Liikaa prosesseja - haittaohjelmia?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by elchico_, Aug 11, 2009.

  1. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Koneessani oli virus, joka hävitti kovalevyn jotenkin näkyvistä. "Ammattilainen" hoiti sen asian kuntoon, mutta koneella on edelleen liikaa kaikkea turhaa ja se on käsittämättömän hidas.

    Poistelin ohjelmia joita uskalsin, edelleen käynnistysvaiheessa yhdessä Winukan kanssa aukeaa n.40 muuta ohjelmaa ja niitä pitäisi karsia. Laitoin login nyt kuitenkin tähän, koska jotenkin tuntuu ettei kaikki ole kunnossa.

    -----------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:47:56, on 11.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\Ohjelmat\vpn\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Ohjelmat\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {23DC814C-C8AE-464D-993A-A55DEF80F86B} (NewLogin.ctlLogin) - http://timesheet.lionbridge.com/login/Login.CAB
    O16 - DPF: {3A69525E-7CF7-446A-8C5F-9D734E751B8C} (Timesheet.ctlTS) - http://timesheet.lionbridge.com/Timesheet/Timesheet.CAB
    O16 - DPF: {869918A4-D254-4CCB-AA52-7E8306AF937A} (xLogin.ctlLogin) - http://timesheet.lionbridge.com/twin.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E14385A9-F2F1-41D0-BD5B-3043BC045FC5} (xToolbar.ctlToolbar) - http://timesheet.lionbridge.com/Toolbar/xToolbar.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7868 bytes
     
    elchico_, Aug 11, 2009
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Ei paha !!!

    Lataa JavaRa ja pura se työpöydällesi.

    ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

    * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
    * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
    * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
    * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
    * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

    Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 16.
    jre-6u16-windows-i586-p.exe => 15.?? MB
    Lataa työpöydälle ja sammuta kaikki selaimet ennen asennusta

    ---------------------------------------------------------------------------------------

    Lataus ja siivous ohjeet: TÄÄLLÄ

    --------------------------------------------------------------------------------

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Party\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {23DC814C-C8AE-464D-993A-A55DEF80F86B} (NewLogin.ctlLogin) - http://timesheet.lionbridge.com/login/Login.CAB
    O16 - DPF: {3A69525E-7CF7-446A-8C5F-9D734E751B8C} (Timesheet.ctlTS) - http://timesheet.lionbridge.com/Timesheet/Timesheet.CAB
    O16 - DPF: {869918A4-D254-4CCB-AA52-7E8306AF937A} (xLogin.ctlLogin) - http://timesheet.lionbridge.com/twin.CAB
    O16 - DPF: {E14385A9-F2F1-41D0-BD5B-3043BC045FC5} (xToolbar.ctlToolbar) - http://timesheet.lionbridge.com/Toolbar/xToolbar.CAB

    sekä poista ne.(fix Chekked) napista.

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * raportti
    *
    * Kerro mikä on tilanne ???
    .
     
    kalminen, Aug 12, 2009
    #2
  3. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Seuraavassa javara sekä hijack -logit. Siivosin ccleanerilla ja tuntuu auttaneen jonkun verran. Prosessien määrä käynnistyksen yhteydessä ei tosin ole muuttunut, edelleen 39 (normaali?).

    En pysty poistamaan joitakin ohjelmia(daemon tools)+tiedostoa mutta niihin löytynee ohjeet toisesta topicista.




    JavaRa 1.11 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Aug 23 19:03:40 2008

    Found and removed: C:\Program Files\Java\jre1.5.0_11

    Found and removed: Software\JavaSoft\Java2D\1.5.0

    Found and removed: Software\JavaSoft\Java2D\1.5.0_03

    Found and removed: Software\JavaSoft\Java2D\1.5.0_11

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: Software\JavaSoft\Java2D\1.6.0_02

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    ------------------------------------

    Finished reporting.



