Kun mikään ei auta!

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by JoNazs, Nov 2, 2008.

  1. JoNazs

    JoNazs Member

    Joined:
    Oct 3, 2006
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    16
    Ei enää omat taidot tunnu riittävän. Olen ajanut koneen läpi seuraavilla ohjelmilla tältä sivustolta saamieni ohjeiden mukaan: AVG, Cureit ja CCleaner. Lisäksi olen tutkinut EasyCleanerilla josko turhaa rekisteriä löytyisi.

    Tästä huolimatta kone tuntuu äärimmäisen rasakaalta käyttää :(

    Tässä HJT-logi:



    Logfile of HijackThis v1.99.1
    Scan saved at 16:05:10, on 2.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    E:\AntiVirukset\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    E:\AntiVirukset\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\AntiVirukset\AVG Anti-Spyware 7.5\avgas.exe
    E:\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\Pakkaus\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\P2P\Client Manager3\cm3_tray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    E:\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    E:\Adobe\Photoshop CS3\Adobe Photoshop CS3\Photoshop.exe
    E:\Mozilla Firefox\firefox.exe
    E:\AntiVirukset\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AntiVirukset\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [b8df1bf5] rundll32.exe "C:\WINDOWS\system32\kwykjjmf.dll",b
    O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: xpjndt.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AntiVirukset\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    JoNazs, Nov 2, 2008
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Tauhkaa on !!!


    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

    ------------------------------------------------------------------

    1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
    Linkki 1
    Linkki 2
    Linkki 3

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    -----------------------------------------------------------------

    Poista ne rivit jotka on jäljellä:
    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office\Office12\GrooveMonitor.exe"
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    *
     
    kalminen, Nov 2, 2008
    #2
  3. JoNazs

    JoNazs Member

    Joined:
    Oct 3, 2006
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    16
    No niin... Tässä on nyt ne kolme eri lokia:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:04:40, on 3.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    E:\ANTIVI~1\AVGANT~1\avgrsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    E:\AntiVirukset\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\ANTIVI~1\AVGANT~1\avgtray.exe
    E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
    E:\Pakkaus\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\P2P\Client Manager3\cm3_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    E:\AntiVirukset\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
    O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll rmicnh.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    ____________________________________________________________________

    Malwarebytes' Anti-Malware 1.30
    Tietokantaversio: 1357
    Windows 5.1.2600 Service Pack 2

    3.11.2008 6:28:10
    mbam-log-2008-11-03 (06-28-01).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
    Tarkistetut kohteet: 267809
    Kulunut aika: 2 hour(s), 27 minute(s), 18 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 7
    Saastuneita rekisteriavaimia: 15
    Saastuneita rekisteriarvoja: 1
    Saastuneita rekisterikohteita: 2
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 22

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\ddcdaArp.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\kwykjjmf.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\yypagdrh.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\xpjndt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rqRLcdAR.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\lhgjdixm.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rmicnh.dll (Trojan.Vundo) -> No action taken.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrlcdar (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72add93d-f306-4731-ba65-618975753acc} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{96dca48e-f85f-46d9-a315-5e0da32df718} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96dca48e-f85f-46d9-a315-5e0da32df718} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7db094b1-c3aa-487c-b75e-cb9654e1a6b4} (Trojan.Vundo) -> No action taken.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdaarp -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdaarp -> No action taken.

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\ddcdaArp.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\prAadcdd.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\prAadcdd.ini2 (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\kwykjjmf.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\fmjjkywk.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\yypagdrh.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\hrdgapyy.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\xpjndt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rqRLcdAR.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\lhgjdixm.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rmicnh.dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Joonas ja Piia\Local Settings\Temporary Internet Files\Content.IE5\SIKAFPDV\upd105320[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Joonas ja Piia\Local Settings\Temporary Internet Files\Content.IE5\WO65WH8I\nd82m0[1] (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{860247B8-C4D6-4B36-B831-6302D60D1F73}\RP313\A0057758.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\uwxkbqxy.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\khfDwWPI.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\knefvt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\porsmtxl.dll (Trojan.Vundo) -> No action taken.
    E:\Hex Workshop v5\Hex 4.2.3\Keygen.exe (Spyware.OnlineGames) -> No action taken.
    G:\Downloads\Office 2007 Enterprice Fin\crack.exe (Trojan.Dropper) -> No action taken.
    G:\Downloads\WinXP Manager 5.2.0\CORE10k.EXE (Trojan.Agent) -> No action taken.
    C:\Program Files\Common Files\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

    ____________________________________________________________________

    ComboFix 08-11-02.05 - Joonas ja Piia 2008-11-03 21:39:00.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT 2:00]
    Sijainti: e:\antivirukset\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Joonas ja Piia\Application Data\inst.exe
    c:\windows\system32\nrrintmr.ini
    E:\Autorun.inf
    G:\Autorun.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-10-03 to 2008-11-03 )))))))))))))))))
    .

