Tervehdys prosällit! Ostin koneeni käytettynä kaveriltani joka oli tämän koonnut, hänellä kone toimi hyvin. Nyt on kumminkin ilmeentynyt ongelmia, kuten kaikkien exe.tiedostojen käynnistymisen hitaus. Olen ajanut adawarella, ja käytän zonealarmin security suitea jossa on virus/spywaretutka mukana. Mitkään näistä eivät ole löytäneet kuin cookieita.EI yhtään viirusta. Muutama kuukausi sitten ZOnealarm löysi viiruksen, jonka nimeä en nyt muista mutta se laittoi sen karanteeniin josta sen sitten poistin. Start-up valikosta olen poistanut kaiken melkein minkä voi vielä turvallisesti poistaa. Rekisterini puhdistan viikottain.Olen juuri fragmentoinut levyni. KOneeni on kyllä aika pölyssä, mutta ei kai se nyt siitä voi johtua koska lämmöt pysyvät kurissa.Ylikellotusta minulla ei ole. Noh enpä tiedä mitä muuta selittäisin. JOten tässäpä teille logini: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:31, on 23.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwininstaller.tk O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4885 bytes Kiitoksia tälläsestä palvelusta.Ya guys roks!
Juuh, mie sain tälläisen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:22, on 23.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\lphcpboj0eg6n.exe C:\Program Files\rhctboj0eg6n\rhctboj0eg6n.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\CA.tmp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\pphcpboj0eg6n.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F3 - REG:win.ini: load= O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A836EAF-53BF-449F-8387-2E73BDA3A142} - (no file) O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [lphcpboj0eg6n] C:\WINDOWS\system32\lphcpboj0eg6n.exe O4 - HKLM\..\Run: [SMrhctboj0eg6n] C:\Program Files\rhctboj0eg6n\rhctboj0eg6n.exe O4 - HKLM\..\RunServices: [Microsoft Update] livemessenger.com O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MYYML~1\LOCALS~1\Temp\CA.tmp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ? O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Matkaviestimen suosikkien luominen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Nokia Media Bar) - http://img.euro1.music.nokia.com/installation/MusicManagerPlugin.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab O20 - Winlogon Notify: iifdcDVl - iifdcDVl.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - http://kotisivu.dnainternet.net/kauttok/tutka/ukkonen.jpg -- End of file - 10387 bytes
EIkö kukaan kerkee?EN tiedä mitä kaikkia ohjelmia tässä on ollut, sain sen pakettina. Mutta voiko Adaware ja ZOne Alarm tehä tän?Se kyllä teki sitä aikaisemminkin..
ImaMar scannaa hjt:llä merkkaa paina Fix checked R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uwininstaller.tk O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) ============ 1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ============ Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi. ====== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera. ============ Lataa Tästä Ccleaner CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria! Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki". Asennuksen jälkeen aukaise CCleaner. Valitse vasemmalta pystyrivistä Options. Valitse viereisestä pystyrivistä Settings. Language kohtaan valitse Suomi. Puhdistaja Valitse vasemmalta pystyrivistä Puhdistaja. Paina alhaalta Tutki. Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.). Kun tutkiminen on valmis, paina Aja CCleaner. Nyt CCleaner poistaa löydetyt tempit, cookiessit jne. Rekisterin virheiden korjaus Valitse vasemmalta pystyrivistä Rekisteri. Paina alhaalta Etsi rekisterin virheitä. Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet. Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon. Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet. Saat vielä varmistus kysymyksen, paina Ok. Kun virheet on korjattu, paina Sulje. Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia. ============= Javan päivitys ja välimuistin tyhjennys: Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: * Applications and Applets * Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
Kiitoksia. Tässä lokini: ComboFix 08-08-26.03 - Administrator 2008-08-27 17:08:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 3:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 01:12 . 2008-08-27 01:12 <DIR> d-------- C:\Program Files\Codemasters 2008-08-26 23:31 . 2008-08-27 01:01 <DIR> d-------- C:\Program Files\a-squared Free 2008-08-26 23:25 . 2008-08-26 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol 2008-08-26 23:21 . 2008-08-26 23:21 <DIR> d-------- C:\Program Files\BillP Studios 2008-08-23 12:38 . 2008-08-23 12:38 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-23 01:45 . 2008-08-23 01:45 <DIR> d-------- C:\Program Files\Eidos 2008-08-23 01:27 . 2008-08-23 01:27 <DIR> d-------- C:\Program Files\PowerISO 2008-08-22 02:10 . 2008-08-22 02:10 0 --a------ C:\netstat 2008-08-21 11:23 . 2008-08-23 01:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2 2008-08-19 11:14 . 2008-08-19 11:15 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-08-19 11:14 . 2008-08-19 11:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab 2008-08-17 22:35 . 2008-08-20 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-16 23:27 . 2008-08-17 12:37 <DIR> d-------- C:\Program Files\eMule 2008-08-16 23:18 . 2008-08-23 02:10 <DIR> d-------- C:\Program Files\DC++ 2008-08-16 23:15 . 2008-08-16 23:22 79,973,687 --a------ C:\Raappana - Päivä on nuori.rar 2008-08-16 20:01 . 