Kadonnut Tehtävienhallinta yms, tässä hjt logi?

joecool2 · 22.08.2006

Minulta katosi ainakin XP:n Tehtävienhallinta (Taskbar?) Lisäksi Ad-Aware näyttää eikä onnistu poistamaan look2me ja guard.tmp

Tässä tämä lyhyehkö hjt-logi, jos joku asiantuntija saisi vähän tolkkua, omat konstit ovat nyt lopussa, suuret kiitokset jo etukäteen! Niin, ja päivitän SP2 HETI kun saan nuo madot pois, sitä ennenhän sitä ei kai voi/kannata päivittää

Logfile of HijackThis v1.99.1
Scan saved at 23:55:10, on 22.8.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\F-Secure\BackWeb\BackWeb\Program\ServiceWrapper.exe
C:\Program Files\F-Secure\Common\FSAA.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\PROGRA~1\F-Secure\BackWeb\BackWeb\Program\BackWeb.exe
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\acoustic.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\{DC44AD07-0CC0-1035-0722-050405250166}\Update.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Data\download\virus\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TBTray] acoustic.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153260908671
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\p4n80e5ueh.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BackWeb Client - Unknown owner - C:\Program Files\F-Secure\BackWeb\BackWeb\Program\ServiceWrapper.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

AfterDawn

blade81 · 23.08.2006

Ennen siivouksen aloitusta täytyy Spybotin TeaTimer ottaa pois päältä. Seuraavassa ohjetta siihen:

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

Tämän jälkeen aloitetaan korjailut.

1. Lataa combofix.exe tiedosto (http://download.bleepingcomputer.com/sUBs/combofix.exe) työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! [bold]Älä klikkaile[/bold] combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

joecool2 · 23.08.2006

Kiitos, tämä tulee tapahtumaan jo tänä iltana. Yksi kysymys - olisiko parempi pitää tuo PC korjailun ajan irti netistä ja ladata korjailutiedsto(t) toisella koneella ja siirtää muistitikulla?

blade81 · 23.08.2006

Jos näin on mahdollista tehdä, niin mikä ettei.

joecool2 · 23.08.2006

Tässä tämä combofixin pitkä raportti. Ko. ajon jälkeen tehtävienhallinta tuntuu taas toimivan ja Ad-Aware ei enää herjaa noista. Ainoat jotka se löytää ovat 2kpl "MRU list" list of recently opened documents. Nopea johtopäätös siis olisi, että systeemi on nyt puhdistettu??? Vai vieläkö viilataan jotain?

Suuret kiitokset jo tässä vaiheessa Blade81:lle !

Yrj” - 06-08-24 1:19:16,43
ComboFix 06.08.24 - Running from: C:\Documents and Settings\Yrj”\Ty”p”yt„

