ongelmia ohjelmien kanssa HJT logi

ongelmia ohjelmien kanssa kaatuilee milloin sattuu..tuossa hjt logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:13, on 31.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\mika\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
C:\Program Files (x86)\PowerArchiver\POWERARC.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [winafx.exe] C:\Users\mika\AppData\Local\Temp\winafx.exe
O4 - HKCU\..\Run: [settings] C:\Windows\callsysnt.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMcdCVL.dll,#1
O4 - HKCU\..\Run: [Google Update] "C:\Users\mika\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\Windows\system32\inf\rundll33.exe C:\Windows\xccdf16_090123a.dll xccd16
O4 - HKCU\..\Policies\Explorer\Run: [settings] C:\Windows\callsysnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: crypt - C:\Windows\SYSTEM32\crypts.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9063 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

tuossa logi


Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1713
Windows 6.0.6001 Service Pack 1

1.2.2009 22:15:57
mbam-log-2009-02-01 (22-15-57).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 184991
Kulunut aika: 38 minute(s), 11 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 24

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\aiqnrk.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\rgbqlqg.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\wweka.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\eMule\Uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59S49SDP\aasuper2[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59S49SDP\syurof[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59S49SDP\ziftpd[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARGHDWHY\aasuper0[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARGHDWHY\aasuper3[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARGHDWHY\yetlee[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLY5U6KR\mscpmmn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLY5U6KR\qjnxuvis[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1GJ8BO6\yeofzmq[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Users\mika\Downloads\Microsoft - Office XP PRO - FIN\Windows.XP.Keygenerator.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\crypts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\crypts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\inf\xccefb090123.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\xccdf16_090123a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\xccdf32_090123a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\system\xccef090123.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\System32\inf\xccdfb16_090123.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mika\AppData\Local\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

===============

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)