    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Wed Aug 12 12:33:43 2009

    Found and removed: C:\Program Files\Java\jre1.6.0_02

    Found and removed: C:\Documents and Settings\Käyttäjä\Application Data\Sun\Java\jre1.6.0_02

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

    ------------------------------------

    Finished reporting.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:03:51, on 12.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\Ohjelmat\vpn\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Ohjelmat\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6701 bytes
     
    elchico_, Aug 12, 2009
    #3
  4. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    tuplat.
     
    Last edited: Aug 12, 2009
    elchico_, Aug 12, 2009
    #4
  5. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Jos et tarvitse DAEMON Toolssia ollenkaan, niin
    sen voit poistaa Lisää / Poista sovellus ohjelmalla.
    Muussa tapauksessa se pitää ensin sammuttaa alapalkista.

    Sitten nämäkin joutaa:
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ---------------------------------------------------------------------

    Tehtävien hallinnassa =>
    n. 40 prosessia käynnissä on normaali.
    Järjestelmän vapaa prosessi n. 97 - 100%

    Suorituskyky välilehdellä
    PF Usage n. 700 Mt käytössä.
    . ???
     
    kalminen, Aug 12, 2009
    #5
  6. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Daemon ei näy ollenkaan lisää/poista sovelluksia ikkunassa. Käynnistä valikosta daemon tools->uninstall->setup is unable to validate installation.
    Lisäksi daemon tools pukkaa aina virheilmoituksen ruudulle, kun kone on avattu.

    --------------------------
    Prosessit on siis ok.

    ---------------------------

    Vielä sellaista, että onko minulla liikaa turhia virustorjuntaohjelmia kun löytyy spybot, zonealarm, avast ja malwarebytes?

    ------------------------------

    Jaahas, nyt ei näy ollenkaan cd/dvd-asemaa.. Mikä auttaisi?


    Suurkiitokset avusta tähän asti!
     
    Last edited: Aug 12, 2009
    elchico_, Aug 12, 2009
    #6
  7. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    ZoneAlarm ja Avast on parhaastapäästä suojia.

    Paitsi Zone ei näytä olevan käynnissä !!!!

    Onko Z-seta alapalkissa ????

    Varmista winukan tietoturva keskuksesta mikä tilanne.

    Vaikuttaa huolestuttavalta ammattilaisen jäljiltä ???

    Kerro !!!
    .
     
    kalminen, Aug 12, 2009
    #7
  8. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Tietoturvakeskuksen mukaan zone alarm firewall on käytössä. Alhaalla ei tosiaan ole Zetaa, joskus se siellä kylläkin oli. Kone oli huollossa vain sen kovalevyongelman takia, liikkeessä sitten huomasivat sen viruksen ja poistivat. Oman ajanpuutteen takia koneelle ei siellä tehty enempää.

    ------------------------------

    Voin siis poistaa spybotin ja malwarebytesin.

    ------------------------------

    CD-aseman katoaminen mietityttää edelleen.
     
    elchico_, Aug 12, 2009
    #8
  9. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Älä poista => malwarebytesin.
    Sillä voi scannata kerran kuussa tai heti kun tuntuu
    oudolta. Päivittää vain ensin tunnisteet.

    SpyyBotti ei ole sulla actiivisena niinkuin ei Zonekaan !!!!

    Mene Käynnistä ja kaikkiohjelmat.
    sieltä Zone ja käynnistä Zone Z
    Tuliko alapalkkiin => Z.

    Jos tuli laita uusi HJT logi.
    .
     
    kalminen, Aug 12, 2009
    #9
  10. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Spybotin poistin ja käynnistin zone alarmin, nyt on zeta alhaalla. Laitoin ruksin kohtaan load zone alarm at startup->nyt ilmeisesti lähtee käyntiin winukan tahdissa.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:47:16, on 12.8.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\Ohjelmat\vpn\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\Ohjelmat\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fi:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Ohjelmat\vpn\cvpnd.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6693 bytes
     
    elchico_, Aug 12, 2009
    #10
  11. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Oikein hyvä !!!
    Nyt virusturvan perus osat on kunnossa.

