1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Ylimääräisiä mainoksia selaimessa - Hjt-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi TooMuch 30.07.2008.

  1. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Nettisivuja selailessa aina välillä huomaa mainosbannereita, jotka jokin haittaohjelma tai vastaava on sivulle tunkenut. Olen skannannut koneen ewidolla, Ad-awarella ja ties millä ja löytänytkin jotain mutta tämä kyseinen ongelma ei kadonnut. Tässä nyt Hjt-logi jos joku ystävällisesti ehkä huomaisi siitä jotain:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:20, on 30.7.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    E:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [lphccvnj0eact] C:\WINDOWS\system32\lphccvnj0eact.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LaunchList] E:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NCProTray.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209128903046
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9AA2BBA9-FD8F-4F64-BAF7-74A809309095}: NameServer = 212.116.32.218 212.116.32.222
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8689 bytes

    edit:

    Tälläkin sivulla nyt huomasin Playboy-lehen mainoksia, jotka tuskin on afterdawnin hankkimia.
     
    Viimeksi muokattu: 31.07.2008
  2.  
  3. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Eikö täällä kukaan enää vastaile näihin.. pitänee kai sitten tyytyä noihin mainoksiin ja olla vain painamatta niitä.
     
  4. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Kyllähä meitä vapaaehtoisia auttajia on vähän.
    Arvostelijoita riittäis ihan tarpeeksi HI


    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

    ------------------------------------------------------------------

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe


    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


    Folder::
    -----------------------------------------------------------------

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [lphccvnj0eact] C:\WINDOWS\system32\lphccvnj0eact.exe jos on enään

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    *
     
  5. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Joo, kiitos paljon. Ei ollut tarkoitus olla mitenkään töykeä, nyt jälkeepäin tuo edellinen kommenttini kalskahti vähän siltä. Ihan totesin vain tilanteen. Mutta tässä nyt nämä logit, näytti löytyvän vielä lisää ei-toivottua kamaa:

    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:10, on 3.8.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    E:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LaunchList] E:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NCProTray.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209128903046
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9AA2BBA9-FD8F-4F64-BAF7-74A809309095}: NameServer = 212.116.32.218 212.116.32.222
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7661 bytes

    ComboFix
    ComboFix 08-08-02.01 - Tuomas- 2008-08-03 20:13:43.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1384 [GMT 3:00]
    Running from: C:\Documents and Settings\Tuomas-\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Tuomas-\Työpöytä\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\lphccvnj0eact.exe
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Tuomas-\Application Data\inst.exe
    C:\Documents and Settings\Tuomas-\Application Data\macromedia\Flash Player\#SharedObjects\R98HK7Z6\interclick.com
    C:\Documents and Settings\Tuomas-\Application Data\macromedia\Flash Player\#SharedObjects\R98HK7Z6\interclick.com\ud.sol
    C:\Documents and Settings\Tuomas-\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\Tuomas-\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\WINDOWS\Downloaded Program Files\setup.inf

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-03 to 2008-08-03 )))))))))))))))))
    .

    2008-08-03 18:46 . 2008-08-03 18:46 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-03 18:46 . 2008-08-03 18:46 <KANSIO> d-------- C:\Documents and Settings\Tuomas-\Application Data\Malwarebytes
    2008-08-03 18:46 . 2008-08-03 18:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-03 18:46 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-03 18:46 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-02 19:04 . 2008-08-02 19:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-07-30 18:53 . 2008-07-30 18:53 <KANSIO> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-07-29 14:28 . 2008-07-29 14:28 <KANSIO> d-------- C:\Program Files\Lavasoft
    2008-07-29 14:28 . 2008-07-29 14:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-29 14:27 . 2008-07-29 14:27 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-29 14:20 . 2008-07-30 19:26 <KANSIO> d-------- C:\HijackThis
    2008-07-28 15:14 . 2008-08-03 13:33 <KANSIO> d-------- C:\Program Files\ewido anti-spyware 4.0
    2008-07-27 19:08 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
    2008-07-27 19:08 . 2003-04-21 16:11 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-07-27 19:07 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
    2008-07-27 19:07 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
    2008-07-27 19:03 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
    2008-07-27 19:03 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
    2008-07-27 19:03 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
    2008-07-27 19:03 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
    2008-07-27 19:03 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
    2008-07-27 19:00 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
    2008-07-27 10:36 . 2008-07-27 10:36 <KANSIO> d-------- C:\WINDOWS\system32\URTTEMP
    2008-07-27 10:34 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-07-27 10:34 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2008-07-27 10:31 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
    2008-07-27 10:29 . 2008-07-27 10:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
    2008-07-27 10:26 . 2008-07-27 10:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-07-27 10:21 . 2008-07-27 10:21 <KANSIO> d-------- C:\Documents and Settings\Tuomas-\Application Data\DAEMON Tools
    2008-07-27 10:21 . 2008-07-27 10:21 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-20 18:51 . 2008-07-20 18:51 <KANSIO> d-------- C:\Documents and Settings\Tuomas-\OngameNetwork
    2008-07-18 10:39 . 2008-07-18 10:39 <KANSIO> d--h----- C:\WINDOWS\PIF
    2008-07-05 20:28 . 2008-07-05 20:31 <KANSIO> d-------- C:\Program Files\Screen Recorder
    2008-07-05 19:36 . 2008-07-30 11:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-05 19:36 . 2008-07-05 19:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-03 14:48 . 2008-07-03 14:48 <KANSIO> d-------- C:\Documents and Settings\Tuomas-\Application Data\Blender Foundation