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{F8EA8883-174F-4629-8E87-7D9D0CEA1ADE}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{F8EA8883-174F-4629-8E87-7D9D0CEA1ADE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8EA8883-174F-4629-8E87-7D9D0CEA1ADE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8EA8883-174F-4629-8E87-7D9D0CEA1ADE}\InprocServer32]
@="C:\\WINDOWS\\system32\\zwpfldr.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{59037283-D56D-4A56-899C-BFDC42679225}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59037283-D56D-4A56-899C-BFDC42679225}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59037283-D56D-4A56-899C-BFDC42679225}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59037283-D56D-4A56-899C-BFDC42679225}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0BB32180-59D9-45A9-BB8B-07C3261576CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0BB32180-59D9-45A9-BB8B-07C3261576CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0BB32180-59D9-45A9-BB8B-07C3261576CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0BB32180-59D9-45A9-BB8B-07C3261576CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4C7D57EA-79BC-4251-8BF9-23730728D97A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C7D57EA-79BC-4251-8BF9-23730728D97A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C7D57EA-79BC-4251-8BF9-23730728D97A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C7D57EA-79BC-4251-8BF9-23730728D97A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{1D50EB94-838E-452D-818A-6B3BDBFBF567}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D50EB94-838E-452D-818A-6B3BDBFBF567}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D50EB94-838E-452D-818A-6B3BDBFBF567}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D50EB94-838E-452D-818A-6B3BDBFBF567}\InprocServer32]
@="C:\\WINDOWS\\system32\\oubcconf.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{AEF052A2-B4E0-487E-BDE1-0B146D37B19D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEF052A2-B4E0-487E-BDE1-0B146D37B19D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEF052A2-B4E0-487E-BDE1-0B146D37B19D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEF052A2-B4E0-487E-BDE1-0B146D37B19D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0EA27E89-771B-412E-9D6D-6D2CDD4A0DFD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0EA27E89-771B-412E-9D6D-6D2CDD4A0DFD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0EA27E89-771B-412E-9D6D-6D2CDD4A0DFD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0EA27E89-771B-412E-9D6D-6D2CDD4A0DFD}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcploc.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{65951F6A-8A27-4FCB-BDBF-F69328A963D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65951F6A-8A27-4FCB-BDBF-F69328A963D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65951F6A-8A27-4FCB-BDBF-F69328A963D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65951F6A-8A27-4FCB-BDBF-F69328A963D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A10A2C72-A4AE-4FD9-A43B-EBD66DF4F191}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A10A2C72-A4AE-4FD9-A43B-EBD66DF4F191}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A10A2C72-A4AE-4FD9-A43B-EBD66DF4F191}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A10A2C72-A4AE-4FD9-A43B-EBD66DF4F191}\InprocServer32]
@="C:\\WINDOWS\\system32\\sGmsrv.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

FILES REMOVED:

C:\WINDOWS\system32\enpol1731.dll
C:\WINDOWS\system32\ghedit.dll
C:\WINDOWS\system32\hwwhook.dll
C:\WINDOWS\system32\jtl6073se.dll
C:\WINDOWS\system32\kxdcz1.dll
C:\WINDOWS\system32\mkg4dmod.dll
C:\WINDOWS\system32\nbtfxperf.dll
C:\WINDOWS\system32\ome2.dll
C:\WINDOWS\system32\oubcconf.dll
C:\WINDOWS\system32\sGmsrv.dll
C:\WINDOWS\system32\sji_ci.dll
C:\WINDOWS\system32\wkadss.dll

Granting sedebugprivilege to Järjestelmänvalvojat ... successful

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\dfndrff_7.exe
C:\kybrdff_7.exe
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winlog.exe
C:\Program Files\outlook
C:\Program Files\Common Files\{DC44AD07-0CC0-1035-0722-050405250166}

((((((((((((((((((((((((((((((( Files Created from 2006-07-24 to 2006-08-24 ))))))))))))))))))))))))))))))))))

