttaa alapalkista.

Sitten nämäkin joutaa:
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

---------------------------------------------------------------------

Tehtävien hallinnassa =>
n. 40 prosessia käynnissä on normaali.
Järjestelmän vapaa prosessi n. 97 - 100%

Suorituskyky välilehdellä
PF Usage n. 700 Mt käytössä.
. ???

(:)

elchico_

Newbie

12. elokuuta 2009 @ 13:55

Linkki tähän viestiin

Daemon ei näy ollenkaan lisää/poista sovelluksia ikkunassa. Käynnistä valikosta daemon tools->uninstall->setup is unable to validate installation.
Lisäksi daemon tools pukkaa aina virheilmoituksen ruudulle, kun kone on avattu.

--------------------------
Prosessit on siis ok.

---------------------------

Vielä sellaista, että onko minulla liikaa turhia virustorjuntaohjelmia kun löytyy spybot, zonealarm, avast ja malwarebytes?

------------------------------

Jaahas, nyt ei näy ollenkaan cd/dvd-asemaa.. Mikä auttaisi?

Suurkiitokset avusta tähän asti!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. elokuuta 2009 @ 14:19

AfterDawn Addict

12. elokuuta 2009 @ 14:35

Linkki tähän viestiin

ZoneAlarm ja Avast on parhaastapäästä suojia.

Paitsi Zone ei näytä olevan käynnissä !!!!

Onko Z-seta alapalkissa ????

Varmista winukan tietoturva keskuksesta mikä tilanne.

Vaikuttaa huolestuttavalta ammattilaisen jäljiltä ???

Kerro !!!
.

(:)

elchico_

Newbie

12. elokuuta 2009 @ 14:58

Linkki tähän viestiin

Tietoturvakeskuksen mukaan zone alarm firewall on käytössä. Alhaalla ei tosiaan ole Zetaa, joskus se siellä kylläkin oli. Kone oli huollossa vain sen kovalevyongelman takia, liikkeessä sitten huomasivat sen viruksen ja poistivat. Oman ajanpuutteen takia koneelle ei siellä tehty enempää.

------------------------------

Voin siis poistaa spybotin ja malwarebytesin.

------------------------------

CD-aseman katoaminen mietityttää edelleen.

AfterDawn Addict

12. elokuuta 2009 @ 16:11

Linkki tähän viestiin

Älä poista => malwarebytesin.
Sillä voi scannata kerran kuussa tai heti kun tuntuu
oudolta. Päivittää vain ensin tunnisteet.

SpyyBotti ei ole sulla actiivisena niinkuin ei Zonekaan !!!!

Mene Käynnistä ja kaikkiohjelmat.
sieltä Zone ja käynnistä Zone Z
Tuliko alapalkkiin => Z.

Jos tuli laita uusi HJT logi.
.

(:)

elchico_

Newbie

12. elokuuta 2009 @ 16:50

Linkki tähän viestiin

Spybotin poistin ja käynnistin zone alarmin, nyt on zeta alhaalla. Laitoin ruksin kohtaan load zone alarm at startup->nyt ilmeisesti lähtee käyntiin winukan tahdissa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:16, on 12.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Ohjelmat\vpn\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Ohjelmat\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6693 bytes

AfterDawn Addict

12. elokuuta 2009 @ 18:39

Linkki tähän viestiin

Oikein hyvä !!!
Nyt virusturvan perus osat on kunnossa.

-------------------------------------------------------

Hiiren oikealla napilla Daemontools kuvaketta alapalkissa ja
sieltä asetukset. Ruxit pois Yleinen jokakohdasta.

koneen uudelleen käynnistys.

Aja tuolta =>
C:\Program Files\DAEMON Tools\uninst.exe

----------------------------------------------------------

Olisko noista apuja CD / DVD:lle TÄÄLLÄ

ettei tarviisi mennä rekisteriin.
???
.