    -------------------------------------------------------

    Hiiren oikealla napilla Daemontools kuvaketta alapalkissa ja
    sieltä asetukset. Ruxit pois Yleinen jokakohdasta.

    koneen uudelleen käynnistys.

    Aja tuolta =>
    C:\Program Files\DAEMON Tools\uninst.exe

    ----------------------------------------------------------

    Olisko noista apuja CD / DVD:lle TÄÄLLÄ

    ettei tarviisi mennä rekisteriin.
    ???
    .
     
    kalminen, Aug 12, 2009
    #11
  12. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Daemnon toolsia ei ole enää alapalkissa ollut pitkään aikaan. Olisinko mahdollisesti poistanut sen/joitakin osia joskus, koska ohjelma herjaa jotain käynnistettäessä eikä sitä pysty poistamaankaan. Daemonia ei siis ole lisää/poista sovellus listassa.

    -------------------------------------------

    Eipä auttanut tuo cd/dvd-aseman kanssa. En kokeillut sitä korjaa itse-kohtaa.
     
    elchico_, Aug 12, 2009
    #12
  13. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Rekisteri muutokse vaativat aina koneen uudelleen käynnistämisen


    Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

    Tupla-klikkaa SystemLook.exe ajaaksesi sen.

    Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

    Code:
    :regfind
DAEMON

:dir
C:\WINDOWS\system32\drivers\etc /s
E:\Ohjelmat\DAEMON Tools /s

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
    Klikkaa nappulaa Look aloittaaksesi skannauksen.

    Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
    Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
    Kopio ja liitä se seuraavaan viestiisi.
    (Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)
    .
     
    kalminen, Aug 13, 2009
    #13
  14. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    SystemLook v1.0 by jpshortstuff (22.05.09)
    Log created at 17:57 on 13/08/2009 by Käyttäjä (Administrator - Elevation successful)

    ========== regfind ==========

    Searching for "DAEMON"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
    "@"=="IE Component Categories cache daemon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
    "@"=="Component Categories cache daemon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
    "@"=="IE Component Categories conditional cache daemon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E56829C9-2D59-11d2-BE38-3078302C2030}]
    "@"=="Component Categories conditional cache daemon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
    [HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DAEMON Tools]

    ========== dir ==========

    C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

    ---Files---
    hosts --a--- 4033 bytes [12:00 15/09/2004] [09:51 03/08/2007]
    lmhosts.sam --a--- 3705 bytes [12:00 15/09/2004] [12:00 15/09/2004]
    networks --a--- 416 bytes [12:00 15/09/2004] [12:00 15/09/2004]
    protocol --a--- 829 bytes [12:00 15/09/2004] [12:00 15/09/2004]
    services --a--- 7151 bytes [12:00 15/09/2004] [12:00 15/09/2004]

    No folders found.

    E:\Ohjelmat\DAEMON Tools - Parameters: "/s"

    ---Files---
    daemon.dll --a--- 351640 bytes [15:38 10/12/2005] [15:38 10/12/2005]
    daemon.exe --a--- 133016 bytes [14:57 10/12/2005] [14:57 10/12/2005]
    pfctoc.dll --a--- 167936 bytes [21:38 25/02/2005] [21:38 25/02/2005]
    uninst.exe --a--- 99670 bytes [09:01 02/09/2006] [09:01 02/09/2006]

    E:\Ohjelmat\DAEMON Tools\Icons d----- [09:01 02/09/2006]
    tray1.ico --a--- 318 bytes [22:29 27/01/2005] [22:29 27/01/2005]
    tray2.ico --a--- 318 bytes [22:29 27/01/2005] [22:29 27/01/2005]

    E:\Ohjelmat\DAEMON Tools\Lang d----- [09:01 02/09/2006]
    1033.dll --a--- 8256 bytes [10:30 20/11/2005] [10:30 20/11/2005]

    E:\Ohjelmat\DAEMON Tools\Plugins d----- [09:01 02/09/2006]