2006-08-01 23:49 61,952 --a------ C:\WINDOWS\system32\caa7035e.dll
2006-08-01 23:49 1,167 --a------ C:\WINDOWS\system32\caa7035e.sys
2006-08-01 23:46 0 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-08-01 23:43 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2006-08-01 23:43 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-08-01 23:43 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-08-01 00:13 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-07-31 00:25 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2006-07-31 00:17 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-07-31 00:17 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2006-07-31 00:17 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2006-07-31 00:17 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2006-07-31 00:17 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2006-07-31 00:17 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2006-07-31 00:17 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2006-07-31 00:17 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2006-07-30 23:29 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-07-30 23:29 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-07-30 23:29 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-07-30 23:29 68,096 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-07-30 23:29 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-07-30 23:29 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-07-30 23:29 53,248 --a------ C:\WINDOWS\system32\devenum.dll
2006-07-30 23:29 524,800 --a------ C:\WINDOWS\system32\qedit.dll
2006-07-30 23:29 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-07-30 23:29 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-07-30 23:29 394,240 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-07-30 23:29 382,976 --a------ C:\WINDOWS\system32\qdvd.dll
2006-07-30 23:29 377,856 --a------ C:\WINDOWS\system32\dpnet.dll
2006-07-30 23:29 363,520 --a------ C:\WINDOWS\system32\dsound.dll
2006-07-30 23:29 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-07-30 23:29 276,480 --a------ C:\WINDOWS\system32\qdv.dll
2006-07-30 23:29 265,728 --a------ C:\WINDOWS\system32\ddraw.dll
2006-07-30 23:29 258,424 --a------ C:\WINDOWS\system32\qasf.dll
2006-07-30 23:29 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-07-30 23:29 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-07-30 23:29 22,016 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-07-30 23:29 203,264 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-07-30 23:29 194,560 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-07-30 23:29 177,152 --a------ C:\WINDOWS\system32\qcap.dll
2006-07-30 23:29 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-07-30 23:29 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-07-30 23:29 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-07-30 23:29 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-07-30 23:29 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-07-30 23:29 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-07-30 23:29 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-07-30 23:29 1,689,600 --a------ C:\WINDOWS\system32\d3d9.dll
2006-07-30 23:29 1,246,208 --a------ C:\WINDOWS\system32\quartz.dll
2006-07-30 23:29 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-07-30 23:29 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-07-30 23:29 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-07-30 23:28 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-07-30 23:28 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-07-30 23:28 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-07-30 23:28 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-07-30 23:28 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-07-30 23:28 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-07-30 23:28 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-07-30 23:28 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-07-30 23:28 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-07-30 23:28 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-07-30 23:28 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-07-30 23:28 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-07-30 23:28 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-07-30 23:28 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-07-30 23:28 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-07-30 23:28 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-07-30 23:28 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-07-30 23:28 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-07-30 23:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-07-30 23:28 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-07-30 23:28 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-07-30 23:28 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-07-30 23:28 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-07-30 23:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-07-30 22:19 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-07-30 22:19 439,296 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-07-30 22:19 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-07-30 22:18 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-07-30 22:08 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-07-28 00:21 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-07-28 00:21 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-07-28 00:21 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-07-28 00:21 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-07-28 00:21 5,033,984 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-07-28 00:21 413,696 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-07-28 00:21 41,984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-07-28 00:21 286,720 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-07-28 00:21 282,624 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-07-28 00:21 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-07-28 00:21 258,048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-07-28 00:21 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-07-28 00:21 2,693,280 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-07-28 00:21 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-07-28 00:21 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-07-28 00:21 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-07-28 00:21 1,408,000 --a------ C:\WINDOWS\system32\ativvaxx.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-24 01:21 -------- d-------- C:\Program Files\Common Files
2006-08-02 00:20 -------- d-------- C:\Program Files\Common Files\zruo
2006-08-01 23:49 5167 --a------ C:\Documents and Settings\Yrj”\Application Data\Cabos.plist
2006-08-01 23:47 -------- d-------- C:\Program Files\Google
2006-08-01 23:43 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-01 23:43 -------- d-------- C:\Program Files\CyberLink
2006-08-01 23:05 -------- d-------- C:\Program Files\Zoom Player
2006-08-01 00:10 -------- d-------- C:\Program Files\WinZip
2006-07-31 23:56 -------- d-------- C:\Program Files\CrackApp
2006-07-31 23:10 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\InterVideo
2006-07-31 01:12 -------- d-------- C:\Program Files\DirectVobSub
2006-07-31 01:12 -------- d-------- C:\Program Files\Core AAC Decoder
2006-07-31 00:32 -------- d-------- C:\Program Files\Java
2006-07-31 00:25 -------- d-------- C:\Program Files\QuickTime
2006-07-31 00:23 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\Real
2006-07-31 00:21 -------- d-------- C:\Program Files\Real
2006-07-31 00:21 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-31 00:21 -------- d-------- C:\Program Files\Common Files\Real
2006-07-31 00:19 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-07-31 00:17 -------- d-------- C:\Program Files\InterVideo
2006-07-31 00:17 -------- d-------- C:\Program Files\InterActual
2006-07-31 00:17 -------- d-------- C:\Program Files\Creative
2006-07-30 22:26 -------- d-------- C:\Program Files\Windows Media Player
2006-07-30 22:26 -------- d-------- C:\Program Files\Outlook Express
2006-07-30 22:26 -------- d-------- C:\Program Files\Common Files\System
2006-07-30 22:19 -------- d-------- C:\Program Files\NetMeeting
2006-07-30 22:19 -------- d-------- C:\Program Files\Messenger
2006-07-28 00:21 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-07-28 00:21 1540608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-07-21 22:21 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\CyberLink
2006-07-20 00:46 -------- d---s---- C:\Documents and Settings\Yrj”\Application Data\Microsoft
2006-07-20 00:46 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-20 00:41 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\ATI
2006-07-20 00:39 -------- d-------- C:\Program Files\My Company Name
2006-07-20 00:39 -------- d-------- C:\Program Files\Common Files\ATI Technologies
2006-07-20 00:37 -------- d-------- C:\Program Files\ATI Technologies
2006-07-20 00:33 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\Lavasoft
2006-07-20 00:32 -------- d-------- C:\Program Files\Lavasoft
2006-07-19 23:15 -------- d-------- C:\Program Files\WinTV
2006-07-19 21:48 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\Macromedia
2006-07-19 21:23 -------- d-------- C:\Program Files\F-Secure
2006-07-19 00:21 45056 --a------ C:\WINDOWS\NCUNINST.EXE
2006-07-19 00:20 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-07-19 00:20 -------- d-------- C:\Program Files\Belkin
2006-07-18 22:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-18 22:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-18 22:48 62 --ahs---- C:\Documents and Settings\Yrj”\Application Data\desktop.ini
2006-07-18 22:06 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-18 22:06 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\Identities
2006-07-18 21:59 -------- d-------- C:\Program Files\xerox
2006-07-18 21:59 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-18 21:58 -------- d-------- C:\Program Files\Internet Explorer
2006-07-18 21:58 -------- d-------- C:\Documents and Settings\Yrj”\Application Data\Sun
2006-07-18 21:57 -------- d-------- C:\Program Files\Common Files\Java
2006-07-18 21:56 0 -rahs---- C:\MSDOS.SYS
2006-07-18 21:56 0 -rahs---- C:\IO.SYS
2006-07-18 21:56 0 --a------ C:\CONFIG.SYS
2006-07-18 21:56 0 --a------ C:\AUTOEXEC.BAT
2006-07-18 21:56 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-18 21:55 -------- d-------- C:\Program Files\Online Services
2006-07-18 21:55 -------- d-------- C:\Program Files\Movie Maker
2006-07-18 21:55 -------- d-------- C:\Program Files\Common Files\Services
2006-07-18 21:55 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-18 21:54 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-18 21:54 -------- d-------- C:\Program Files\Windows NT
2006-07-18 21:54 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-18 21:54 -------- d-------- C:\Program Files\MSN
2006-07-18 21:54 -------- d-------- C:\Program Files\ComPlus Applications