(:)

elchico_

Newbie

12. elokuuta 2009 @ 19:36

Linkki tähän viestiin

Daemnon toolsia ei ole enää alapalkissa ollut pitkään aikaan. Olisinko mahdollisesti poistanut sen/joitakin osia joskus, koska ohjelma herjaa jotain käynnistettäessä eikä sitä pysty poistamaankaan. Daemonia ei siis ole lisää/poista sovellus listassa.

-------------------------------------------

Eipä auttanut tuo cd/dvd-aseman kanssa. En kokeillut sitä korjaa itse-kohtaa.

AfterDawn Addict

13. elokuuta 2009 @ 15:03

Linkki tähän viestiin

Rekisteri muutokse vaativat aina koneen uudelleen käynnistämisen

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

:regfind

DAEMON



:dir

C:\WINDOWS\system32\drivers\etc /s

E:\Ohjelmat\DAEMON Tools /s



:reg

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)
.

(:)

elchico_

Newbie

13. elokuuta 2009 @ 17:58

Linkki tähän viestiin

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 17:57 on 13/08/2009 by Käyttäjä (Administrator - Elevation successful)

========== regfind ==========

Searching for "DAEMON"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
"@"=="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
"@"=="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
"@"=="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E56829C9-2D59-11d2-BE38-3078302C2030}]
"@"=="Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
[HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
hosts --a--- 4033 bytes [12:00 15/09/2004] [09:51 03/08/2007]
lmhosts.sam --a--- 3705 bytes [12:00 15/09/2004] [12:00 15/09/2004]
networks --a--- 416 bytes [12:00 15/09/2004] [12:00 15/09/2004]
protocol --a--- 829 bytes [12:00 15/09/2004] [12:00 15/09/2004]
services --a--- 7151 bytes [12:00 15/09/2004] [12:00 15/09/2004]

No folders found.

E:\Ohjelmat\DAEMON Tools - Parameters: "/s"

---Files---
daemon.dll --a--- 351640 bytes [15:38 10/12/2005] [15:38 10/12/2005]
daemon.exe --a--- 133016 bytes [14:57 10/12/2005] [14:57 10/12/2005]
pfctoc.dll --a--- 167936 bytes [21:38 25/02/2005] [21:38 25/02/2005]
uninst.exe --a--- 99670 bytes [09:01 02/09/2006] [09:01 02/09/2006]

E:\Ohjelmat\DAEMON Tools\Icons d----- [09:01 02/09/2006]
tray1.ico --a--- 318 bytes [22:29 27/01/2005] [22:29 27/01/2005]
tray2.ico --a--- 318 bytes [22:29 27/01/2005] [22:29 27/01/2005]

E:\Ohjelmat\DAEMON Tools\Lang d----- [09:01 02/09/2006]
1033.dll --a--- 8256 bytes [10:30 20/11/2005] [10:30 20/11/2005]

E:\Ohjelmat\DAEMON Tools\Plugins d----- [09:01 02/09/2006]

E:\Ohjelmat\DAEMON Tools\Plugins\Images d----- [09:01 02/09/2006]
bw5mount.dll --a--- 7168 bytes [09:17 27/07/2005] [09:17 27/07/2005]
ccdmount.dll --a--- 7168 bytes [00:38 28/01/2005] [00:38 28/01/2005]
mdsmount.dll --a--- 20992 bytes [04:11 04/03/2005] [04:11 04/03/2005]
nrgmount.dll --a--- 12288 bytes [06:40 01/08/2005] [06:40 01/08/2005]
pdimount.dll --a--- 7680 bytes [00:38 28/01/2005] [00:38 28/01/2005]

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Icon"="-51"
"Installer32"="storprop.dll,DvdClassInstaller"
"NoInstallClass"="1"
"SilentInstall"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
@="DVD- ja CD-asemat"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0002]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]

-=End Of File=-

AfterDawn Addict

14. elokuuta 2009 @ 13:02

Linkki tähän viestiin

5 Vuotta vanha HOSTS !!!

* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.

Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt tai n.1700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

-----------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
Folder::
E:\Ohjelmat\DAEMON Tools
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]
[-HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

------------------------------------------------------------------------------------

Login mukaan romppuasema on ok.