    2008-11-02 21:09 . 2008-11-03 03:53 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-11-02 21:00 . 2008-11-02 21:00 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Malwarebytes
    2008-11-02 21:00 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-02 20:59 . 2008-11-02 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-02 20:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-02 16:38 . 2008-11-02 16:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-11-02 16:37 . 2008-11-03 15:45 <DIR> d-------- c:\windows\system32\drivers\Avg
    2008-11-02 16:37 . 2008-11-03 19:15 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\AVGTOOLBAR
    2008-11-02 16:37 . 2008-11-02 16:37 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-11-02 16:36 . 2008-11-02 16:36 <DIR> d-------- c:\program files\AVG
    2008-11-02 11:01 . 2008-11-02 11:01 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Reallusion
    2008-11-02 11:01 . 2008-11-02 11:12 43 --a------ c:\windows\FFS20ChtReg.ini
    2008-11-01 11:43 . 2008-11-01 11:43 <DIR> d-------- c:\program files\KarntheBetrayer
    2008-10-26 18:35 . 2008-10-26 18:35 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\Leadertech
    2008-10-23 17:43 . 2008-10-23 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
    2008-10-23 17:35 . 2008-10-23 17:35 0 --a------ c:\windows\ativpsrm.bin
    2008-10-23 17:09 . 2008-08-08 15:12 3,107,788 --a------ c:\windows\system32\ativva5x.dat
    2008-10-23 17:09 . 2008-08-08 15:12 887,724 --a------ c:\windows\system32\ativva6x.dat
    2008-10-23 17:09 . 2008-08-08 14:52 253,952 --a------ c:\windows\system32\atiok3x2.dll
    2008-10-23 17:09 . 2008-08-05 16:15 90,112 --a------ c:\windows\system32\ATIBRTMON.EXE
    2008-10-23 17:09 . 2008-08-08 14:58 48,640 --a------ c:\windows\system32\amdpcom32.dll
    2008-10-23 17:09 . 2008-11-03 06:37 47,604 --a------ c:\windows\system32\ativvaxx.cap
    2008-10-23 17:09 . 2008-08-08 14:53 35,328 --a------ c:\windows\system32\atiadlxx.dll
    2008-10-23 17:09 . 2008-07-24 05:01 14,505 --a------ c:\windows\atiogl.xml
    2008-10-21 15:34 . 2008-10-21 15:34 <DIR> d-------- c:\windows\Logs
    2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\windows\system32\Adobe
    2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\windows\Profiles
    2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- c:\documents and settings\Joonas ja Piia\Application Data\InterTrust
    2008-10-04 23:47 . 2004-05-17 08:15 17,536 --a------ c:\windows\system32\drivers\PCASp50.sys
    2008-10-04 22:36 . 2006-06-02 08:25 1,536 --a------ c:\windows\system32\bwsvc_event.dll
    2008-10-04 22:35 . 2008-10-04 22:35 21,275 --a------ c:\windows\system32\drivers\AegisP.sys
    2008-10-04 22:35 . 2007-01-11 09:19 11,008 -ra------ c:\windows\system32\BUFADPT.SYS
    2008-10-04 22:34 . 2008-10-04 22:34 <DIR> d-------- c:\windows\system32\driver