    E:\Ohjelmat\DAEMON Tools\Plugins\Images d----- [09:01 02/09/2006]
    bw5mount.dll --a--- 7168 bytes [09:17 27/07/2005] [09:17 27/07/2005]
    ccdmount.dll --a--- 7168 bytes [00:38 28/01/2005] [00:38 28/01/2005]
    mdsmount.dll --a--- 20992 bytes [04:11 04/03/2005] [04:11 04/03/2005]
    nrgmount.dll --a--- 12288 bytes [06:40 01/08/2005] [06:40 01/08/2005]
    pdimount.dll --a--- 7680 bytes [00:38 28/01/2005] [00:38 28/01/2005]

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    "Class"="CDROM"
    "EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
    "Icon"="-51"
    "Installer32"="storprop.dll,DvdClassInstaller"
    "NoInstallClass"="1"
    "SilentInstall"="1"
    "TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
    @="DVD- ja CD-asemat"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0002]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]


    -=End Of File=-
     
    elchico_, Aug 13, 2009
    #14
  15. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    5 Vuotta vanha HOSTS !!!

    * Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
    Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
    * Käynnistä koneesi normaalitilaan.
    * Lataa HOSTS: Täältä Työpöydällesi.
    * Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.


    Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt tai n.1700 kt.
    Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

    Houstiin päivitykset: Täältä
    Mitä HOSTS tekee: Opas Täällä

    -----------------------------------------------------

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe


    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    ------------------------------------------------------------------------------------

    Login mukaan romppuasema on ok.

    Lähetä =>
    (C:\ComboFix.txt)

    .
     
    kalminen, Aug 14, 2009
    #15
  16. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 09-08-10.06 - Käyttäjä 14.08.2009 13:40.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.661 [GMT 3:00]
    Running from: c:\documents and settings\Käyttäjä\Työpöytä\ComboFix.exe
    Command switches used :: c:\documents and settings\Käyttäjä\Työpöytä\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\windows\Installer\1137f8c.msi
    c:\windows\Installer\13211b.msi
    c:\windows\Installer\220aa46.msi
    e:\ohjelmat\DAEMON Tools
    e:\ohjelmat\DAEMON Tools\daemon.dll
    e:\ohjelmat\DAEMON Tools\daemon.exe
    e:\ohjelmat\DAEMON Tools\Icons\tray1.ico
    e:\ohjelmat\DAEMON Tools\Icons\tray2.ico
    e:\ohjelmat\DAEMON Tools\Lang\1033.dll
    e:\ohjelmat\DAEMON Tools\pfctoc.dll
    e:\ohjelmat\DAEMON Tools\Plugins\Images\bw5mount.dll
    e:\ohjelmat\DAEMON Tools\Plugins\Images\ccdmount.dll
    e:\ohjelmat\DAEMON Tools\Plugins\Images\mdsmount.dll
    e:\ohjelmat\DAEMON Tools\Plugins\Images\nrgmount.dll
    e:\ohjelmat\DAEMON Tools\Plugins\Images\pdimount.dll
    e:\ohjelmat\DAEMON Tools\uninst.exe

    ----- BITS: Possible infected sites -----

    hxxp://sync.avustaja.sonera.fi

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
    .