Lähetä =>
(C:\ComboFix.txt)

.

(:)

elchico_

Newbie

14. elokuuta 2009 @ 13:51

Linkki tähän viestiin

ComboFix 09-08-10.06 - Käyttäjä 14.08.2009 13:40.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.661 [GMT 3:00]
Running from: c:\documents and settings\Käyttäjä\Työpöytä\ComboFix.exe
Command switches used :: c:\documents and settings\Käyttäjä\Työpöytä\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Installer\1137f8c.msi
c:\windows\Installer\13211b.msi
c:\windows\Installer\220aa46.msi
e:\ohjelmat\DAEMON Tools
e:\ohjelmat\DAEMON Tools\daemon.dll
e:\ohjelmat\DAEMON Tools\daemon.exe
e:\ohjelmat\DAEMON Tools\Icons\tray1.ico
e:\ohjelmat\DAEMON Tools\Icons\tray2.ico
e:\ohjelmat\DAEMON Tools\Lang\1033.dll
e:\ohjelmat\DAEMON Tools\pfctoc.dll
e:\ohjelmat\DAEMON Tools\Plugins\Images\bw5mount.dll
e:\ohjelmat\DAEMON Tools\Plugins\Images\ccdmount.dll
e:\ohjelmat\DAEMON Tools\Plugins\Images\mdsmount.dll
e:\ohjelmat\DAEMON Tools\Plugins\Images\nrgmount.dll
e:\ohjelmat\DAEMON Tools\Plugins\Images\pdimount.dll
e:\ohjelmat\DAEMON Tools\uninst.exe

----- BITS: Possible infected sites -----

hxxp://sync.avustaja.sonera.fi

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-12 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 14:56 . 2009-08-12 14:56 -------- d-----w- c:\program files\AskBarDis
2009-08-12 12:21 . 2006-10-02 10:44 5120 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-12 09:39 . 2009-08-12 09:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 20:12 . 2009-08-11 20:12 -------- d-----w- c:\windows\system32\NtmsData
2009-08-11 16:25 . 2009-08-11 16:25 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:02 . 2009-07-17 19:02 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 10:45 . 2007-08-13 14:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-13 18:14 . 2004-09-15 12:00 49574 ----a-w- c:\windows\system32\perfc00B.dat
2009-08-13 18:14 . 2004-09-15 12:00 286308 ----a-w- c:\windows\system32\perfh00B.dat
2009-08-12 15:33 . 2007-12-13 19:32 16680199 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-12 12:46 . 2007-03-31 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-12 10:38 . 2007-11-01 10:21 -------- d-----w- c:\program files\DivX
2009-08-12 09:39 . 2007-03-05 19:55 -------- d-----w- c:\program files\Java
2009-08-11 20:23 . 2006-05-08 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 20:22 . 2008-09-18 09:04 -------- d-----w- c:\program files\Common Files\Apple
2009-08-11 20:22 . 2007-05-01 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-11 20:11 . 2006-05-24 11:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-05 09:00 . 2004-09-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:02 . 2004-09-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2004-09-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:04 . 2006-11-25 10:37 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-13 09:04 . 2006-06-17 11:58 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-13 09:04 . 2006-05-24 13:01 -------- d-----w- c:\program files\Nokia
2009-07-13 09:03 . 2006-11-05 12:39 -------- d-----w- c:\program files\DIFX
2009-07-13 09:01 . 2008-09-19 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-13 09:01 . 2009-07-13 09:01 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-13 09:01 . 2009-07-13 09:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-13 09:01 . 2009-07-13 09:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-13 09:01 . 2009-07-13 09:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-13 09:00 . 2009-07-13 09:01 33848496 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fin.exe
2009-07-03 16:58 . 2004-09-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:39 . 2004-09-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-09-15 12:00 76800 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2004-09-15 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:21 . 2006-05-08 12:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-09-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:27 . 2006-08-30 06:40 1024 ----a-w- c:\windows\system32\drivers\sptd2109.sys
2009-06-03 19:10 . 2004-09-15 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 15:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-5-8 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Ohjelmat\\Utorrent\\uTorrent.exe"=
"e:\\HalfLife2\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11.8.2009 19:25 33408]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.8.2008 17:28 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12.8.2009 17:56 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2008 17:28 20560]
R2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\program files\Sonera\InternetAvustaja\bin\sprtsvc.exe [3.11.2008 12:37 202016]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [7.9.2006 20:31 162176]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys --> c:\windows\system32\drivers\bdacap.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\DRIVERS\GLKbFilter.sys --> c:\windows\system32\DRIVERS\GLKbFilter.sys [?]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.fi:8080
uInternet Settings,ProxyOverride = *.fi;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\0kscl6bv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phnet.fi/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 13:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,c7,c9,fc,c7,77,39,d7,91,73,a9,fe,29,72,87,c7,8d,e9,55,69,a2,0b,0f,
d5,d6,27,49,a1,64,28,c4,4e,da,04,a0,4f,ce,ca,73,f9,c4,bf,92,58,68,9c,c4,f8,\
"??"=hex:70,b9,ab,df,d8,21,d8,6e,2a,6b,7a,45,ab,1a,1a,9f