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-03 17:18 1,679,392 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-08-03 15:35 --------- d-----w C:\Documents and Settings\Tuomas-\Application Data\OpenOffice.org2
    2008-08-03 11:25 20,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-08-02 16:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-02 16:00 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-08-02 16:00 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-08-02 16:00 --------- d-----w C:\Program Files\OpenAL
    2008-08-02 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-02 12:48 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-07-30 12:25 --------- d-----w C:\Documents and Settings\Tuomas-\Application Data\Vso
    2008-07-27 15:56 --------- d-----w C:\Program Files\Pinnacle
    2008-07-22 14:49 2,441,128 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-07-18 11:42 --------- d-----w C:\Program Files\Java
    2008-07-09 06:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2008-06-20 18:47 2,414,592 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 14:54 --------- d-----w C:\Program Files\Common Files\Java
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 13:02 --------- d-----w C:\Program Files\MSXML 6.0
    2008-06-13 09:25 --------- d-----w C:\Program Files\Nokia
    2008-06-13 09:23 --------- d-----w C:\Program Files\MSBuild
    2008-06-13 09:21 --------- d-----w C:\Program Files\Reference Assemblies
    2008-06-09 08:52 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-06-07 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-07 15:59 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-03 16:10 --------- d-----w C:\Program Files\EACOM
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-25 12:01 1,653,760 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
    2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-05-12 07:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-05 07:49 1,543,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-04-25 18:06 47,360 ----a-w C:\Documents and Settings\Tuomas-\Application Data\pcouffin.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 18:02 490952]
    "LaunchList"="E:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
    "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-10-23 17:48 380928]
    "amd_dc_opt"="E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
    "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2008-07-28 18:20 6283264]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 13:08 16342528 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]

    C:\Documents and Settings\Tuomas-\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-26 12:34:55 67128]
    Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-26 12:23:00 692224]
    NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-04-23 16:07:56 49220]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm
    "msacm.ac3filter"= ac3filter.acm
    "vidc.XVID"= xvid.dll
    "vidc.asv2"= asusasv2.dll
    "VIDC.PIM2"= RALCodec.dll
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.I420"= vdrcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "E:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "E:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
    "E:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
    "E:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
    "E:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
    "E:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
    R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
    R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-01-29 11:16]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
    R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 17:48]
    R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
    S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-04-08 21:02]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34e3f23a-23ea-11dd-be1e-806d6172696f}]
    \Shell\AutoRun\command - F:\ntde1ect.com
    \Shell\explore\Command - F:\ntde1ect.com
    \Shell\open\Command - F:\ntde1ect.com

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-07-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-03 20:18:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-03 20:19:03
    ComboFix-quarantined-files.txt 2008-08-03 17:19:00

    Pre-Run: 55,241,076,736 tavua vapaana
    Post-Run: 58,402,365,440 tavua vapaana

    229 --- E O F --- 2008-08-01 08:52:04

    MalwareBytes Anti-Malware

    Malwarebytes' Anti-Malware 1.24
    Tietokantaversio: 1019
    Windows 5.1.2600 Service Pack 2

    20:10:28 3.8.2008
    mbam-log-8-3-2008 (20-10-28).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
    Tarkistetut kohteet: 144775
    Kulunut aika: 1 hour(s), 17 minute(s), 43 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 15
    Saastuneita rekisteriarvoja: 3
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 1
    Saastuneita tiedostoja: 12

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccvnj0eact (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\GLK9A.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FB49C6DF-AA15-418D-8F2D-33387642109A}\RP50\A0015978.dll (Adware.Shopper) -> Quarantined and deleted successfully.
    C:\Program Files\RichVideoCodec\InstallRegerLib.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphccvnj0eact.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phccvnj0eact.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tuomas-\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
     
  6. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Moi !!!
    Kommenttisi oli aivan oikeaan osunut.
    Vastaukseni oli tarkoitettu syyllisten luettavaksi HI

    ------------------------------

    HJT logilla on kaikki OK

    ******************************************
    Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
    *************************************************************
    ******************************************
    Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
    **********************************************************

    Toimiiko kone nyt OK ???
    :D
     
  7. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Juu nyt näyttäis toimivan hyvin. Ei ainakaan Playboy tms. mainokset pompi silmille.. kyllä niitä sitten saa muualla kattoo iha tarpeeks jos joskus haluaa :D Kiitos paljon!!
     

Jaa tämä sivu