2008-08-16 20:01 <DIR> d-------- C:\Program Files\Logitech 2008-08-16 20:01 . 2008-08-16 20:01 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-08-16 20:01 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-08-16 20:01 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-08-16 20:01 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-08-16 20:01 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-08-16 18:31 . 2008-08-16 18:31 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-16 18:31 . 2008-08-16 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-16 17:02 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-08-16 17:02 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-08-16 16:58 . 2008-08-16 16:58 <DIR> d-------- C:\Program Files\ESET 2008-08-16 16:58 . 2008-08-16 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-16 16:49 . 2008-08-16 16:49 <DIR> d-------- C:\fsaua.data 2008-08-16 16:29 . 2008-08-16 16:47 <DIR> d-------- C:\ESET NOD32 AntiVirus 3.0.650 + Smart Security 3.0.650 + FiXes (32 & 64 bit) - TomO 2008-08-16 16:21 . 2008-08-16 16:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR 2008-08-14 14:41 . 2008-08-14 14:41 <DIR> d-------- C:\ProgramData 2008-08-14 14:41 . 2008-08-14 14:41 3,522 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-08-13 21:50 . 2008-08-13 21:50 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-13 20:06 . 2008-08-25 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2 2008-08-13 18:20 . 2008-08-13 18:20 <DIR> d-------- C:\WINDOWS\system32\ageia 2008-08-13 18:20 . 2008-08-13 18:20 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-08-13 18:18 . 2003-08-26 09:54 930,980 --a------ C:\WINDOWS\PUNKBUSTER.RTP 2008-08-13 18:10 . 2008-08-13 18:10 <DIR> d-------- C:\Program Files\Ubi Soft 2008-08-13 18:10 . 2002-09-29 03:09 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx 2008-08-13 18:10 . 2002-09-29 03:09 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX 2008-08-13 18:10 . 2002-09-29 03:09 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2008-08-13 18:10 . 2002-09-29 03:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-08-13 18:10 . 2002-09-29 03:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-08-13 18:10 . 2002-09-29 03:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-08-13 18:10 . 2002-12-23 19:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-08-13 18:10 . 2002-09-29 03:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2008-08-13 16:40 . 2008-08-13 16:40 <DIR> d-------- C:\Program Files\NovaLogic 2008-08-13 11:21 . 2008-08-13 11:21 <DIR> d-------- C:\Program Files\America's Army Server Manager 2008-08-13 11:20 . 2008-08-24 03:55 <DIR> d-------- C:\Program Files\America's Army 2008-08-13 10:26 . 2008-08-13 10:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ubi.com 2008-08-12 16:53 . 2008-08-13 10:27 <DIR> d-------- C:\Program Files\ubi.com 2008-08-12 16:53 . 2008-08-12 16:53 <DIR> d-------- C:\Program Files\Common Files\PocketSoft 2008-08-12 16:53 . 2001-04-12 18:00 182,272 --a------ C:\WINDOWS\patchw32.dll 2008-08-11 23:53 . 2008-08-11 23:53 <DIR> d-------- C:\petos 2008-08-11 21:26 . 2008-08-11 21:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-08-11 21:13 . 2008-08-13 18:04 <DIR> d-------- C:\Program Files\Red Storm Entertainment 2008-08-11 15:07 . 2008-08-11 15:07 <DIR> d-------- C:\WINDOWS\Sun 2008-08-10 13:57 . 2008-08-10 14:04 730,065 --a------ C:\pb.dbg 2008-08-10 00:10 . 2008-08-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Mount&Blade 2008-08-10 00:08 . 2008-08-10 00:21 <DIR> d-------- C:\Program Files\Mount&Blade 2008-08-09 21:18 . 2008-08-09 21:18 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-09 02:54 . 2008-08-09 02:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech 2008-08-09 02:39 . 2008-08-09 02:39 <DIR> d-------- C:\NeverwinterNights 2008-08-09 02:23 . 2008-08-11 00:02 <DIR> d-------- C:\Program Files\Ground Control II 2008-08-08 23:56 . 2008-08-08 23:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-08-08 20:13 . 2008-08-08 20:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-08-08 19:21 . 2008-08-08 19:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo 2008-08-08 19:19 . 2008-08-08 19:19 <DIR> d-------- C:\Program Files\Ventrilo 2008-08-08 19:19 . 2008-08-16 18:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-08 19:13 . 2008-08-21 01:44 <DIR> d-------- C:\Program Files\Xfire 2008-08-08 19:13 . 2008-08-18 01:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xfire 2008-08-07 23:27 . 2008-08-07 23:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-07 23:27 . 2008-08-07 23:27 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-07 23:24 . 2008-08-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-06 22:44 . 2008-08-06 22:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NSeries 2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\Temp 2008-08-06 21:17 . 2008-08-06 21:17 <DIR> d-------- C:\Program Files\QuickTime 2008-08-06 21:05 . 2008-08-06 21:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation 2008-08-06 21:04 . 2008-08-06 21:17 <DIR> d-------- C:\Program Files\Xilisoft 2008-08-06 20:30 . 2008-08-06 20:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-08-06 20:23 . 2008-08-06 22:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-06 20:18 . 2008-08-06 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-08-06 20:17 . 2008-08-06 20:17 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-06 20:15 . 2008-08-06 20:15 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-06 20:10 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-06 20:03 . 