Ongelma HJT- ja OTL-logit, kone tökkii, selain sekoilee

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi olenpelle 25.11.2014.

  1. olenpelle

    olenpelle Member

    Otsikon mukaisesti koneeni on ruvennut välillä hidastelemaan oikein urakalla. Selaimessa on sellainen kummallisuus, että tökkimisen lisäksi YouTube vaihtaa itsestään videoa, ts. noin 10 sek katselemisen jälkeen video vaihtuu itsestään.

  3. olenpelle

    olenpelle Member

    Ja tässä vielä OTL-logi:

    OTL logfile created on: 25.11.2014 21:15:17 - Run 1
    OTL by OldTimer - Version Folder = A:\Tiedostot\Lataukset
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17420)
    Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
    7,69 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 73,06% Memory free
    15,37 Gb Paging File | 13,13 Gb Available in Paging File | 85,40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 223,47 Gb Total Space | 158,48 Gb Free Space | 70,92% Space Free | Partition Type: NTFS
    Drive K: | 48,83 Gb Total Space | 48,73 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
    Computer Name: JUHA-PC | User Name: Juha | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    SRV:64bit: - [2014.11.06 05:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013.08.07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013.05.11 17:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
    SRV:64bit: - [2013.05.11 17:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2012.10.02 14:41:44 | 000,240,584 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
    SRV - [2014.11.24 08:57:37 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014.11.12 14:09:03 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014.09.04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2014.02.01 15:14:48 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
    SRV - [2013.11.21 12:18:04 | 000,217,128 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Common\FNRB32.exe -- (F-Secure Network Request Broker)
    SRV - [2013.11.21 12:17:58 | 000,206,888 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE -- (FSMA)
    SRV - [2013.11.21 12:17:38 | 000,224,296 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32ST.exe -- (F-Secure Gatekeeper Handler Starter)
    SRV - [2013.11.21 12:17:26 | 000,853,032 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD)
    SRV - [2013.11.21 12:17:10 | 000,527,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe -- (fsdevcon)
    SRV - [2013.10.24 13:00:38 | 000,936,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe -- (asComSvc)
    SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013.09.03 16:52:56 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2013.09.03 16:52:14 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
    SRV - [2013.08.13 14:55:28 | 001,656,464 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe -- (AsusFanControlService)
    SRV - [2013.08.01 04:57:22 | 000,954,648 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe -- (asHmComSvc)
    SRV - [2013.05.24 08:07:38 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2013.05.23 07:56:34 | 001,688,336 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe -- (FastTrackProAudioDevMon)
    SRV - [2013.01.02 17:11:16 | 000,171,632 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
  4. Nanna_86

    Nanna_86 Active member

    Käynnistä uudelleen OTL.exe
    Kopioi ja Liitä alla oleva teksti, " Custom Scans/ Fixes tekstilaatikkoon ".

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{71155DD5-D9CE-4A45-B6A8-FCF76DA3ED6B}: "URL" ={B908CEE0-2FE3-4996-84F9-ACA39DCBEDF0}&k={searchTerms}
    FF:64bit: - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\ disabled File not found
    FF - HKLM\Software\MozillaPlugins\ disabled File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2FEBFB6B-B79D-4FB9-9A16-91F88911EC28} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    Paina " Run Fix " .
    Ja lähetä tulokset seuraavassa postissasi.
    Jos OTL haluaa käynnistää tietokoneen uudelleen, anna sen tehdä niin.

    Löytyy polusta:


    Lataa RogueKiller (64bit) tästä. / (32bit) tästä.
    • Kun lataus on valmis, käynnistä RogueKiller.exe
    • Anna ohjelman tehdä esitarkistus ja paina sitten Accept.
    • Valitse Scan, aloittaaksesi tarkistuksen.
    • Kun tarkistus on valmis, Poista löydetyt haitakkeet Delete - painikkeesta.
    Esitarkistus aloitetaan heti kun käynnistät roguekiller.exe'n. Se tarkistaa ja pysäyttää mahdolliset haitalliset prosessit, palvelut, ajurit. Se ei tässä vaiheessa vielä poista mitään.