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\???|ÿÿÿÿ"??|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Completion time: 2009-08-14 13:47
ComboFix-quarantined-files.txt 2009-08-14 10:47

Pre-Run: 27 003 801 600 tavua vapaana
Post-Run: 28 316 217 344 tavua vapaana

193 --- E O F --- 2009-08-12 21:32

AfterDawn Addict

14. elokuuta 2009 @ 15:21

Linkki tähän viestiin

Vieläkö DAEMONi herjaa ????

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
Folder::
c:\program files\AskBarDis
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

REGLOCK::
[HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä =>

Joko romppuasema näkyy

(C:\ComboFix.txt)

.

(:)

elchico_

Newbie

14. elokuuta 2009 @ 15:42

Linkki tähän viestiin

Daemon ei herjaa enää ja poistettu onnistuneesti.
-------------------------------------------------

cd/dvd-asemaa ei näy vieläkään. Pitää katsoa olisiko biosista joku asetus vinksallaan sen viruksen takia? Ennen huoltoon lähtöä bios ei tunnistanut kovalevyä siinä biosin boot-järjestys kohdassa.

------------------------------------------------------

ComboFix 09-08-10.06 - Käyttäjä 14.08.2009 15:28.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.587 [GMT 3:00]
Running from: c:\documents and settings\Käyttäjä\Työpöytä\ComboFix.exe
Command switches used :: c:\documents and settings\Käyttäjä\Työpöytä\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\001193B1
c:\program files\AskBarDis\bar\Cache\00119680.bin
c:\program files\AskBarDis\bar\Cache\00119901.bin
c:\program files\AskBarDis\bar\Cache\00119AE5.bin
c:\program files\AskBarDis\bar\Cache\00119CD9.bin
c:\program files\AskBarDis\bar\Cache\00119F4A.bin
c:\program files\AskBarDis\bar\Cache\0011A11F.bin
c:\program files\AskBarDis\bar\Cache\0011A2F4.bin
c:\program files\AskBarDis\bar\Cache\0011A4D8.bin
c:\program files\AskBarDis\bar\Cache\0011A6AD.bin
c:\program files\AskBarDis\bar\Cache\0011A824.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskBarDis\zonealarm.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKService
-------\Service_ASKService