2008-08-06 20:08 <DIR> d-------- C:\Program Files\SimpleCenter 2008-08-06 20:03 . 2008-08-06 20:03 <DIR> d-------- C:\Program Files\Common Files\i4j_jres 2008-08-06 19:59 . 2008-08-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-06 19:59 . 2008-08-07 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia 2008-08-06 19:58 . 2008-08-06 19:58 <DIR> d-------- C:\Program Files\DIFX 2008-08-06 19:57 . 2008-08-06 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite 2008-08-06 19:56 . 2008-08-06 19:56 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-06 19:56 . 2008-08-06 20:17 <DIR> d-------- C:\Program Files\Nokia 2008-08-06 19:56 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-08-06 19:56 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-06 19:56 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-06 19:56 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-08-06 19:56 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-08-06 19:56 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-08-06 03:26 . 2008-08-06 03:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-05 13:58 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-08-05 13:58 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2008-08-05 13:58 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2008-08-03 17:22 . 2008-08-03 17:22 <DIR> d-------- C:\Program Files\RivaTuner v2.09 2008-08-02 11:24 . 2008-08-03 19:56 <DIR> d-------- C:\Program Files\OpenAL 2008-08-02 11:15 . 2008-08-02 11:15 <DIR> d-------- C:\Program Files\Bohemia Interactive 2008-08-02 03:30 . 2008-08-02 03:30 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-02 03:29 . 2008-08-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-02 03:16 . 2008-08-02 03:16 <DIR> d-------- C:\Program Files\THQ 2008-08-02 02:49 . 2008-08-02 03:01 <DIR> d-------- C:\Program Files\HiTilesAF 2008-08-02 02:41 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\system32\pw32a.dll 2008-08-02 02:41 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\pw32a.dll 2008-08-02 02:41 . 2005-09-14 09:25 28 --a------ C:\WINDOWS\system32\copytowin.bat 2008-08-02 02:29 . 2008-08-02 02:29 <DIR> d-------- C:\Program Files\Lead Pursuit 2008-08-01 15:09 . 2008-08-23 21:10 <DIR> d-------- C:\Program Files\mIRC 2008-08-01 15:09 . 2008-08-24 01:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 14:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager 2008-08-27 07:01 14,877,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-26 22:55 137,312 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-26 22:53 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-26 20:02 --------- d-----w C:\Program Files\Steam 2008-08-26 19:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-08-25 23:58 100,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-25 17:43 2,431,488 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-08-23 12:33 --------- d-----w C:\Program Files\BlackBean 2008-08-22 23:00 3,576,832 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-08-22 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-19 16:43 2,384,384 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-08-18 20:30 2,378,240 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-08-18 17:51 2,377,728 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-08-17 19:00 2,362,880 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-08-17 19:00 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-08-17 18:53 2,363,904 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2008-08-16 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-08-16 13:30 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-08-16 13:30 2,306,560 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-08-15 12:55 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-08-14 21:55 220,160 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-08-14 21:55 2,302,464 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-08-14 17:07 --------- d-----w C:\Program Files\Electronic Arts 2008-08-13 17:06 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-08-13 15:15 --------- d-----w C:\Program Files\Ubisoft 2008-08-11 15:54 218,624 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp 2008-08-10 19:02 2,116,608 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-08-10 12:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-08-10 11:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2008-08-10 10:56 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-08-07 19:36 2,013,696 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-08-07 19:36 1,244,160 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-08-07 19:11 2,011,136 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-08-06 14:34 1,920,000 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-08-03 17:04 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-08-03 17:04 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-08-01 22:51 --------- d-----w C:\Program Files\Free Download Manager 2008-08-01 12:27 --------- d-----w C:\Program Files\RegCleaner 2008-07-23 21:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-07-23 20:39 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-23 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-07-23 16:53 1,687,040 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-07-23 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-07-23 09:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-07-23 09:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-23 09:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailFrontier 2008-07-22 21:31 --------- d-----w C:\Program Files\Zone Labs 2008-07-22 19:48 --------- d-----w C:\Program Files\Windows Live 2008-07-22 19:37 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-22 19:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-22 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-22 19:21 --------- d-----w C:\Program Files\Realtek AC97 2008-07-22 18:39 --------- d-----w C:\Program Files\AMD 2008-07-22 18:26 --------- d-----w C:\Program Files\Java 2008-07-22 18:16 --------- d-----w C:\Program Files\Software Informer 2008-07-22 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG 2008-07-22 18:05 --------- d-----w C:\Program Files\uTorrent 2008-07-22 14:46 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-07-22 14:46 --------- d-----w C:\Program Files\Common Files\Java 2008-07-22 14:45 --------- d-----w C:\Program Files\Skype 2008-07-22 14:45 --------- d-----w C:\Program Files\NaturalPoint 2008-07-22 14:45 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-22 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-07-22 09:54 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-09 03:35 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 03:35 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll . ------- Sigcheck ------- 2006-05-30 10:28 1289728 cca49b59735bb6efe1f22ac414ff4041 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 09:04 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 08:36 77824] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 06:35 919016] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 11:31 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] --a------ 2006-03-20 22:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2006-05-30 10:28 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 09:04 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-16 11:31 13529088 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-16 11:31 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] --a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-07-23 00:54 1271032 C:\Program Files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 01:57 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-16 11:31 1630208 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2006-11-17 03:12 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NOD32FiXTemDono"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= R3 NPUSB;NPUSB;C:\WINDOWS\system32\DRIVERS\npusb.sys [2007-03-23 16:21] S3 jfdcd;jfdcd;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfdcd.sys [] S4 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-05-30 10:28] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qdkzg1cm.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 17:13:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-27 17:14:11 ComboFix-quarantined-files.txt 2008-08-27 14:14:09 Pre-Run: 66,429,980,672 bytes free Post-Run: 66,743,640,064 bytes free 295 --- E O F --- 2008-08-14 21:55:20 Malwarebytes' Anti-Malware 1.25 Database version: 1088 Windows 5.1.2600 Service Pack 2 18:26:26 27.8.2008 mbam-log-08-27-2008 (18-26-26).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 144101 Time elapsed: 43 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) SDFix: Version 1.219 Run by Administrator on ke 27.08.2008 at 18:32 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Administrator\Desktop\SDFix Checking Services : AUTOEXEC.NT Restored from backups Config.nt Restored from backups Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 18:41:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg" Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg" Sat 5 Jul 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe" Wed 23 Jul 2008 64,354,496 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\94.24_forceware_winxp_international_whql.exe" Sun 24 Aug 2008 2,045,693,512 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\AA283FullInstaller_SeeMePlayMe.exe" Wed 23 Jul 2008 385,524,406 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_update_1.40.exe" Wed 23 Jul 2008 185,192,855 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_incremental_update_1.401.50.exe" Wed 23 Jul 2008 185,192,855 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\bf2142_incremental_update_1.401.50(2).exe" Sat 2 Aug 2008 509,996,350 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\ffur_2007_1.0_installation.exe" Tue 22 Jul 2008 26,062,330 A..H. --- "C:\Documents and Settings\Administrator\My Documents\Downloads\WDM_R199.exe" Wed 6 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 22 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT4.tmp" Tue 22 Jul 2008 9,597,926 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ef77232e6f7faea77bfc1ae4b57d4af\download\BIT76.tmp" Tue 22 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\588786e399909bbe558853aada5a75c8\download\BIT81.tmp" Finished! JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Aug 27 18:53:11 2008 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.
Ja hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:21:01, on 27.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4274 bytes
MOro. On mulla ne ne oli vaa disabloituna. No toimii ihan hyvin mut esim mozillan avaaminen kestää edelleen. Start up ehkä hieman parantunut. Mikäköhän tossa Mozillassa oikein on?
Nyt löysin missä vika. Mozillassa oli asennettuna chatzilla eli mircciä vastaava ohjelma. Ja minulla on myös Mirc käytössä. Tuon Chatzillan kun poisti , kaikki alko toimii ku unelma. Kiitos muuten neuvoista.