    RogueKiller voi huomauttaa uudemmasta ohjelma versiosta ja pyytämään lataamaan sen.

    Normaali tarkistus ( Scan )
    Tarkistus käynnistyy kun käyttäjä painaa ( " Scan " ) painiketta.
    Se etsii mahdollisia ongelmia ( prosesseista, rekistereistä, käynnistettävistä sovelluksista, selaimista, tiedostoista jne. )

    Viimeksi muokattu: 25.11.2014
    olenpelle kiitti tästä.
  5. olenpelle

    olenpelle Member

    Moro, sori että kesti! Tein tuon OTL-fixin, tulos alla. Tuo RogueKiller sen sijaan ei toiminut, antamasi linkki ei avautunut joten latasin sen täältä. Olen kolmeen otteeseen yrittänyt avata tuon RogueKillerin ja joka kerta kone on jumittunut (hiiri ei liiku, kone ei reagoi mihinkään), jonka jälkeen olen joutunut buuttaamaan.

    OTL-tulos (toivottavasti se oikea):

    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71155DD5-D9CE-4A45-B6A8-FCF76DA3ED6B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71155DD5-D9CE-4A45-B6A8-FCF76DA3ED6B}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2FEBFB6B-B79D-4FB9-9A16-91F88911EC28} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FEBFB6B-B79D-4FB9-9A16-91F88911EC28}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== COMMANDS ==========
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Juha
    ->Temp folder emptied: 12275699 bytes
    ->Temporary Internet Files folder emptied: 7493 bytes
    ->Java cache emptied: 318259 bytes
    ->FireFox cache emptied: 369525538 bytes
    ->Flash cache emptied: 5748 bytes
    User: Public
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 441 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79384193 bytes
    RecycleBin emptied: 1229601886 bytes
    Total Files Cleaned = 1 613,00 mb
    User: All Users
    User: Default
    User: Default User
    User: Juha
    ->Java cache emptied: 0 bytes
    User: Public
    Total Java Files Cleaned = 0,00 mb
    User: All Users
    User: Default
    User: Default User
    User: Juha
    ->Flash cache emptied: 0 bytes
    User: Public
    Total Flash Files Cleaned = 0,00 mb
    OTL by OldTimer - Version log created on 12072014_134524

    Files\Folders moved on Reboot...
    C:\Users\Juha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Juha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Files\Folders moved on Reboot...
    C:\Users\Juha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Juha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Files\Folders moved on Reboot...
    C:\Users\Juha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Juha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  6. Nanna_86

    Nanna_86 Active member

    Monet virustorjunta ohjelmat luettelevat ohjelman haittaohjelmiin ja estävät käytön.
    Johtuuko ongelma sitten ohjelman nimestä niin en tiedä, mutta kun itse kun koitin käyttää sitä läppärillä , tuli myös vastaan samanlaatuinen ongelma.

    Lataa AdwCleaner tästä.
    • Sulje kaikki avoimet ohjelmat ja Internet-selain tarkistuksen ajaksi.
    • Tuplaklikkaa AdwCleaner.exe auki ja valitse " Scan ".
    • Kun tarkistus on valmis, Valitse " Clean ".
    • Tietokone käynnistyy automaattisesti ohjelman valmistuttua.
    • Käynnistyessään, Saat näkyviin lokitiedoston. Lähetä se seuraavassa viestissäsi.

    olenpelle kiitti tästä.
  7. olenpelle

    olenpelle Member

    Tattista, tuo toimi! Alla loki:

    # AdwCleaner v4.104 - Report created 07/12/2014 at 16:57:40
    # Updated 05/12/2014 by Xplode
    # Database : 2014-12-01.1 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Juha - JUHA-PC
    # Running from : A:\Tiedostot\Lataukset\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Deleted : C:\END
    File Deleted : C:\Users\Juha\AppData\Roaming\Mozilla\Firefox\Profiles\ztvsflfp.default\user.js

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420

    -\\ Mozilla Firefox v33.1.1 (x86 fi)


    AdwCleaner[R0].txt - [2594 octets] - [07/12/2014 16:56:33]
    AdwCleaner[S0].txt - [2449 octets] - [07/12/2014 16:57:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2509 octets] ##########