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-03 04:35 4,084,224 ----a-w c:\windows\Internet Logs\xDB22.tmp
    2008-11-03 04:35 2,896,896 ----a-w c:\windows\Internet Logs\xDB21.tmp
    2008-11-03 04:34 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\uTorrent
    2008-11-02 14:36 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-11-02 13:24 4,062,720 ----a-w c:\windows\Internet Logs\xDB20.tmp
    2008-11-02 13:24 3,004,416 ----a-w c:\windows\Internet Logs\xDB1F.tmp
    2008-11-02 08:56 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-01 21:44 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\Vso
    2008-11-01 16:41 47,360 ----a-w c:\documents and settings\Joonas ja Piia\Application Data\pcouffin.sys
    2008-11-01 10:58 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\dvdcss
    2008-10-27 16:14 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\OpenOffice.org2
    2008-10-26 17:14 4,029,440 ----a-w c:\windows\Internet Logs\xDB1E.tmp
    2008-10-26 17:14 221,184 ----a-w c:\windows\Internet Logs\xDB1D.tmp
    2008-10-26 17:04 60,416 ----a-w c:\windows\Internet Logs\xDB1B.tmp
    2008-10-26 17:04 4,028,928 ----a-w c:\windows\Internet Logs\xDB1C.tmp
    2008-10-24 21:03 4,010,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
    2008-10-24 21:03 3,214,336 ----a-w c:\windows\Internet Logs\xDB19.tmp
    2008-10-23 15:43 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\ATI
    2008-10-23 15:22 --------- d-----w c:\program files\ATI Technologies
    2008-10-23 14:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    2008-10-22 05:32 3,982,848 ----a-w c:\windows\Internet Logs\xDB18.tmp
    2008-10-22 05:32 1,991,680 ----a-w c:\windows\Internet Logs\xDB17.tmp
    2008-10-21 13:33 22,328 ----a-w c:\documents and settings\Joonas ja Piia\Application Data\PnkBstrK.sys
    2008-10-21 13:11 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-10-18 14:01 15,098,776 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2008-10-18 13:59 3,961,856 ----a-w c:\windows\Internet Logs\xDB16.tmp
    2008-10-18 13:59 3,515,904 ----a-w c:\windows\Internet Logs\xDB15.tmp
    2008-10-04 23:21 --------- d-----w c:\program files\Common Files\Adobe
    2008-10-04 19:10 3,937,280 ----a-w c:\windows\Internet Logs\xDB14.tmp
    2008-10-04 19:10 2,757,632 ----a-w c:\windows\Internet Logs\xDB13.tmp
    2008-10-03 20:32 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\Vidalia
    2008-10-03 20:32 --------- d-----w c:\documents and settings\Joonas ja Piia\Application Data\tor
    2008-09-19 12:16 2,960,896 ----a-w c:\windows\Internet Logs\xDB12.tmp
    2008-09-06 06:50 3,886,080 ----a-w c:\windows\Internet Logs\xDB11.tmp
    2008-09-06 06:50 2,861,056 ----a-w c:\windows\Internet Logs\xDB10.tmp
    2008-08-29 19:45 3,879,936 ----a-w c:\windows\Internet Logs\xDBF.tmp
    2008-08-29 19:45 1,053,184 ----a-w c:\windows\Internet Logs\xDBE.tmp
    2008-08-16 22:52 3,865,600 ----a-w c:\windows\Internet Logs\xDBD.tmp
    2008-08-16 22:52 2,184,192 ----a-w c:\windows\Internet Logs\xDBC.tmp
    2008-08-08 13:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
    2008-08-08 13:48 311,296 ----a-w c:\windows\system32\ati2dvag.dll
    2008-08-08 13:38 43,520 ----a-w c:\windows\system32\ati2edxx.dll
    2008-08-08 13:38 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
    2008-08-08 13:38 184,320 ----a-w c:\windows\system32\atipdlxx.dll
    2008-08-08 13:38 143,360 ----a-w c:\windows\system32\Oemdspif.dll
    2008-08-08 13:37 143,360 ----a-w c:\windows\system32\ati2evxx.dll
    2008-08-08 13:36 573,440 ----a-w c:\windows\system32\ati2evxx.exe
    2008-08-08 13:34 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
    2008-08-08 13:33 9,932,800 ----a-w c:\windows\system32\atioglxx.dll
    2008-08-08 13:31 307,200 ----a-w c:\windows\system32\atiiiexx.dll
    2008-08-08 13:25 3,917,984 ----a-w c:\windows\system32\ati3duag.dll
    2008-08-08 13:13 2,183,680 ----a-w c:\windows\system32\ativvaxx.dll
    2008-08-08 12:54 376,832 ----a-w c:\windows\system32\atikvmag.dll
    2008-08-08 12:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
    2008-08-08 12:46 561,152 ----a-w c:\windows\system32\ati2cqag.dll
    2008-08-04 09:41 3,857,920 ----a-w c:\windows\Internet Logs\xDBB.tmp
    2008-08-04 09:41 2,053,632 ----a-w c:\windows\Internet Logs\xDBA.tmp
    .

