Ilmoittelee jatkuvasti viruksista ja haittaohjelmista, sekä hidas kone

e212 · Mar 21, 2007

Logfile of HijackThis v1.99.1
Scan saved at 22:04:04, on 21.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe

Auttaja · Mar 21, 2007

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
*************

1) Lataa http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
2) Tallenna VirtumundoBeGone.exe työpöydällesi.
3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
4) Kun työkalu on valmis, käynnistä kone uudelleen.

Se luo työpöydällesi lokin nimeltä VBG.TXT, kopioi ja liitä sen sisältö vastaukseesi.

**********

uusi HIJACKTHIS logi

e212 · Mar 22, 2007

VundoFix V6.3.17

Checking Java version...

Sun Java not detected
Scan started at 20:03:35 22.3.2007

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\cbxusqp.dll
C:\WINDOWS\system32\ffcwmefh.exe
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hlhjonyi.dll
C:\WINDOWS\system32\hmrhuyno.exe
C:\WINDOWS\system32\jjrxrdgl.exe
C:\WINDOWS\system32\jmeiaxhf.dll
C:\WINDOWS\system32\kflhulrc.dll
C:\WINDOWS\system32\mibgixlh.exe
C:\WINDOWS\system32\obqgsydf.dll
C:\WINDOWS\system32\oivodptb.exe
C:\WINDOWS\system32\oyrcmurq.exe
C:\WINDOWS\system32\uasofmfc.dll
C:\WINDOWS\system32\ywutbfme.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxusqp.dll
C:\WINDOWS\system32\cbxusqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffcwmefh.exe
C:\WINDOWS\system32\ffcwmefh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hlhjonyi.dll
C:\WINDOWS\system32\hlhjonyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmrhuyno.exe
C:\WINDOWS\system32\hmrhuyno.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjrxrdgl.exe
C:\WINDOWS\system32\jjrxrdgl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmeiaxhf.dll
C:\WINDOWS\system32\jmeiaxhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kflhulrc.dll
C:\WINDOWS\system32\kflhulrc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mibgixlh.exe
C:\WINDOWS\system32\mibgixlh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\obqgsydf.dll
C:\WINDOWS\system32\obqgsydf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oivodptb.exe
C:\WINDOWS\system32\oivodptb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\oyrcmurq.exe
C:\WINDOWS\system32\oyrcmurq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uasofmfc.dll
C:\WINDOWS\system32\uasofmfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ywutbfme.dll
C:\WINDOWS\system32\ywutbfme.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 22:04:04, on 21.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe

[03/22/2007, 20:12:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Omistaja\Työpöytä\VirtumundoBeGone.exe" )
[03/22/2007, 20:12:50] - Detected System Information:
[03/22/2007, 20:12:50] - Windows Version: 5.1.2600, Service Pack 2
[03/22/2007, 20:12:50] - Current Username: Omistaja (Admin)
[03/22/2007, 20:12:50] - Windows is in NORMAL mode.
[03/22/2007, 20:12:50] - Searching for Browser Helper Objects:
[03/22/2007, 20:12:50] - BHO 1: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} (GamesBar)
[03/22/2007, 20:12:51] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[03/22/2007, 20:12:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/22/2007, 20:12:51] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - No filename found. Continuing.
[03/22/2007, 20:12:51] - BHO 5: {979808D8-146F-41D6-9E03-9420CE062256} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - Checking for HKLM\...\Winlogon\Notify\gebcb
[03/22/2007, 20:12:51] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[03/22/2007, 20:12:51] - BHO 6: {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - Checking for HKLM\...\Winlogon\Notify\umvqfhtd
[03/22/2007, 20:12:51] - Key not found: HKLM\...\Winlogon\Notify\umvqfhtd, continuing.
[03/22/2007, 20:12:51] - Finished Searching Browser Helper Objects
[03/22/2007, 20:12:51] - Finishing up...
[03/22/2007, 20:12:51] - Nothing found! Exiting...

Hujo · Mar 22, 2007

Poista lisää poista sovelutuksesta

GamesBar

scannaa hjt:llä merkkaa paina Fix checked

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)

===========

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop "F-Secure Network Request Broker"
sc delete "F-Secure Network Request Broker"
sc stop FSMA
sc delete FSMA

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

===============

1.Lataa combofix.exe http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

mene vikasietotilaan

Poista kansio

C:\Program Files\GamesBar

============

Lähetä lokit

Auttaja · Mar 22, 2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)'
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
Unknown
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Laita uusi hijackthis logi

e212 · Mar 23, 2007

"Omistaja" - 07-03-23 13:05:21 Service Pack 2
ComboFix 07-03-22.2 - Running from: "C:\Documents and Settings\Omistaja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2007-02-23 to 2007-03-23 ))))))))))))))))))))))))))))))))))