((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 12:29 . 2009-08-14 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-12 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 12:21 . 2006-10-02 10:44 5120 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-12 09:39 . 2009-08-12 09:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 20:12 . 2009-08-11 20:12 -------- d-----w- c:\windows\system32\NtmsData
2009-08-11 16:25 . 2009-08-11 16:25 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:02 . 2009-07-17 19:02 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 12:34 . 2007-08-13 14:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-13 18:14 . 2004-09-15 12:00 49574 ----a-w- c:\windows\system32\perfc00B.dat
2009-08-13 18:14 . 2004-09-15 12:00 286308 ----a-w- c:\windows\system32\perfh00B.dat
2009-08-12 15:33 . 2007-12-13 19:32 16680199 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-12 12:46 . 2007-03-31 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-12 10:38 . 2007-11-01 10:21 -------- d-----w- c:\program files\DivX
2009-08-12 09:39 . 2007-03-05 19:55 -------- d-----w- c:\program files\Java
2009-08-11 20:23 . 2006-05-08 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 20:22 . 2008-09-18 09:04 -------- d-----w- c:\program files\Common Files\Apple
2009-08-11 20:22 . 2007-05-01 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-11 20:11 . 2006-05-24 11:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-05 09:00 . 2004-09-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:02 . 2004-09-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2004-09-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:04 . 2006-11-25 10:37 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-13 09:04 . 2006-06-17 11:58 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-13 09:04 . 2006-05-24 13:01 -------- d-----w- c:\program files\Nokia
2009-07-13 09:03 . 2006-11-05 12:39 -------- d-----w- c:\program files\DIFX
2009-07-13 09:01 . 2008-09-19 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-13 09:01 . 2009-07-13 09:01 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-13 09:01 . 2009-07-13 09:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-13 09:01 . 2009-07-13 09:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-13 09:01 . 2009-07-13 09:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-13 09:00 . 2009-07-13 09:01 33848496 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fin.exe
2009-07-03 16:58 . 2004-09-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:39 . 2004-09-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-09-15 12:00 76800 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2004-09-15 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:21 . 2006-05-08 12:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-09-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:27 . 2006-08-30 06:40 1024 ----a-w- c:\windows\system32\drivers\sptd2109.sys
2009-06-03 19:10 . 2004-09-15 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_10.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 12:33 . 2009-08-14 12:33 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2009-08-14 12:33 . 2009-08-14 12:33 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
+ 2009-08-14 12:32 . 2009-08-14 12:32 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-14 12:32 . 2009-08-14 12:32 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-14 12:32 . 2009-08-14 12:32 376832 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-14 12:32 . 2009-08-14 12:32 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-14 12:32 . 2009-08-14 12:32 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-14 12:32 . 2009-08-14 12:32 8888320 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-5-8 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Ohjelmat\\Utorrent\\uTorrent.exe"=
"e:\\HalfLife2\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11.8.2009 19:25 33408]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.8.2008 17:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2008 17:28 20560]
R2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\program files\Sonera\InternetAvustaja\bin\sprtsvc.exe [3.11.2008 12:37 202016]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [7.9.2006 20:31 162176]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys --> c:\windows\system32\drivers\bdacap.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\DRIVERS\GLKbFilter.sys --> c:\windows\system32\DRIVERS\GLKbFilter.sys [?]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.fi:8080
uInternet Settings,ProxyOverride = *.fi;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\0kscl6bv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phnet.fi/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 15:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,c7,c9,fc,c7,77,39,d7,91,73,a9,fe,29,72,87,c7,8d,e9,55,69,a2,0b,0f,
d5,d6,27,49,a1,64,28,c4,4e,da,04,a0,4f,ce,ca,73,f9,c4,bf,92,58,68,9c,c4,f8,\
"??"=hex:70,b9,ab,df,d8,21,d8,6e,2a,6b,7a,45,ab,1a,1a,9f

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\???|ÿÿÿÿ"??|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\ohjelmat\vpn\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-14 15:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 12:37
ComboFix2.txt 2009-08-14 10:47

Pre-Run: 28 323 917 824 tavua vapaana
Post-Run: 28 192 264 192 tavua vapaana

223 --- E O F --- 2009-08-12 21:32

Mainos

AfterDawn Addict

14. elokuuta 2009 @ 20:42

Linkki tähän viestiin

Kyllä tämä näiltäosin on kunnossa !!!

******************************************
Poistetaan roskat:
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

********************************************************

Tämä suoja sulta taitaa puuttua =>

Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataus ja ohjeet: TÄÄLTÄ

D:

(:)

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > liikaa prosesseja - haittaohjelmia?

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme

© 1999-2025 AfterDawn Oy