Kone tekee ihmejuttuja käynnistäessä

Viitsiikö joku katsoa ton login ja kertoa mitä pitäis tehdä ja mitä on tehtävissä? Niin ja kone käynnistäessä herjaa jotain ihme run32.dll varoitusjuttua, mutta kaksi kertaa painaessa OK ei tulee enää esiin. Mut tässä on tää logi nyt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:48, on 30.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Crypto Pro\CSP\cprmcsp.exe
C:\Program Files\Crypto Pro\CSP\cpinit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Interserver.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
D:\hjt2.0\CCleaner\CCleaner.exe
C:\Program Files\Messenger\msmsgs.exe
D:\hjt2.0\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afterdawn.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ññûëêè
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ndetect.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EAF6278-BD19-4153-BA3B-9B850F31E67B} - (no file)
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - (no file)
O2 - BHO: nhmxajkl.dll - {17AC9076-C898-B098-D098-A18319080971} - (no file)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - (no file)
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Surfer Class - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\jYkY6dBu16_2026.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: ABho Class - {A303AF11-721F-4185-B87B-5027CE6EE538} - C:\WINDOWS\system32\dfrgflat.cpl
O2 - BHO: BHO Class - {BCBD80C9-6AD7-48ed-8DF1-6963414B3649} - C:\WINDOWS\system32\flym.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ßðëûê äëÿ ñòðàíèöû ñâîéñòâ High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKLM\..\Policies\Explorer\Run: [Task] C:\DOCUME~1\Larissa\taskmgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [poym6hd] rundll32 "C:\WINDOWS\Downlo~1\poym6hd.dll",Run
O4 - HKLM\..\Policies\Explorer\Run: [qd3d09jd] rundll32 "C:\WINDOWS\Downlo~1\qd3d09jd.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [Ibmserver] C:\WINDOWS\system32\Interserver.exe
O4 - HKLM\..\Policies\Explorer\Run: [Updateserver] C:\WINDOWS\system32\Internserver.exe
O4 - HKCU\..\Policies\Explorer\Run: [Task] C:\DOCUME~1\Larissa\taskmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: Start HASP-Emu.lnk = C:\Program Files\Sable\WINNT\startnt.bat
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Ýêñïîðò â Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ò×Ȥ¹ºÎï - C:\Program Files\AD4All\link1\ebaylink.htm
O9 - Extra button: ֪ʶ¿â - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C40CBEE-217C-4F7C-8F29-56243F25C20A}: NameServer = 192.168.31.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysDaJHv.dll,msosdrop00.dll SysWoWaVi.dll,nicozftp00.dll,msoscqit00.dll,msosptfs00.dll,msosfmsq00.dll,fmsiocps.dll,qfjrds.dll rxjh.dll,tisqatyu.dll rxjh.dll tmz.dll,nhmxajkl.dll tmz.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Ñëóæáà èíèöèàëèçàöèè Êðèïòî-Ïðî CSP (cpinit) - Êîìïàíèÿ Êðèïòî-Ïðî - C:\Program Files\Crypto Pro\CSP\cpinit.exe
O23 - Service: Ñëóæáà õðàíåíèÿ è èñïîëüçîâàíèÿ êëþ÷åé Êðèïòî-Ïðî CSP (cprmcsp) - Êîìïàíèÿ Êðèïòî-Ïðî - C:\Program Files\Crypto Pro\CSP\cprmcsp.exe
O23 - Service: Æóðíàë ñîáûòèé (Eventlog) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Ñëóæáà COM çàïèñè êîìïàêò-äèñêîâ IMAPI (ImapiService) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\imapi.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\services.exe
O23 - Service: Äèñïåò÷åð ñåàíñà ñïðàâêè äëÿ óäàëåííîãî ðàáî÷åãî ñòîëà (RDSessMgr) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Ñìàðò-êàðòû (SCardSvr) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sdb server: SDBSERV (sdbserv SDBSERV) - UCS - C:\UCS\SDBSrv\sdbserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Æóðíàëû è îïîâåùåíèÿ ïðîèçâîäèòåëüíîñòè (SysmonLog) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Òåíåâîå êîïèðîâàíèå òîìà (VSS) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Àäàïòåð ïðîèçâîäèòåëüíîñòè WMI (WmiApSrv) - Êîðïîðàöèÿ Ìàéêðîñîôò - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 12923 bytes

 

Omalla koneellani (XP) ei ole tuollaista tiedostoa kuin: "run32.dll" ainoa tuota muistuttava on: "rundll32.exe."
Oletko varma ettet ole mennyt lopettamaan tuollaista kuin rundll32.exe prosessia? Olen kuullut että kun menee lopettamaan tuollaisen prosessin joka on "windows" kansiossa, niin voi aiheuttaa ikäviä temppuja.

 

Ompa hurjan näköistä !!!

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Crypto Pro
NOD32 (Eset)


-----------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

-------------------------------------------------

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

----------------------------------------------

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*