    ------- Sigcheck -------

    2007-09-03 11:09 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnyDVD"="e:\video-audio\AnyDVD 6.1.7.4\AnyDVD.exe" [2004-09-09 439808]
    "DAEMON Tools"="e:\pakkaus\DAEMON Tools\daemon.exe" [2007-04-04 165784]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "ZoneAlarm Client"="e:\antivirukset\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "GrooveMonitor"="e:\microsoft office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
    "AVG8_TRAY"="e:\antivi~1\AVGANT~1\avgtray.exe" [2008-11-02 1234712]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\soundman.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ClientManager3.lnk - e:\p2p\Client Manager3\cm3_tray.exe [2008-10-04 471040]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= c:\windows\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll rmicnh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "e:\\P2P\\uTorrent\\utorrent.exe"=
    "e:\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "e:\\Yahoo!\\Messenger\\YServer.exe"=
    "e:\\Video-Audio\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\Call Of Duty 4\\iw3mp.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "f:\\Company of Heroes\\RelicCOH.exe"=
    "e:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "e:\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "e:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "e:\\P2P\\SmartFTP Client\\SmartFTP.exe"=
    "e:\\P2P\\Client Manager3\\BWSVC\\bwsvc.exe"=
    "e:\\P2P\\Client Manager3\\AOSS\\aoss.exe"=
    "f:\\Far Cry 2\\bin\\FarCry2.exe"=
    "f:\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "f:\\Far Cry 2\\bin\\FC2Editor.exe"=
    "e:\\AntiVirukset\\AVG Anti-Spyware 8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-02 97928]
    R1 BUFADPT;BUFADPT;c:\windows\system32\BUFADPT.SYS [2007-01-11 11008]
    R2 avg8wd;AVG Free8 WatchDog;e:\antivi~1\AVGANT~1\avgwdsvc.exe [2008-11-02 231704]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2004-08-04 36224]
    R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
    S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [ ]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2004-05-17 17536]
    S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc41ca9-5a0e-11dc-b0f5-806d6172696f}]
    \Shell\AutoRun\command - H:\Setup.exe

    *Newly Created Service* - PROCEXP90
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
    - e:\tuneup\OneClick.exe []

    2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    .
    .
    ------- Täydentävä tarkistus -------
    .
    FireFox -: Profile - c:\documents and settings\Joonas ja Piia\Application Data\Mozilla\Firefox\Profiles\ah6cc1zq.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sports-ak.espn.go.com/nhl/index
    FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
    FF -: plugin - e:\adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
    FF -: plugin - e:\mozilla firefox\plugins\np-mswmp.dll
    FF -: plugin - e:\mozilla firefox\plugins\np32dsw.dll
    FF -: plugin - e:\mozilla firefox\plugins\npdivx32.dll
    FF -: plugin - e:\mozilla firefox\plugins\npDivxPlayerPlugin.dll
    FF -: plugin - e:\mozilla firefox\plugins\npitunes.dll
    FF -: plugin - e:\mozilla firefox\plugins\npmozax.dll
    FF -: plugin - e:\mozilla firefox\plugins\npnul32.dll
    FF -: plugin - e:\mozilla firefox\plugins\NPOFF12.DLL
    FF -: plugin - e:\mozilla firefox\plugins\nppdf32.dll
    FF -: plugin - e:\mozilla firefox\plugins\nppl3260.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin2.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin3.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin4.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin5.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin6.dll
    FF -: plugin - e:\mozilla firefox\plugins\npqtplugin7.dll
    FF -: plugin - e:\mozilla firefox\plugins\nprpjplug.dll
    FF -: plugin - e:\video-audio\DivX\DivX Player\npDivxPlayerPlugin.dll
    FF -: plugin - e:\video-audio\DivX\DivX Web Player\npdivx32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-03 21:46:33
    Windows 5.1.2600 Service Pack 2 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-11-03 21:50:04
    ComboFix-quarantined-files.txt 2008-11-03 19:49:37

    Ennen ajoa: 6 882 246 656 bytes free
    Ajon jälkeen: 6,864,445,440 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    235 --- E O F --- 2007-12-04 13:17:19
     
    JoNazs, Nov 3, 2008
    #3
  4. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Lataa JavaRa ja pura se työpöydällesi.

    ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

    * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
    * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
    * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
    * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
    * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

    Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 10.
    jre-6u10-windows-i586-p.exe => 15.?? MB

    --------------------------------------------------

    Aja MB-AM uudelleen:

    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.