    2009-08-12 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-12 14:56 . 2009-08-12 14:56 -------- d-----w- c:\program files\AskBarDis
    2009-08-12 12:21 . 2006-10-02 10:44 5120 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-08-12 09:39 . 2009-08-12 09:39 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-11 20:12 . 2009-08-11 20:12 -------- d-----w- c:\windows\system32\NtmsData
    2009-08-11 16:25 . 2009-08-11 16:25 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-17 19:02 . 2009-07-17 19:02 58880 -c----w- c:\windows\system32\dllcache\atl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-14 10:45 . 2007-08-13 14:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2009-08-13 18:14 . 2004-09-15 12:00 49574 ----a-w- c:\windows\system32\perfc00B.dat
    2009-08-13 18:14 . 2004-09-15 12:00 286308 ----a-w- c:\windows\system32\perfh00B.dat
    2009-08-12 15:33 . 2007-12-13 19:32 16680199 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-08-12 12:46 . 2007-03-31 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-12 10:38 . 2007-11-01 10:21 -------- d-----w- c:\program files\DivX
    2009-08-12 09:39 . 2007-03-05 19:55 -------- d-----w- c:\program files\Java
    2009-08-11 20:23 . 2006-05-08 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-11 20:22 . 2008-09-18 09:04 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-11 20:22 . 2007-05-01 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-08-11 20:11 . 2006-05-24 11:46 -------- d-----w- c:\program files\Hewlett-Packard
    2009-08-05 09:00 . 2004-09-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:02 . 2004-09-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 20:43 . 2004-09-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 09:04 . 2006-11-25 10:37 -------- d-----w- c:\program files\Common Files\PCSuite
    2009-07-13 09:04 . 2006-06-17 11:58 -------- d-----w- c:\program files\Common Files\Nokia
    2009-07-13 09:04 . 2006-05-24 13:01 -------- d-----w- c:\program files\Nokia
    2009-07-13 09:03 . 2006-11-05 12:39 -------- d-----w- c:\program files\DIFX
    2009-07-13 09:01 . 2008-09-19 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2009-07-13 09:01 . 2009-07-13 09:01 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-07-13 09:01 . 2009-07-13 09:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
    2009-07-13 09:01 . 2009-07-13 09:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-07-13 09:01 . 2009-07-13 09:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
    2009-07-13 09:00 . 2009-07-13 09:01 33848496 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fin.exe
    2009-07-03 16:58 . 2004-09-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-16 14:39 . 2004-09-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:39 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 10:44 . 2004-09-15 12:00 76800 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:15 . 2004-09-15 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 06:21 . 2006-05-08 12:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-09-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-09 15:27 . 2006-08-30 06:40 1024 ----a-w- c:\windows\system32\drivers\sptd2109.sys
    2009-06-03 19:10 . 2004-09-15 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-16 15:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-5-8 114688]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Ohjelmat\\Utorrent\\uTorrent.exe"=
    "e:\\HalfLife2\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11.8.2009 19:25 33408]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.8.2008 17:28 114768]
    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12.8.2009 17:56 464264]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2008 17:28 20560]
    R2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\program files\Sonera\InternetAvustaja\bin\sprtsvc.exe [3.11.2008 12:37 202016]
    R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [7.9.2006 20:31 162176]
    S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys --> c:\windows\system32\drivers\bdacap.sys [?]
    S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\DRIVERS\GLKbFilter.sys --> c:\windows\system32\DRIVERS\GLKbFilter.sys [?]
    S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard
    MSConfigStartUp-CTFMON - (no file)


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = proxy.fi:8080
    uInternet Settings,ProxyOverride = *.fi;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\0kscl6bv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.phnet.fi/
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-14 13:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:8f,c7,c9,fc,c7,77,39,d7,91,73,a9,fe,29,72,87,c7,8d,e9,55,69,a2,0b,0f,
    d5,d6,27,49,a1,64,28,c4,4e,da,04,a0,4f,ce,ca,73,f9,c4,bf,92,58,68,9c,c4,f8,\
    "??"=hex:70,b9,ab,df,d8,21,d8,6e,2a,6b,7a,45,ab,1a,1a,9f

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
    .
    Completion time: 2009-08-14 13:47
    ComboFix-quarantined-files.txt 2009-08-14 10:47

    Pre-Run: 27 003 801 600 tavua vapaana
    Post-Run: 28 316 217 344 tavua vapaana

    193 --- E O F --- 2009-08-12 21:32
     
    elchico_, Aug 14, 2009
    #16
  17. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Vieläkö DAEMONi herjaa ????

