1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Virus koneella? HjT-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi dou_ 08.12.2008.

  1. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Ongelman kuvaus: Parin tunnin kuluttua koneen käynnistämisestä ensin selaimet alkavat "hajoilemaan" näyttäen sivut palkkimössönä ja lopulta koodina/eivät lainkaan. Myös muu internettoiminta lakkaa piakkoin, vaikka yhteys onkin olevinaan olemassa. Koneen sammuttaminen hidasta, mutta onnistuu. Ajettu lukuisia antiviruksia/poisto-ohjelmia. Neuvot olisi tarpeen, kiitos jo etukäteen.

    HjT-loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:43:49 PM, on 12/8/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://portti.lut.fi/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0717,1605
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://portti.lut.fi/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 5851 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    antivir ja avast samalla koneella

    ========================

    Javan päivitys ja välimuistin tyhjennys:

    Lataa JavaRa ja pura se työpöydällesi.

    ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

    * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
    * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
    * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
    * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
    * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
    4. Asenna uusin Java päivitys seuraavasta linkistä..

    Lataa täältä uusi java

    Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
    Paina Download
    Laita Platform -kohtaan Windows
    Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
    Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

    Tallenna tiedosto vaikka työpöydälle ja asenna se.

    5. Käynnistä kone uudelleen asennuksen jälkeen.
    6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
    7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

    (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
    Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

    8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
    * Applications and Applets
    * Trace and Log Files

    Ja paina OK -nappia
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

    9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
    10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
    Valitse Never check
    11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
     
  4. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    JavaRa-logi:

    JavaRa 1.11 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Mon Dec 08 23:55:11 2008

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    ------------------------------------

    Finished reporting.
     
  5. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi
     
  6. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Malwarebytes':n logi:

    Malwarebytes' Anti-Malware 1.31
    Database version: 1477
    Windows 6.0.6001 Service Pack 1

    12/9/2008 6:27:33 PM
    mbam-log-2008-12-09 (18-27-33).txt

    Scan type: Full Scan (C:\|D:\|E:\|G:\|)
    Objects scanned: 188064
    Time elapsed: 1 hour(s), 34 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
  8. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Uusi HjT-loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:18:19 PM, on 12/9/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O13 - Gopher Prefix:
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://portti.lut.fi/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0717,1605
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://portti.lut.fi/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 5627 bytes
     
  9. Hujo

    Hujo Guest

    Niin siellä on avast ja avira koneella kumpaa noista käytät
     
  10. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Käytän Avastia. Kaksi antivirusohjelmaa oli asennettuna vain koska yritin löytää virusta koneelta. Poistin Aviran juuri.
     
  11. Hujo

    Hujo Guest

    No mikäs on koneen toiminta
     
  12. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Eilen viimeksi oli ongelmaa, netti hajoili ja sammuttaminen ei onnistunut ennen resettiä. Tänään ollut jokusen tunnin jo onnistuneesti päällä, ei osaa vielä sanoa miten tässä käy. Ilmoitan toki heti jos/kun häiriö taas ilmaantuu.
     
  13. Hujo

    Hujo Guest

    ota tästä tausta suojaus pois päältä Jos on päällä

    Windows Defender

    Avaa Windows Defender.
    Klikkaa Tools ja General Settings.
    Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
    Tämän jälkeen klikkaa Save ja sulje Windows Defender.
     
  14. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Hahah, kirjoitin kiittelyviestiä siitä miten tänään ei ole ollut ongelmia ja jospa tämä tästä. Viestiä lähetettäessä netti vaan ei enää toiminutkaan ja konettakaan ei saanut uudelleenkäynnistettyä ilman resettiä (jäi vain nököttämään paikalleen tekemättä mitään vaikka yritti sammuttaa/sulkea prosesseja manuaalisesti). Kuitenkaan html-koodia ei pukannut ja alkoi toimia heti resetin jälkeen kuuliaisesti, joten en nyt osaa sanoa onko tässä samaa ongelmaa vai ei. Eipä voi muuta kuin jatkaa tarkkailua. Tähänastisista ohjeista silti suurkiitokset! Raportoinpa lisää jahka aihetta ilmaantuu.
     
  15. Hujo

    Hujo Guest

    Kivoja nää tekniset laiteet :) Ei tuu yhtään harmaita hiuksia. :)

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi

    Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen


     
  16. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Raportti, kolme kauhistuttavaa jäljittäjäkeksiä löytyi, ei toimenpiteitä:

    Scanning Report
    Thursday, December 11, 2008 13:01:20 - 14:41:39

    Computer name: DOU-CEE
    Scanning type: Scan system for malware, rootkits
    Target: C:\ D:\ E:\ G:\
    Result: 3 malware found
    TrackingCookie.Atdmt (spyware)

    * System

    TrackingCookie.Doubleclick (spyware)

    * System

    TrackingCookie.Mediaplex (spyware)

    * System

    Statistics
    Scanned:

    * Files: 197236
    * System: 3217
    * Not scanned: 87

    Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 3
    * Submitted: 0

    Files not scanned:


    Options
    Scanning engines:

