b.exe ongelmia.

Jidi · 20.10.2009

Elikkäs prosessi b.exe näyttää aina ajoittain käynnistyvän päälle itsestään ja kyselevän lupaa verkkoon. En tiedä mistä moinen on koneelle tullut ja olen yrittänyt poistaa ongelmaa mutta tuloksetta. Ajattelin jos joku viitsisi ystävällisesti tarkistaa HJT-login.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:17, on 20.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Opera7\Opera.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - F:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [µTorrent] "E:\Ladatut\Netistä\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "E:\Ladatut\Netistä\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PopRock] F:\DOCUME~1\Matti\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Patches Value] WinGasys.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsRegKey%$ update] msi332.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [System Service] systems.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2.0 Driver] 386.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [System Service] systems.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Update Machine] wuagrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [System Service] systems.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Update Machine] wuagrd.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: System Service (a7) - Unknown owner - F:\WINDOWS\System32\systems.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - c:\VIRUST~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - c:\virustorjunta\BackWeb\7681197\Program\fsbwlan.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Win32 USB2.0 Driver - Unknown owner - F:\WINDOWS\System32\386.exe (file missing)

--
End of file - 7265 bytes

AfterDawn

kalminen · 21.10.2009

Onpa pahiksia !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

----------------------------------------------------------------------------------

* Lähetä lokin sisältö seuraavassa viestissäsi
+ uusi hjt-loki.
.

Jidi · 21.10.2009

mbam-logi:

Malwarebytes' Anti-Malware 1.41
Tietokantaversio: 2991
Windows 5.1.2600 Service Pack 2

21.10.2009 19:11:45
mbam-log-2009-10-21 (19-11-45).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|K:\|L:\|M:\|)
Tarkistetut kohteet: 176315
Kulunut aika: 1 hour(s), 26 minute(s), 31 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 3
Saastuneita tiedostoja: 6

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
F:\Documents and Settings\Matti\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
F:\Documents and Settings\Matti\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
F:\Program Files\Common Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Pelit\Rollercoast Tycoon 3\rld-rct3kg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{E1832ED4-D2CA-4B62-8106-0E789FF71115}\RP1099\A0361183.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Matti\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
F:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Matti\Local Settings\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.

HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:19, on 21.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - F:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [µTorrent] "E:\Ladatut\Netistä\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "E:\Ladatut\Netistä\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Patches Value] WinGasys.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsRegKey%$ update] msi332.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [System Service] systems.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2.0 Driver] 386.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [System Service] systems.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Update Machine] wuagrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [System Service] systems.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Update Machine] wuagrd.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: System Service (a7) - Unknown owner - F:\WINDOWS\System32\systems.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - c:\VIRUST~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - c:\virustorjunta\BackWeb\7681197\Program\fsbwlan.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Win32 USB2.0 Driver - Unknown owner - F:\WINDOWS\System32\386.exe (file missing)

--
End of file - 7232 bytes

kalminen · 21.10.2009

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

AskSearch
DefaultSearchHoo

---------------------------------------------------------------------------------

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

-------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - F:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [µTorrent] "E:\Ladatut\Netistä\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "E:\Ladatut\Netistä\utorrent.exe"

sekä sammuta ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Poista kansio/t, jos löytyy:
F:\Program Files\AskSearch\

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* C:\ComboFix.txt raportti
*
*

Jidi · 22.10.2009

HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:55, on 22.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: System Service (a7) - Unknown owner - F:\WINDOWS\System32\systems.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - c:\VIRUST~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - c:\virustorjunta\BackWeb\7681197\Program\fsbwlan.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Win32 USB2.0 Driver - Unknown owner - F:\WINDOWS\System32\386.exe (file missing)

--
End of file - 5263 bytes

ComboFix-logi:

ComboFix 09-10-20.03 - Matti 22.10.2009 16:13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.319.138 [GMT 3:00]
Sijainti: f:\documents and settings\Matti\Työpöytä\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Matti\ResErrors.log
f:\program files\AskSearch\bin\DefaultSearch.dll
f:\windows\system32\dumphive.exe
f:\windows\system32\Process.exe
f:\windows\system32\SrchSTS.exe
f:\windows\system32\tmp.reg
f:\windows\system32\VCCLSID.exe
f:\windows\system32\WS2Fix.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-09-22 to 2009-10-22 )))))))))))))))))
.

