Kone kaatuilee koko ajan, kova levy vaihdettu, formatoitu.

Elikkä tuossa pari vuotta sitten ostin koneen, siittä asti on ollut ongelmia, myyjä vaihtoi kovalevyn kun sekin oli rikki mennyt.

Nytten olen huomannut, että kun koneelle tulee minkäänlainen muu rasitus kuin Firefoxin avaaminen se kaatuu. Elikkä on jäänyt nettipokeritkin lyhyeen.

Kone sanoi tänään käynnistyksessä, että uudelleenkäynnistyksiä on tapahtunut usein, paina f2 setuppiin, tai menee automaattisesti biossiin, etc...

Kone on putsattu Ewidolla ja muitakin random softia on tullu ajettua, mutta mitään vakavempaa ei löydy! Tämäkin nyt on varmaan 5-7 kerta kun tänne ilmoitusta koneen ongelmistani pistän, niin rupee hermot vähän jo menemään.

Tuossa on HjT logi jos siittä mitään apua olis, vai soitanko kohteliaasti myyjälle, että rahat takasin kun kone ei vaan osaa toimia?

Logfile of HijackThis v1.99.1
Scan saved at 16:30:21, on 2.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PartyGaming\PartyGaming.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Muut\Työpöytä\ewido-setup_4.0.0.172c(2).exe
C:\Documents and Settings\Muut\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF5EFBE5-6A32-46F3-B199-C2BBDA0BC39D}: NameServer = 195.74.0.47 195.74.0.55
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Tällä kertaa olisi kiva saada jonkunlainen vastaus, kiitos!

 

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Muut - 06-10-06 7:32:26,12 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Muut\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{D444BB14-07CF-1035-0719-040409100166}


((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-06 07:31 8,192 --a------ C:\RestartIt!.exe
2006-10-06 07:31 5,249 --a------ C:\NTP.EXE
2006-10-06 07:31 42,496 --a------ C:\swreg.exe
2006-10-06 07:31 39,184 --a------ C:\Ntrights.exe
2006-10-06 07:31 31,232 --a------ C:\sc.exe
2006-10-06 07:31 26,112 --a------ C:\nircmd.exe
2006-10-06 07:31 181,776 --a------ C:\handle.exe
2006-09-26 16:26 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 07:32 -------- d-------- C:\Program Files\Common Files
2006-10-06 07:31 -------- d-------- C:\Program Files\LeechGet 2006
2006-10-06 07:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 07:19 -------- d-------- C:\Program Files\DC++
2006-10-05 20:43 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-10-02 16:35 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-02 14:38 -------- d-------- C:\Program Files\Magic Workstation
2006-09-27 17:43 -------- d-------- C:\Program Files\Titan Poker
2006-09-26 16:29 -------- d-------- C:\Program Files\Zone Labs
2006-09-22 15:26 -------- d-------- C:\Program Files\AC3File
2006-09-20 17:20 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 17:16 -------- d-------- C:\Program Files\Internet Explorer
2006-09-20 16:51 -------- d---s---- C:\Documents and Settings\Muut\Application Data\Microsoft
2006-09-20 16:50 -------- d-------- C:\Program Files\CCleaner
2006-09-09 22:11 -------- d-------- C:\Documents and Settings\Muut\Application Data\BSplayer Pro
2006-09-09 14:50 -------- d-------- C:\Program Files\PartyGaming
2006-09-07 18:21 -------- d-------- C:\Documents and Settings\Muut\Application Data\Ahead
2006-09-04 23:16 -------- d-------- C:\Documents and Settings\Muut\Application Data\Skype
2006-09-02 21:39 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-02 21:37 -------- d-------- C:\Program Files\Nero
2006-08-31 16:13 -------- d-------- C:\Documents and Settings\Muut\Application Data\vlc
2006-08-26 23:16 -------- d-------- C:\Program Files\mIRC
2006-08-25 14:38 -------- d-------- C:\Program Files\Webteh
2006-08-24 21:15 -------- d-------- C:\Program Files\VideoLAN
2006-08-21 22:15 -------- d-------- C:\Program Files\Skype
2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 14:55 -------- d-------- C:\Program Files\WinRAR
2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 12:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 20:39 -------- d-------- C:\Documents and Settings\Muut\Application Data\Macromedia
2006-08-17 15:02 -------- d-------- C:\Program Files\MSN Messenger
2006-08-17 15:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-17 07:28 -------- d-------- C:\Program Files\Messenger
2006-08-17 07:26 -------- d-------- C:\Program Files\Outlook Express
2006-08-17 07:26 -------- d-------- C:\Program Files\Common Files\System
2006-08-16 20:53 -------- d-------- C:\Program Files\Combined Community Codec Pack
2006-08-16 20:46 -------- d-------- C:\Program Files\C-Media 3D Audio
2006-08-16 16:51 -------- d-------- C:\Program Files\Yahoo!
2006-08-16 16:44 -------- d-------- C:\Program Files\Alwil Software
2006-08-16 16:42 -------- d-------- C:\Program Files\Wizards of the Coast
2006-08-16 12:51 -------- d-------- C:\Documents and Settings\Muut\Application Data\Mozilla
2006-08-16 12:35 -------- d-------- C:\Documents and Settings\Muut\Application Data\Identities
2006-08-16 09:21 -------- d-------- C:\Program Files\BitComet
2006-08-16 08:51 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-16 08:47 -------- d-------- C:\Program Files\xerox
2006-08-16 08:47 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-16 08:46 0 -rahs---- C:\MSDOS.SYS
2006-08-16 08:46 0 -rahs---- C:\IO.SYS
2006-08-16 08:46 0 --a------ C:\CONFIG.SYS
2006-08-16 08:46 0 --a------ C:\AUTOEXEC.BAT
2006-08-16 08:45 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-16 08:45 -------- d-------- C:\Program Files\Online Services
2006-08-16 08:44 -------- d-------- C:\Program Files\NetMeeting
2006-08-16 08:44 -------- d-------- C:\Program Files\Movie Maker
2006-08-16 08:44 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-16 08:44 -------- d-------- C:\Program Files\Common Files\Services
2006-08-16 08:44 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-16 08:43 -------- d-------- C:\Program Files\Windows NT
2006-08-16 08:43 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-16 01:58 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-16 01:57 62 --ahs---- C:\Documents and Settings\Muut\Application Data\desktop.ini
2006-08-16 01:57 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,aa,00,00,00,00,00,00,00,56,04,00,00,a2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,aa,00,00,00,00,00,00,00,56,04,00,00,a2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Fri 06.10.2006 7:33:20.48
ComboFix.txt

Kerran valitti, että joku c\Commonfiles\... Infected.

 

Jep, ei siinä mitään ihmeempää.
Jos viitsisit laittaa uuden HijackThis lokin vielä varmuuden vuoksi.