    * F-Secure USS: 2.40.0
    * F-Secure Hydra: 2.8.8110, 2008-12-11
    * F-Secure AVP: 7.0.171, 2008-12-11
    * F-Secure Pegasus: 1.20.0, 2008-11-10

    Scanning options:

    * Scan all files
    * Scan inside archives
    * Use Advanced heuristics
     
  17. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Jälleen jäätyi netti, tällä kertaa kuitenkin sammui mukisematta. Mikähän se on kun ei mikään ohjelma löydä, olen näiden neuvottujen lisäksi kokeillut spybottia ja siivoillut rekisteriäkin ccleanerilla. Kuulostaako tämä virukselta vai miltä? Kokeilin sellaista hakuammuntaa, että rasitin Prime95:lla muisteja, ne kun ilmeisesti voivat oireilla mitä ihmeellisimmillä tavoilla. Hyvin ruksutti, ei löytynyt ongelmia. Ihme salatiedettä.
     
  18. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
  19. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Aye. Auttaisikohan, jos seuraavan kerran kun netti taas kaatuu, ottaisin hjt-login ja laittaisin sen tänne kunhan taas toimii?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:41:03 PM, on 12/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\dou\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O13 - Gopher Prefix:
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://portti.lut.fi/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0717,1605
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://portti.lut.fi/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 5195 bytes
     
  20. Hujo

    Hujo Guest

    Lataa Lop S&D täältä

    Tuplaklikkaa Lop S&D.exeä
    Valitse Suomi kieleksi painamalla U ja Enter.
    Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
    Odota, kunnes tarkistus on valmis
    Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
     
  21. dou_

    dou_ Member

    Liittynyt:
    08.12.2008
    Viestejä:
    23
    Kiitokset:
    0
    Pisteet:
    11
    Lop-loki:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
    BIOS : BIOS Date: 07/13/07 21:27:16 Ver: 08.00.12
    USER : dou ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081209-0] 4.8.1229 (Activated)
    Firewall : ZoneAlarm Firewall 8.0.065.000 (Activated)
    C:\ (Local Disk) - NTFS - Total:29 Go (Free:9 Go)
    D:\ (Local Disk) - NTFS - Total:97 Go (Free:39 Go)
    E:\ (Local Disk) - NTFS - Total:171 Go (Free:36 Go)
    F:\ (CD or DVD)
    G:\ (Local Disk) - FAT32 - Total:152 Go (Free:29 Go)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( Fri 12/12/2008|16:29 )

    [ UAC => 1 ]

    --------------------\\ Listaa hakemistoja sijainnissa Local

    [01/13/2008|12:16] C:\Users\dou\AppData\Local\<DIR> Adobe
    [02/16/2008|11:37] C:\Users\dou\AppData\Local\<DIR> Apple
    [03/12/2008|06:04] C:\Users\dou\AppData\Local\<DIR> Apple Computer
    [01/12/2008|04:37] C:\Users\dou\AppData\Local\<JUNCTION> Application Data
    [07/25/2008|07:28] C:\Users\dou\AppData\Local\<DIR> ApplicationHistory
    [01/12/2008|04:44] C:\Users\dou\AppData\Local\680 d3d9caps.dat
    [12/12/2008|04:11] C:\Users\dou\AppData\Local\202,752 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [09/28/2008|08:00] C:\Users\dou\AppData\Local\66,968 GDIPFONTCACHEV1.DAT
    [12/12/2008|04:22] C:\Users\dou\AppData\Local\<DIR> Google
    [01/12/2008|04:37] C:\Users\dou\AppData\Local\<JUNCTION> History
    [12/12/2008|12:12] C:\Users\dou\AppData\Local\3,239,863 IconCache.db
    [07/28/2008|12:37] C:\Users\dou\AppData\Local\<DIR> Microsoft
    [03/03/2008|07:45] C:\Users\dou\AppData\Local\<DIR> Microsoft Games
    [01/13/2008|10:51] C:\Users\dou\AppData\Local\<DIR> Mozilla
    [03/26/2008|06:09] C:\Users\dou\AppData\Local\<DIR> NWN2 Toolset
    [12/12/2008|04:27] C:\Users\dou\AppData\Local\<DIR> Temp
    [01/12/2008|04:37] C:\Users\dou\AppData\Local\<JUNCTION> Temporary Internet Files
    [01/12/2008|04:37] C:\Users\dou\AppData\Local\<DIR> VirtualStore

    --------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

    [12/12/2008 02:35 PM][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
    [12/12/2008 04:22 PM][--ah-----] C:\Windows\tasks\SA.DAT
    [12/12/2008 04:21 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