    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Lähetä =>

    Joko romppuasema näkyy

    (C:\ComboFix.txt)

    .
     
    kalminen, Aug 14, 2009
    #17
  18. elchico_

    elchico_ Member

    Joined:
    Oct 13, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Daemon ei herjaa enää ja poistettu onnistuneesti.
    -------------------------------------------------

    cd/dvd-asemaa ei näy vieläkään. Pitää katsoa olisiko biosista joku asetus vinksallaan sen viruksen takia? Ennen huoltoon lähtöä bios ei tunnistanut kovalevyä siinä biosin boot-järjestys kohdassa.

    ------------------------------------------------------

    ComboFix 09-08-10.06 - Käyttäjä 14.08.2009 15:28.2.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.587 [GMT 3:00]
    Running from: c:\documents and settings\Käyttäjä\Työpöytä\ComboFix.exe
    Command switches used :: c:\documents and settings\Käyttäjä\Työpöytä\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\AskBarDis
    c:\program files\AskBarDis\bar\bin\askBar.dll
    c:\program files\AskBarDis\bar\bin\askPopStp.dll
    c:\program files\AskBarDis\bar\bin\AskService.exe
    c:\program files\AskBarDis\bar\bin\psvince.dll
    c:\program files\AskBarDis\bar\Cache\001193B1
    c:\program files\AskBarDis\bar\Cache\00119680.bin
    c:\program files\AskBarDis\bar\Cache\00119901.bin
    c:\program files\AskBarDis\bar\Cache\00119AE5.bin
    c:\program files\AskBarDis\bar\Cache\00119CD9.bin
    c:\program files\AskBarDis\bar\Cache\00119F4A.bin
    c:\program files\AskBarDis\bar\Cache\0011A11F.bin
    c:\program files\AskBarDis\bar\Cache\0011A2F4.bin
    c:\program files\AskBarDis\bar\Cache\0011A4D8.bin
    c:\program files\AskBarDis\bar\Cache\0011A6AD.bin
    c:\program files\AskBarDis\bar\Cache\0011A824.bin
    c:\program files\AskBarDis\bar\Cache\files.ini
    c:\program files\AskBarDis\bar\History\search
    c:\program files\AskBarDis\bar\Settings\config.dat
    c:\program files\AskBarDis\bar\Settings\config.dat.bak
    c:\program files\AskBarDis\bar\Settings\prevcfg.htm
    c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
    c:\program files\AskBarDis\unins000.dat
    c:\program files\AskBarDis\unins000.exe
    c:\program files\AskBarDis\zonealarm.ico


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASKService
    -------\Service_ASKService


    ((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
    .

