Kone hidastelee. Neuvoja fiksaamiseen kaivataan. Tässä lokeja ja kysymyksiä...

tapio666 · Aug 31, 2008

Eli mulla on tässä HJT ja Combofix lokit.

Olisi todella mukavaa mikäli joku Expertti Pentti kykenisi kertomaan mitä turhaa tuolta HJT logista vois fixata tai mitä tuo Comfix kertoo mun koneesta.

Kaikki levyn eheytykset, malwarebytes anti-malmvare jutut on tehty, ei mitään löydy. Koneessa virustorjuntana Avast, palomuurina ZoneAlarm. Kysyisin että voinko poistaa ohjelman nimeltä Hydravision, vai onko koneen käyttäjiä jotka sitä tarvitsevat??

Ja muutenkin jotta onko tuolla lokissa ohjelmia joita voisin poistaa kun en konetta halua käyttää muuta kuin pelaamiseen, surffaamiseen, leffojen katteluun ja mesettelyyn.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:32, on 31.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919192
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki - {B6D7B3D0-EA8C-43DB-BD2E-E1EF6821F280} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5165 bytes

-----

ComboFix 08-08-30.03 - Essi 2008-08-31 13:20:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.55 [GMT 3:00]
Running from: C:\Documents and Settings\Essi\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-28 to 2008-08-31 )))))))))))))))))
.

2008-08-30 20:56 . 2008-08-30 21:03 <KANSIO> d-------- C:\Program Files\VS Revo Group
2008-08-29 20:12 . 2008-08-29 20:12 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-08-29 20:12 . 2008-08-29 20:12 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-08-28 20:19 . 2008-04-14 19:11 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 20:18 . 2008-04-14 19:11 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 20:18 . 2008-04-14 19:11 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-28 20:16 . 2008-04-14 19:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-08-28 20:16 . 2008-04-13 21:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-28 20:15 . 2008-04-14 19:11 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 20:15 . 2008-04-14 19:11 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-08-28 20:14 . 2008-04-14 19:11 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 20:14 . 2008-04-14 19:11 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-08-28 20:14 . 2008-04-14 19:11 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-08-28 20:14 . 2008-04-14 19:11 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-08-28 20:14 . 2008-04-14 19:11 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 20:12 . 2008-04-14 19:11 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-28 20:12 . 2008-04-14 19:11 195,072 --------- C:\WINDOWS\system32\napmontr.dll
2008-08-28 20:12 . 2008-04-14 19:12 176,128 --------- C:\WINDOWS\system32\napstat.exe
2008-08-28 20:12 . 2008-04-14 18:45 80,384 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 20:12 . 2008-04-14 18:46 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-28 20:12 . 2008-04-14 19:11 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-08-28 20:11 . 2008-04-14 19:11 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-08-28 20:10 . 2008-04-14 19:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-28 20:10 . 2008-04-14 19:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 20:10 . 2008-04-14 19:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 20:10 . 2008-04-14 19:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 20:08 . 2008-04-14 19:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 20:08 . 2008-04-14 19:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 20:08 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 20:08 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 20:08 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 20:08 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 20:07 . 2008-04-14 19:11 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-28 20:07 . 2008-04-14 19:11 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-28 20:07 . 2008-04-14 18:52 1,950 --------- C:\WINDOWS\system32\pid.inf
2008-08-28 20:06 . 2008-04-13 19:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-28 20:05 . 2008-04-14 19:11 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 20:05 . 2008-04-14 19:11 179,200 --------- C:\WINDOWS\system32\eapphost.dll
2008-08-28 20:05 . 2008-04-14 19:11 126,976 --------- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 20:05 . 2008-04-14 19:11 94,208 --------- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 20:05 . 2008-04-14 19:11 59,392 --------- C:\WINDOWS\system32\eapqec.dll
2008-08-28 20:05 . 2008-04-14 19:11 40,960 --------- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 20:05 . 2008-04-14 19:11 33,280 --------- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 20:05 . 2008-04-14 19:11 30,720 --------- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 20:05 . 2006-12-28 22:01 19,569 --a------ C:\WINDOWS\005927_.tmp
2008-08-28 20:04 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 20:04 . 2008-04-14 19:11 132,608 --------- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 20:04 . 2008-04-14 19:11 58,880 --------- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 20:04 . 2008-04-14 19:11 56,320 --------- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 20:04 . 2008-04-14 19:11 48,640 --------- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 20:04 . 2008-04-14 19:11 39,936 --------- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 20:04 . 2008-04-14 19:11 39,936 --------- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 20:04 . 2008-04-14 19:11 26,112 --------- C:\WINDOWS\system32\dot3api.dll
2008-08-28 20:04 . 2008-04-14 19:11 19,456 --------- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 20:04 . 2008-04-14 19:11 9,216 --------- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 20:03 . 2008-04-14 19:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-08-28 20:02 . 2008-04-14 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-28 20:02 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 20:00 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-14 22:18 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 23:50 . 2008-08-11 23:50 <KANSIO> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-11 15:28 . 2008-08-11 15:28 <KANSIO> d-------- C:\Program Files\CCleaner
2008-08-10 03:17 . 2008-08-10 03:17 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-08-10 03:17 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-10 03:17 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-08-10 03:17 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-08-10 01:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-09 12:24 . 2008-08-31 13:26 5,136,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 12:24 . 2008-08-31 13:25 62,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 12:19 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-08-09 12:18 . 2008-08-09 12:18 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-08-08 23:53 . 2008-08-30 18:34 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 23:53 . 2008-08-08 23:53 <KANSIO> d-------- C:\Documents and Settings\Pete\Application Data\Malwarebytes
2008-08-08 23:53 . 2008-08-08 23:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 23:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-08 23:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-08 22:50 . 2008-08-08 22:50 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-05 21:21 . 2008-08-05 21:21 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-05 21:21 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-05 21:20 . 2008-08-05 21:20 <KANSIO> d-------- C:\Documents and Settings\Pete\Application Data\TuneUp Software
2008-08-05 21:20 . 2008-08-05 21:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-05 21:19 . 2008-08-30 15:03 <KANSIO> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-07 23:28 . 2008-07-07 23:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 20:50 . 2008-07-06 20:50 <KANSIO> d-------- C:\Documents and Settings\Essi\usernotes