2009-10-21 14:36 . 2009-10-21 14:36 -------- d-----w- f:\documents and settings\Matti\Application Data\Malwarebytes
2009-10-21 14:36 . 2009-09-10 11:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 14:36 . 2009-10-21 14:36 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-10-21 14:36 . 2009-10-21 14:36 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 14:36 . 2009-09-10 11:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-10-20 19:15 . 2009-10-20 19:15 -------- d-----w- f:\program files\Trend Micro
2009-10-20 16:16 . 2009-10-20 16:16 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 16:15 . 2009-10-20 16:16 -------- d-----w- f:\program files\SUPERAntiSpyware
2009-10-20 16:15 . 2009-10-20 16:15 -------- d-----w- f:\documents and settings\Matti\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 13:10 . 2005-01-02 19:56 -------- d-----w- f:\program files\Opera7
2009-10-22 12:40 . 2007-06-01 14:27 -------- d-----w- f:\documents and settings\Matti\Application Data\uTorrent
2009-10-21 17:29 . 2007-05-29 14:32 -------- d-----w- f:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-10-20 16:14 . 2004-09-02 15:40 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard
2009-09-25 05:58 . 2004-01-16 04:59 662016 ----a-w- f:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-09-14 23:11 81920 ------w- f:\windows\system32\ieencode.dll
2009-09-16 14:04 . 2008-12-12 11:19 -------- d-----w- f:\program files\GrandBilliards
2009-09-16 13:13 . 2004-05-13 18:45 48176 -c--a-w- f:\documents and settings\Matti\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 13:02 . 2009-09-16 13:02 -------- d-----w- f:\program files\Microsoft
2009-09-16 13:02 . 2009-09-16 13:01 -------- d-----w- f:\program files\Windows Live
2009-09-16 13:02 . 2009-09-16 13:02 -------- d-----w- f:\program files\Windows Live SkyDrive
2009-09-16 12:43 . 2009-09-16 12:43 -------- d-----w- f:\program files\Common Files\Windows Live
2009-09-15 19:45 . 2009-09-15 19:45 -------- d-----w- f:\program files\Veetle
2009-09-11 14:35 . 2001-10-09 12:00 133632 ----a-w- f:\windows\system32\msv1_0.dll
2009-09-09 16:07 . 2009-09-09 16:07 45 ----a-w- f:\documents and settings\Matti\jagex_runescape_preferences2.dat
2009-09-09 16:07 . 2009-09-09 16:06 37 ----a-w- f:\documents and settings\Matti\jagex_runescape_preferences.dat
2009-09-04 20:46 . 2001-10-09 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll
2009-08-29 10:41 . 2009-08-29 10:41 -------- d-----w- f:\program files\YM
2009-08-26 08:15 . 2001-10-09 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll
2009-08-06 16:24 . 2004-09-01 18:50 327896 ----a-w- f:\windows\system32\wucltui.dll
2009-08-06 16:24 . 2004-09-01 18:50 209632 ----a-w- f:\windows\system32\wuweb.dll
2009-08-06 16:24 . 2005-05-26 01:16 44768 ----a-w- f:\windows\system32\wups2.dll
2009-08-06 16:24 . 2004-09-01 18:50 35552 ----a-w- f:\windows\system32\wups.dll
2009-08-06 16:24 . 2004-02-16 15:54 53472 ----a-w- f:\windows\system32\wuauclt.exe
2009-08-06 16:24 . 2001-10-09 12:00 96480 ----a-w- f:\windows\system32\cdm.dll
2009-08-06 16:23 . 2004-09-01 18:50 575704 ----a-w- f:\windows\system32\wuapi.dll
2009-08-06 16:23 . 2009-09-17 12:39 274288 ----a-w- f:\windows\system32\mucltui.dll
2009-08-06 16:23 . 2009-09-17 12:39 215920 ----a-w- f:\windows\system32\muweb.dll
2009-08-06 16:23 . 2004-02-16 15:54 1929952 ----a-w- f:\windows\system32\wuaueng.dll
2009-08-05 09:06 . 2004-02-17 16:32 204800 ----a-w- f:\windows\system32\mswebdvd.dll
2009-08-04 17:05 . 2001-10-05 15:49 2060032 ----a-w- f:\windows\system32\ntkrnlpa.exe
2009-08-04 17:05 . 2001-10-09 12:00 2182656 ----a-w- f:\windows\system32\ntoskrnl.exe
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- f:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"µTorrent"="e:\ladatut\Netistä\utorrent.exe" [2009-07-19 288048]
"uTorrent"="e:\ladatut\Netistä\utorrent.exe" [2009-07-19 288048]
"SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="f:\windows\System32\NvMcTray.dll" [2004-03-24 46080]
"SunJavaUpdateSched"="f:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools-1033"="f:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"avgnt"="f:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-01 185632]
"SmcService"="f:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"ISUSPM Startup"="f:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="f:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Tweak UI"="TWEAKUI.CPL" - f:\windows\system32\tweakui.cpl [2003-03-25 106544]
"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2004-03-24 782336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2004-09-14 15360]

f:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
AutoCAD Startup Accelerator.lnk - f:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\DC++\\DCPlusPlus.exe"=
"e:\\Ladatut\\Netistä\\utorrent.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R1 SSHDRV65;SSHDRV65;f:\windows\system32\drivers\SSHDRV65.sys [5.7.2004 19:09 120320]
R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 a7;System Service;"f:\windows\System32\systems.exe" -netsvcs --> f:\windows\System32\systems.exe [?]
S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\virust~1\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\virust~1\BackWeb\7681197\Program\SERVIC~1.EXE [?]
S2 Win32 USB2.0 Driver;Win32 USB2.0 Driver;"f:\windows\System32\386.exe" -netsvcs --> f:\windows\System32\386.exe [?]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-08-29 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-10-22 f:\windows\Tasks\WGASetup.job
- f:\windows\system32\KB905474\wgasetup.exe [2009-04-29 19:18]
.
.
------- Täydentävä tarkistus -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - f:\documents and settings\Matti\Application Data\Mozilla\Firefox\Profiles\fw21xgcg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: f:\documents and settings\Matti\Application Data\Mozilla\Firefox\Profiles\fw21xgcg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: f:\program files\Veetle\Player\npvlc.dll
FF - plugin: f:\program files\Veetle\plugins\npVeetle.dll
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-Skype - f:\program files\Skype\Phone\Skype.exe
HKU-Default-Run-WindowsRegKeys update - winsysi.exe
HKU-Default-Run-Windows Service Pack2 - svchhost.exe
HKU-Default-Run-Patches Value - WinGasys.exe
HKU-Default-Run-WindowsRegKey%$ update - msi332.exe
HKU-Default-Run-System Service - systems.exe
HKU-Default-Run-Win32 USB2.0 Driver - 386.exe
HKU-Default-RunOnce-System Service - systems.exe
HKU-Default-RunOnce-Win32 USB2.0 Driver - 386.exe
HKU-Default-RunServices-Microsoft Update Machine - wuagrd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 16:19
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-507921405-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21A808E4-32E7-4D40-3CAB-DBEBDB9A0EB4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abobailfjbhbfjgcbdhanaincanmahmjoj"=hex:61,61,00,00
"bbobailfjbhbfjgcbdiagjgfnpegejdppbnj"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="F?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(480)
f:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Valmistumisajankohta: 2009-10-22 16:22
ComboFix-quarantined-files.txt 2009-10-22 13:21

Ennen ajoa: 131 661 824 tavua vapaana
Ajon jälkeen: 796 786 688 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E1E756854E617D013B9B9FBE51095217

kalminen · 22.10.2009

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 16.
jre-6u16-windows-i586-p.exe => 15.?? MB
Lataa työpöydälle ja sammuta kaikki selaimet ennen asennusta

---------------------------------------------------------------------------------------

Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
System Service (a7)
Win32 USB2.0 Driver

Tupla Klikkaa riviä.
valikossa muutat Käynnistystapa Ei käytössä. => Oikeasta alakulmasta Klikkaa käytä ja OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu . Poistu ohjelmasta.

----------------------------------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: System Service (a7) - Unknown owner - F:\WINDOWS\System32\systems.exe (file missing)
O23 - Service: Win32 USB2.0 Driver - Unknown owner - F:\WINDOWS\System32\386.exe (file missing)

sekä sammuta ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Vielä ongelmia ???
*

Jidi · 22.10.2009

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 22 20:45:39 2009

Found and removed: F:\Program Files\Java\j2re1.4.2_04

Found and removed: F:\Program Files\Java\jre1.6.0_02

Found and removed: F:\Program Files\Java\jre1.6.0_03

Found and removed: F:\Program Files\Java\jre1.6.0_05

Found and removed: F:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: F:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_04

Found and removed: Software\Classes\JavaPlugin.142_06

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410204

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410206

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

------------------------------------

Finished reporting.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:08, on 22.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - c:\VIRUST~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - c:\virustorjunta\BackWeb\7681197\Program\fsbwlan.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5149 bytes

Joo tuosta b.exestä pääsin eroon. Konekin toimii nopeammin kuin ennen.

kalminen · 22.10.2009

Oikein hyvä !!!
Puhdasta on.

.

Jidi · 22.10.2009

Jees, kiitoksia vain kovasti avusta! =)

Kirjaudu tai liity jäseneksi

b.exe ongelmia.

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

b.exe ongelmia.

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

kalminen Regular member

Jidi Member

Jaa tämä sivu

Hyödyllisiä hakuja