2007-03-23 13:00 <KANSIO> d-------- C:\backups
2007-03-23 11:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-23 11:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-23 11:13 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-23 11:13 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-03-23 11:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-22 20:03 <KANSIO> d-------- C:\VundoFix Backups
2007-03-22 20:02 95,744 --a------ C:\VundoFix.exe
2007-03-22 19:54 <KANSIO> d-------- C:\DOCUME~1\Pirkko\WINDOWS
2007-03-22 19:53 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-03-22 19:53 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-22 19:53 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-03-22 19:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\InstallShield
2007-03-22 19:52 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Yahoo!
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Common Files\Oberon Media
2007-03-22 19:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
2007-03-22 16:48 123,972 --a------ C:\WINDOWS\system32\bxbxjcvp.dll
2007-03-21 22:27 218,112 --a------ C:\HijackThis_v1.99.1.exe
2007-03-21 17:09 995,136 --a------ C:\WINDOWS\system32\MSAJT200.DLL
2007-03-21 17:09 95,200 --a------ C:\WINDOWS\system32\VBDB300.DLL
2007-03-21 17:09 640,512 --a------ C:\WINDOWS\system32\oc30.dll
2007-03-21 17:09 551,936 --a------ C:\WINDOWS\system32\vcfiwz32.DLL
2007-03-21 17:09 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2007-03-21 17:09 17,424 --a------ C:\WINDOWS\system32\MSAJT112.DLL
2007-03-21 17:09 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-03-21 17:09 1,116,160 --a------ C:\WINDOWS\system32\vcfidl32.DLL
2007-03-21 17:08 300,032 --a------ C:\WINDOWS\unin040b.exe
2007-03-19 22:55 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-03-18 18:29 132,116 --a------ C:\WINDOWS\system32\umvqfhtd.dll
2007-03-18 17:39 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
2007-03-18 17:03 20,654 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-03-17 01:25 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\BSplayer Pro
2007-03-16 21:30 <KANSIO> dr------- C:\DOCUME~1\NETWOR~1\Suosikit
2007-03-15 22:28 123,412 --a------ C:\WINDOWS\system32\lhmdsbvd.dll
2007-03-14 10:25 132,116 --a------ C:\WINDOWS\system32\quamkhax.dll
2007-03-14 10:17 132,116 --a------ C:\WINDOWS\system32\nakyrgdg.dll
2007-03-13 16:24 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-12 19:36 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2007-03-10 14:56 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Jasc Software Inc
2007-03-10 11:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\InstallShield Installation Information
2007-03-10 11:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Google
2007-03-10 10:25 131,604 --a------ C:\WINDOWS\system32\mpbvgbkt.dll
2007-03-09 20:13 131,604 --a------ C:\WINDOWS\system32\rscgsyph.dll
2007-03-08 20:50 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
2007-03-07 15:52 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Apple Computer
2007-03-07 02:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
2007-03-06 17:16 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-06 14:04 123,412 --a------ C:\WINDOWS\system32\rbtrpdmx.dll
2007-03-06 13:13 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Lavasoft
2007-03-05 12:24 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-05 12:03 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Lavasoft
2007-03-05 01:57 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\DriveCleaner Free
2007-03-05 01:47 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-03-05 01:47 <KANSIO> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-03-04 14:45 3,580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-03 16:21 <KANSIO> d-------- C:\Program Files\Deluxe Ski Jump 3
2007-02-28 18:50 <KANSIO> d-------- C:\WINDOWS\system32\RNBOSENT
2007-02-28 18:31 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2007-02-28 17:40 <KANSIO> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-02-28 17:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-02-28 17:39 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Jasc Software Inc
2007-02-28 17:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-28 17:11 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-02-28 17:10 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-02-28 17:10 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-26 21:30 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-02-26 18:07 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
2007-02-26 18:05 <KANSIO> d-------- C:\Program Files\QuickTime
2007-02-25 21:46 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-02-25 21:46 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-02-25 21:46 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-02-25 21:46 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2007-02-25 21:46 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-02-25 21:46 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2007-02-25 21:46 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-02-25 21:46 262,144 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-02-25 21:46 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2007-02-25 21:46 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-02-25 21:46 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-02-25 21:46 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2007-02-25 21:46 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2007-02-25 21:46 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-02-25 21:46 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2007-02-25 21:46 1,050,896 --a------ C:\WINDOWS\system32\msjet35.dll
2007-02-24 05:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-02-23 20:43 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Media Player Classic