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 18:07 --------- d-----w C:\Program Files\Winamp
2008-08-30 18:03 --------- d-----w C:\Program Files\VS Revo Group
2008-08-30 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-08-20 20:27 --------- d-----w C:\Program Files\B2BPOKER
2008-08-11 20:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-11 19:24 --------- d-----w C:\Program Files\Poker Evolver
2008-08-09 22:17 --------- d-----w C:\Program Files\Java
2008-08-09 09:32 --------- d-----w C:\Program Files\Lavasoft
2008-08-09 09:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\B2BPOKER\\Redbet\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 l8042prt;Logitech-näppäimistö ja PS/2-hiiriporttiohjain;C:\WINDOWS\system32\DRIVERS\l8042prt.sys [1998-03-11 16:53]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-05 21:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
'Ajoitetut teht„v„t'-kansion sis„lt”

2008-08-31 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\nirh9qux.Oletuskäyttäjä\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 13:27:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-31 13:35:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 10:35:35

Pre-Run: 8,921,755,648 tavua vapaana
Post-Run: 8,822,558,720 tavua vapaana

189 --- E O F --- 2008-08-30 12:00:41

Hujo · Aug 31, 2008

avast tarkista että on taustasuojaus päällä kun ei näy 04 rivillä

tapio666 · Aug 31, 2008

Juu, eli kun olin Combofixin laittanu rullaan niin oli jostain syystä tuo avastin jatkuva taustasuojaus menny pois päältä. Se on nyt kunnossa. Tässä siis nyt aivan tuorein HJT loki-----> Olen näitä ketjuja selaillut ja pyrkinyt tekemään kaikki mahdolliset skannaukset ja siivoukset. Pitäisikö tuosta HJT jutusta jotain fixata, vai näilläkö mennään???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:43, on 31.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919192
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki - {B6D7B3D0-EA8C-43DB-BD2E-E1EF6821F280} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5274 bytes

Hujo · Aug 31, 2008

tuosta voi fixsata

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Tuki - {B6D7B3D0-EA8C-43DB-BD2E-E1EF6821F280} - http://tuki.elisa.net/ (file missing) (HKCU)

Log in or Sign up

Kone hidastelee. Neuvoja fiksaamiseen kaivataan. Tässä lokeja ja kysymyksiä...

tapio666 Guest

Hujo Guest

tapio666 Guest

Hujo Guest

Share This Page

Log in or Sign up

Kone hidastelee. Neuvoja fiksaamiseen kaivataan. Tässä lokeja ja kysymyksiä...

tapio666 Guest

Hujo Guest

tapio666 Guest

Hujo Guest

Share This Page

Useful Searches