    [03/17/2008|04:04] C:\ProgramData\305 addr_file.html
    [03/07/2008|07:11] C:\ProgramData\<DIR> Adobe
    [02/16/2008|11:37] C:\ProgramData\<DIR> Apple
    [02/16/2008|11:38] C:\ProgramData\<DIR> Apple Computer
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Application Data
    [01/12/2008|04:40] C:\ProgramData\<DIR> CheckPoint
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Desktop
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Documents
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Favorites
    [07/23/2008|03:35] C:\ProgramData\<DIR> HPSSUPPLY
    [08/03/2008|01:03] C:\ProgramData\<DIR> ifolor
    [05/15/2008|10:23] C:\ProgramData\<DIR> Installations
    [12/07/2008|09:18] C:\ProgramData\<DIR> Lavasoft
    [12/07/2008|10:23] C:\ProgramData\<DIR> Malwarebytes
    [01/31/2008|05:58] C:\ProgramData\<DIR> Media Center Programs
    [04/07/2008|06:45] C:\ProgramData\<DIR> Microsoft
    [12/08/2008|08:02] C:\ProgramData\<DIR> NVIDIA
    [05/15/2008|02:15] C:\ProgramData\<DIR> PC Suite
    [12/07/2008|10:52] C:\ProgramData\<DIR> Spybot - Search & Destroy
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Start Menu
    [11/02/2006|02:59] C:\ProgramData\<JUNCTION> Templates
    [12/08/2008|08:08] C:\ProgramData\<DIR> WindowsSearch

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

    [03/07/2008|07:11] C:\Program Files\<DIR> Adobe
    [02/16/2008|11:37] C:\Program Files\<DIR> Apple Software Update
    [07/23/2008|03:35] C:\Program Files\<DIR> Avago-HP
    [02/03/2008|04:12] C:\Program Files\<DIR> Codec Pack - All In 1
    [12/07/2008|09:19] C:\Program Files\<DIR> Common Files
    [05/15/2008|10:26] C:\Program Files\<DIR> DIFX
    [09/07/2008|01:37] C:\Program Files\<DIR> F5
    [01/17/2008|02:00] C:\Program Files\<DIR> Futuremark
    [07/23/2008|04:52] C:\Program Files\<DIR> HP
    [09/07/2008|01:57] C:\Program Files\<DIR> InstallShield Installation Information
    [07/24/2008|10:54] C:\Program Files\<DIR> Internet Explorer
    [12/09/2008|12:00] C:\Program Files\<DIR> Java
    [11/02/2006|02:35] C:\Program Files\<DIR> Microsoft Games
    [06/15/2008|08:09] C:\Program Files\<DIR> Movie Maker
    [11/02/2006|02:35] C:\Program Files\<DIR> MSBuild
    [06/15/2008|08:18] C:\Program Files\<DIR> MSN Messenger
    [06/28/2008|07:09] C:\Program Files\<DIR> Octoshape Streaming Services
    [03/24/2008|08:15] C:\Program Files\<DIR> OpenOffice.org 2.3
    [05/15/2008|10:26] C:\Program Files\<DIR> PC Connectivity Solution
    [11/02/2006|02:35] C:\Program Files\<DIR> Reference Assemblies
    [11/02/2006|02:58] C:\Program Files\<DIR> Uninstall Information
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Calendar
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Collaboration
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Defender
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Mail
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Media Player
    [11/02/2006|02:35] C:\Program Files\<DIR> Windows NT
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Photo Gallery
    [06/15/2008|08:09] C:\Program Files\<DIR> Windows Sidebar

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

    [03/07/2008|07:11] C:\Program Files\Common Files\<DIR> Adobe
    [09/07/2008|01:57] C:\Program Files\Common Files\<DIR> InstallShield
    [03/24/2008|08:14] C:\Program Files\Common Files\<DIR> Java
    [01/13/2008|04:18] C:\Program Files\Common Files\<DIR> microsoft shared
    [05/15/2008|10:26] C:\Program Files\Common Files\<DIR> Nokia
    [05/15/2008|10:26] C:\Program Files\Common Files\<DIR> PCSuite
    [11/02/2006|01:18] C:\Program Files\Common Files\<DIR> Services
    [11/02/2006|01:18] C:\Program Files\Common Files\<DIR> SpeechEngines
    [06/15/2008|08:09] C:\Program Files\Common Files\<DIR> System
    [12/07/2008|09:19] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

    --------------------\\ Process

    ( 57 Processes )

    ... OK !

    --------------------\\ Etsii S_Lopilla

    Lopin kansioita ei löytynyt !

    --------------------\\ Etsii Lopin tiedostoja ja kansioita

    C:\Users\dou\AppData\Roaming\MICROS~1\Windows\Cookies\dou@adopt.euroclick[1].txt

    --------------------\\ Etsii rekisterikohteita

    ..... OK !

    --------------------\\ Tarkistaa Hosts-tiedostoa

    Hosts-tiedosto PUHDAS


    --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-12 16:30:01
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Tarkistaa muita infektioita


    Muita infektiota ei löytynyt !

    [F:1944][D:24]-> C:\Users\dou\AppData\Local\Temp
    [F:18][D:1]-> C:\Users\dou\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:282][D:4]-> C:\Users\dou\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:4][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - Fri 12/12/2008|16:27 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - Fri 12/12/2008|16:30 - Option : [1]

    --------------------\\ Tarkistus valmistui 16:30:45
    [ UAC => 1 ]

     

Jaa tämä sivu