Kone hidastelee, voisko joku vilkasta HJT logia

pepper242 · Jun 9, 2008

Juu eli kone jumittaa ja on hidas. Superantispywarella ja f-securen ohjelmistolla tarkastettu ei löytyny mittään, joten tossa olis HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:40, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-796845957-1390067357-839522115-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{653CA7DB-5F60-48ED-A45E-87A3F06097D8}: NameServer = 195.226.224.72 195.226.224.76
O17 - HKLM\System\CS5\Services\Tcpip\..\{653CA7DB-5F60-48ED-A45E-87A3F06097D8}: NameServer = 195.226.224.72 195.226.224.76
O17 - HKLM\System\CS8\Services\Tcpip\..\{653CA7DB-5F60-48ED-A45E-87A3F06097D8}: NameServer = 195.226.224.72 195.226.224.76
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7747 bytes

Hujo · Jun 9, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

pepper242 · Jun 9, 2008

mitäs tämä nyt sitten meinaa?

ComboFix 08-06-08.8 - El1as 2008-06-09 19:12:47.1 - NTFSx86

Running from: C:\Documents and Settings\El1as\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

2008-06-09 16:26 . 2008-06-09 16:26 <KANSIO> d-------- C:\Documents and Settings\Mape\Application Data\AdobeUM
2008-06-08 19:48 . 2008-06-09 08:55 <KANSIO> d-------- C:\Documents and Settings\Aleksis\Application Data\fretsonfire
2008-06-08 13:49 . 2008-06-08 13:49 <KANSIO> d-------- C:\Documents and Settings\Aleksis\Application Data\fizzy
2008-06-08 11:46 . 2008-06-08 11:46 <KANSIO> d-------- C:\Documents and Settings\Mape\Application Data\fizzy
2008-06-08 10:51 . 2008-06-08 10:51 <KANSIO> d-------- C:\Program Files\Google
2008-06-08 10:29 . 2008-06-08 10:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 10:28 . 2008-06-08 10:29 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 10:28 . 2008-06-08 10:28 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\SUPERAntiSpyware.com
2008-06-08 08:49 . 2008-06-08 13:06 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-08 08:49 . 2008-06-08 12:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 21:17 . 2008-06-07 21:17 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-06-07 21:17 . 2008-06-07 21:17 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\fizzy
2008-06-07 21:16 . 2008-06-07 21:16 <KANSIO> d-------- C:\Program Files\Fizzy
2008-06-07 21:04 . 2008-06-07 21:04 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-07 21:02 . 2008-06-07 21:02 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2008-06-07 21:00 . 2008-06-07 21:00 <KANSIO> d-------- C:\Program Files\Real
2008-06-07 21:00 . 2008-06-07 21:01 <KANSIO> d-------- C:\Program Files\Common Files\Real
2008-06-07 19:33 . 2008-06-07 19:33 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-07 19:33 . 2008-06-07 19:34 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-01 19:48 . 2008-06-01 19:49 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\fretsonfire
2008-05-27 13:47 . 2008-05-27 13:50 <KANSIO> d-------- C:\Documents and Settings\Mape\Application Data\fretsonfire
2008-05-17 10:44 . 2008-06-07 18:41 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\OpenOffice.org2
2008-05-17 10:33 . 2008-05-17 10:33 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\AdobeUM
2008-05-11 20:10 . 2008-05-11 20:10 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\Thunderbird
2008-05-11 09:47 . 2008-05-11 09:47 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\F-Secure
2008-05-10 16:44 . 2008-05-10 16:44 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\ATI
2008-05-10 13:58 . 2008-05-10 13:58 <KANSIO> d-------- C:\Documents and Settings\El1as\Application Data\Lavasoft
2008-05-10 13:55 . 2008-05-10 13:55 <KANSIO> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 06:52 --------- d-----w C:\Documents and Settings\Aleksis\Application Data\OpenOffice.org2
2008-06-08 09:40 --------- d-----w C:\Program Files\SpeedFan
2008-06-08 09:40 --------- d-----w C:\Program Files\GIMP-2.0
2008-06-08 08:10 --------- d-----w C:\Documents and Settings\Vesa\Application Data\OpenOffice.org2
2008-06-08 08:07 --------- d-----w C:\Documents and Settings\Vesa\Application Data\AdobeUM
2008-06-08 07:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 07:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 06:59 --------- d-----w C:\Program Files\DOSBox-0.63
2008-06-07 18:01 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-07 16:39 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2008-06-07 16:37 --------- d-----w C:\Program Files\EA SPORTS
2008-06-03 14:05 --------- d-----w C:\Program Files\Diablo II
2008-05-31 08:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-14 11:08 --------- d-----w C:\Documents and Settings\Sari\Application Data\OpenOffice.org2
2008-05-06 16:29 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 16:49 --------- d-----w C:\Documents and Settings\Sari\Application Data\AdobeUM
2008-04-17 12:28 --------- d-----w C:\Documents and Settings\Mape\Application Data\dvdcss
2008-04-14 15:43 --------- d-----w C:\Documents and Settings\Sari\Application Data\dvdcss
2008-04-14 15:27 --------- d-----w C:\Documents and Settings\Sari\Application Data\vlc
2008-04-14 11:12 --------- d-----w C:\Program Files\Java
2008-04-12 11:16 --------- d-----w C:\Program Files\WordView
2008-04-11 12:18 --------- d-----w C:\Program Files\Rockstar Games
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 13:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-12 13:01 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-06 11:01 1,364,772 ----a-w C:\Program Files\park-a-lot-2.exe
2008-01-06 10:59 1,145,125 ----a-w C:\Program Files\presidential-knockout.exe
2008-01-05 14:14 1,749,104 ----a-w C:\Program Files\bush-shoot-out.exe
2008-01-05 07:06 792,738 ----a-w C:\Program Files\monkey-lander.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 11:37 28672]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 16:28 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 16:27 895600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 06:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-07 21:00 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 11:37 28672]

C:\Documents and Settings\Aleksis\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 22:26:34 393216]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 11:37:26 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\HL\\hltv.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HL\\hl.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6:TCP"= 6:TCP:dc++

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0ac47ef-d27d-11dc-ad99-cfe99faddb70}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:18:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 19:26:08
ComboFix-quarantined-files.txt 2008-06-09 16:25:01

Pre-Run: 80,194,711,552 tavua vapaana
Post-Run: 80,227,155,968 tavua vapaana

138 --- E O F --- 2008-05-22 15:44:11

Hujo · Jun 9, 2008

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

=================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

Log in or Sign up

Kone hidastelee, voisko joku vilkasta HJT logia

pepper242 Member

Hujo Guest

pepper242 Member

Hujo Guest

Share This Page

Log in or Sign up

Kone hidastelee, voisko joku vilkasta HJT logia

pepper242 Member

Hujo Guest

pepper242 Member

Hujo Guest

Share This Page

Useful Searches