    Lähetä HJT ja MB-AM logit =>
    .
     
    kalminen, Nov 4, 2008
    #4
  5. JoNazs

    JoNazs Member

    Joined:
    Oct 3, 2006
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 16:16:24, on 5.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    E:\AntiVirukset\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SOUNDMAN.EXE
    E:\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    E:\ANTIVI~1\AVGANT~1\avgtray.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
    E:\ANTIVI~1\AVGANT~1\avgrsx.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    E:\Pakkaus\DAEMON Tools\daemon.exe
    C:\WINDOWS\eHome\ehSched.exe
    E:\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\P2P\Client Manager3\cm3_tray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Mozilla Firefox\firefox.exe
    E:\P2P\uTorrent\utorrent.exe
    E:\AntiVirukset\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    E:\AntiVirukset\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
    O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll rmicnh.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Java\jre6\bin\jqs.exe" -service -config "E:\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    _____________________________________________________________________

    Malwarebytes' Anti-Malware 1.30
    Tietokantaversio: 1357
    Windows 5.1.2600 Service Pack 2

    5.11.2008 6:28:49
    mbam-log-2008-11-05 (06-28-49).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
    Tarkistetut kohteet: 268872
    Kulunut aika: 2 hour(s), 35 minute(s), 23 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 1

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\System Volume Information\_restore{860247B8-C4D6-4B36-B831-6302D60D1F73}\RP314\A0057839.sys (Rootkit.Agent) -> Quarantined and deleted successfully.



    _____________________________________________________________________

    JavaRa 1.11 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Nov 04 15:44:59 2008

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    ------------------------------------

    Finished reporting.



     
    JoNazs, Nov 5, 2008
    #5
  6. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Päivitä Windows SP3:
    http://www.microsoft.com/downloads/Search.aspx?displaylang=fi

    ******************************************
    Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

    ******************************************
    Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

    *************************************************************

    Ota ensin rekisteristä näin varmuuskopio:

    Alapalkista > Käynnistä > Suorita -> regedit -> ok.
    Klikkaa hiirellä omatietokone rivi aktiiviseksi.
    Sitten Tiedosto -> Vie. Kirjoita sille Roope Tiedoston nimi ja
    Tallennus Kohde sarakkeeseen valitset (C:) juureen. Vientialueeseen "täppi" kohtaan kaikki.
    Poistu Regeditistä.

    Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg Notepad muistiossa
    työpöydälle (tallennusmuoto kaikki tiedostot)

    Code:
    Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
    Tuplaklikkaa työpöydällä fix.reg ja paina kyllä ja ok.
    Käynnistä kone uudelleen.

    Lähetä vielä HJT logi =>

    Kuinka kone pelittää nyt ???
    D:
     
    kalminen, Nov 5, 2008
    #6
  7. JoNazs

    JoNazs Member

    Joined:
    Oct 3, 2006
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    16
    Kiitos paljon avusta! Nyt ainakin tuntuu että menee paremmin. Toki pientä raskautta on mutta liekö vaan liikaa ohjelmia asennettuna :)

    Jos jotain voi vielä tehdä niin teen mielelläni mutta nyt on jo mukavempi käyttää konetta. Iso tattis.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:18:52, on 6.11.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    E:\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    E:\ANTIVI~1\AVGANT~1\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    E:\AntiVirukset\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SOUNDMAN.EXE
    E:\Java\jre6\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\ANTIVI~1\AVGANT~1\avgtray.exe
    E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe
    E:\Pakkaus\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\P2P\Client Manager3\cm3_tray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    E:\Adobe\Photoshop CS3\Adobe Photoshop CS3\Photoshop.exe
    E:\Mozilla Firefox\firefox.exe
    E:\AntiVirukset\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\ANTIVI~1\AVGANT~1\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\AntiVirukset\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\ANTIVI~1\AVGANT~1\avgtray.exe
    O4 - HKCU\..\Run: [AnyDVD] "E:\Video-Audio\AnyDVD 6.1.7.4\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\Pakkaus\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: ClientManager3.lnk = E:\P2P\Client Manager3\cm3_tray.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{27D764A0-D327-41F9-B965-5755088B28A5}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AntiVirukset\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ANTIVI~1\AVGANT~1\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bwsvc - BUFFALO INC. - E:\P2P\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Java\jre6\bin\jqs.exe" -service -config "E:\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    JoNazs, Nov 6, 2008
    #7
  8. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Muuten OK !!!

    Tämän Fixaa HJT:llä pois:
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

    D:
     
    kalminen, Nov 6, 2008
    #8
  9. JoNazs

    JoNazs Member

    Joined:
    Oct 3, 2006
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    16
    ok... Dänx!
     
    JoNazs, Nov 6, 2008
    #9

Share This Page