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"SystemTray"="SysTray.Exe"
"TBTray"="acoustic.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Driver32"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Completion time: Thu 24.08.2006 1:21:15.03
ComboFix.txt

blade81 · 24.08.2006

Hienoa, että alkaa vaikuttaa. Laita vielä tuore hjt-loki, niin katsotaan sekin samalla.

joecool2 · 24.08.2006

Tässäpä tämä tuore hjt-loki:

Spy-bot näyttää jonkun Command Servicen, ei muuta...

Logfile of HijackThis v1.99.1
Scan saved at 22:30:05, on 24.8.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\F-Secure\BackWeb\BackWeb\Program\ServiceWrapper.exe
C:\Program Files\F-Secure\Common\FSAA.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\PROGRA~1\F-Secure\BackWeb\BackWeb\Program\BackWeb.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\acoustic.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Data\download\virus\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TBTray] acoustic.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153260908671
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BackWeb Client - Unknown owner - C:\Program Files\F-Secure\BackWeb\BackWeb\Program\ServiceWrapper.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Kirjaudu tai liity jäseneksi

Kadonnut Tehtävienhallinta yms, tässä hjt logi?

joecool2 Member

blade81 Active member

joecool2 Member

blade81 Active member

joecool2 Member

blade81 Active member

joecool2 Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Kadonnut Tehtävienhallinta yms, tässä hjt logi?

joecool2 Member

blade81 Active member

joecool2 Member

blade81 Active member

joecool2 Member

blade81 Active member

joecool2 Member

Jaa tämä sivu

Hyödyllisiä hakuja