    2009-08-14 12:29 . 2009-08-14 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-08-12 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-12 12:21 . 2006-10-02 10:44 5120 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-08-12 09:39 . 2009-08-12 09:39 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-11 20:12 . 2009-08-11 20:12 -------- d-----w- c:\windows\system32\NtmsData
    2009-08-11 16:25 . 2009-08-11 16:25 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-17 19:02 . 2009-07-17 19:02 58880 -c----w- c:\windows\system32\dllcache\atl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-14 12:34 . 2007-08-13 14:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2009-08-13 18:14 . 2004-09-15 12:00 49574 ----a-w- c:\windows\system32\perfc00B.dat
    2009-08-13 18:14 . 2004-09-15 12:00 286308 ----a-w- c:\windows\system32\perfh00B.dat
    2009-08-12 15:33 . 2007-12-13 19:32 16680199 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-08-12 12:46 . 2007-03-31 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-12 10:38 . 2007-11-01 10:21 -------- d-----w- c:\program files\DivX
    2009-08-12 09:39 . 2007-03-05 19:55 -------- d-----w- c:\program files\Java
    2009-08-11 20:23 . 2006-05-08 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-11 20:22 . 2008-09-18 09:04 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-11 20:22 . 2007-05-01 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-08-11 20:11 . 2006-05-24 11:46 -------- d-----w- c:\program files\Hewlett-Packard
    2009-08-05 09:00 . 2004-09-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:02 . 2004-09-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 20:43 . 2004-09-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 09:04 . 2006-11-25 10:37 -------- d-----w- c:\program files\Common Files\PCSuite
    2009-07-13 09:04 . 2006-06-17 11:58 -------- d-----w- c:\program files\Common Files\Nokia
    2009-07-13 09:04 . 2006-05-24 13:01 -------- d-----w- c:\program files\Nokia
    2009-07-13 09:03 . 2006-11-05 12:39 -------- d-----w- c:\program files\DIFX
    2009-07-13 09:01 . 2008-09-19 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2009-07-13 09:01 . 2009-07-13 09:01 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-07-13 09:01 . 2009-07-13 09:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
    2009-07-13 09:01 . 2009-07-13 09:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-07-13 09:01 . 2009-07-13 09:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
    2009-07-13 09:00 . 2009-07-13 09:01 33848496 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fin.exe
    2009-07-03 16:58 . 2004-09-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-16 14:39 . 2004-09-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:39 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 10:44 . 2004-09-15 12:00 76800 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:15 . 2004-09-15 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 06:21 . 2006-05-08 12:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-09-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-09 15:27 . 2006-08-30 06:40 1024 ----a-w- c:\windows\system32\drivers\sptd2109.sys
    2009-06-03 19:10 . 2004-09-15 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-14_10.46.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-14 12:33 . 2009-08-14 12:33 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
    + 2009-08-14 12:33 . 2009-08-14 12:33 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
    + 2009-08-14 12:32 . 2009-08-14 12:32 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    + 2009-08-14 12:32 . 2009-08-14 12:32 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    + 2009-08-14 12:32 . 2009-08-14 12:32 376832 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-14 12:32 . 2009-08-14 12:32 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
    + 2009-08-14 12:32 . 2009-08-14 12:32 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-14 12:32 . 2009-08-14 12:32 8888320 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-5-8 114688]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Ohjelmat\\Utorrent\\uTorrent.exe"=
    "e:\\HalfLife2\\SteamApps\\common\\shadowgrounds demo\\ShadowgroundsLauncher.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11.8.2009 19:25 33408]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.8.2008 17:28 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2008 17:28 20560]
    R2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\program files\Sonera\InternetAvustaja\bin\sprtsvc.exe [3.11.2008 12:37 202016]
    R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [7.9.2006 20:31 162176]
    S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys --> c:\windows\system32\drivers\bdacap.sys [?]
    S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\DRIVERS\GLKbFilter.sys --> c:\windows\system32\DRIVERS\GLKbFilter.sys [?]
    S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\iMSPQMn.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = proxy.fi:8080
    uInternet Settings,ProxyOverride = *.fi;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\0kscl6bv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.phnet.fi/
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-14 15:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1214440339-879983540-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:8f,c7,c9,fc,c7,77,39,d7,91,73,a9,fe,29,72,87,c7,8d,e9,55,69,a2,0b,0f,
    d5,d6,27,49,a1,64,28,c4,4e,da,04,a0,4f,ce,ca,73,f9,c4,bf,92,58,68,9c,c4,f8,\
    "??"=hex:70,b9,ab,df,d8,21,d8,6e,2a,6b,7a,45,ab,1a,1a,9f

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3268)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    e:\ohjelmat\vpn\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-14 15:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-14 12:37
    ComboFix2.txt 2009-08-14 10:47

    Pre-Run: 28 323 917 824 tavua vapaana
    Post-Run: 28 192 264 192 tavua vapaana

    223 --- E O F --- 2009-08-12 21:32
     
    elchico_, Aug 14, 2009
    #18
  19. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Kyllä tämä näiltäosin on kunnossa !!!

    ******************************************
    Poistetaan roskat:
    Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

    ********************************************************

    Tämä suoja sulta taitaa puuttua =>

    Asenna SpywareBlaster!
    SpywareBlaster estää haittaohjelmien asentumista koneelle.
    Lataus ja ohjeet: TÄÄLTÄ

    D:
     
    kalminen, Aug 14, 2009
    #19

Share This Page