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-23 12:55 76842 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-23 12:55 378280 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-22 19:53 -------- d-------- C:\Program Files\runtime software
2007-03-22 19:48 -------- d--h----- C:\Program Files\installshield installation information
2007-03-05 12:55 1485 --a------ C:\WINDOWS\mozver.dat
2007-02-28 17:40 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-28 17:22 -------- d-------- C:\Program Files\vista sidebar
2007-02-21 21:54 -------- d-------- C:\Program Files\msbuild
2007-02-21 21:54 -------- d-------- C:\Program Files\microsoft works
2007-02-21 03:54 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\sun
2007-02-21 03:52 -------- d-------- C:\Program Files\Common Files\java
2007-02-20 21:51 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\media player classic
2007-02-20 02:32 -------- dr------- C:\DOCUME~1\Omistaja\APPLIC~1\brother
2007-02-19 23:37 34 --a------ C:\WINDOWS\system32\bd2030.dat
2007-02-19 23:28 -------- d-------- C:\Program Files\brownie
2007-02-19 23:28 -------- d-------- C:\Program Files\brother
2007-02-19 10:09 -------- d-------- C:\Program Files\messenger
2007-02-19 08:47 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\help
2007-02-19 04:26 -------- d-------- C:\Program Files\visualtooltip
2007-02-19 04:26 -------- d-------- C:\Program Files\styler
2007-02-18 18:16 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\styler
2007-02-18 17:31 -------- d-------- C:\Program Files\msn messenger
2007-02-18 17:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-18 16:01 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\intervideo
2007-02-18 15:57 -------- d-------- C:\Program Files\daemon tools
2007-02-18 15:55 646392 --------- C:\WINDOWS\system32\drivers\sptd.sys
2007-02-18 13:51 -------- d-------- C:\Program Files\pixrecovery
2007-02-18 13:16 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\f-secure
2007-02-18 12:43 -------- d-------- C:\Program Files\movie maker
2007-02-18 12:41 -------- d-------- C:\Program Files\windows nt
2007-02-18 07:24 -------- d-------- C:\Program Files\powerquest
2007-02-18 07:23 -------- d-------- C:\Program Files\ontrack
2007-02-18 07:22 -------- d-------- C:\Program Files\partition magic
2007-02-18 03:35 -------- d-------- C:\Program Files\conexant
2007-02-18 03:31 548 --a------ C:\pnpID.dat
2007-02-18 03:26 0 -rahs---- C:\MSDOS.SYS
2007-02-18 03:26 0 -rahs---- C:\IO.SYS
2007-02-18 03:26 0 --a------ C:\CONFIG.SYS
2007-02-18 03:26 0 --a------ C:\AUTOEXEC.BAT
2007-02-18 03:26 -------- d-------- C:\Program Files\microsoft frontpage
2007-02-18 03:25 21672 --------- C:\WINDOWS\system32\emptyregdb.dat
2007-02-18 03:25 -------- d-------- C:\Program Files\online services
2007-02-18 03:25 -------- d-------- C:\Program Files\Common Files\mssoap
2007-02-18 03:24 -------- d--h----- C:\Program Files\windowsupdate
2007-02-18 03:24 -------- d-------- C:\Program Files\msn gaming zone
2007-02-17 17:20 62 --ahs---- C:\DOCUME~1\Omistaja\APPLIC~1\desktop.ini
2007-02-17 17:20 -------- d-------- C:\Program Files\Common Files\speechengines
2007-02-17 17:20 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-19 22:53 51056 --------- C:\WINDOWS\system32\sirenacm.dll
2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
"avast!"="H:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\bxbxjcvp.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rbtrpdmx"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\rbtrpdmx.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FSM32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TNBUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LClock"
"hkey"="HKLM"
"command"="C:\\Program Files\\LClock\\LClock.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Data Secure]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PBDataSecure"
"hkey"="HKCU"
"command"="F:\\Program files\\Packard Bell Data Secure\\PBDataSecure.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcpas.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcsdr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"command"="H:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Save\\Save.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070323-130435-763
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
backup-20070323-130435-805
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
backup-20070323-130435-564
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070323-130435-474
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070323-130435-297
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
backup-20070323-130021-804
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
backup-20070323-130021-792
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
backup-20070323-130021-397
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
backup-20070323-130021-830
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-23 13:07:10

Logfile of HijackThis v1.99.1
Scan saved at 13:15:50, on 23.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {979808D8-146F-41D6-9E03-9420CE062256} - C:\WINDOWS\system32\gebcb.dll (file missing)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\bxbxjcvp.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Auttaja · Mar 23, 2007

Tere, fixaa nää rivit

O2 - BHO: (no name) - {979808D8-146F-41D6-9E03-9420CE062256} - C:\WINDOWS\system32\gebcb.dll (file missing)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\bxbxjcvp.dll",setvm

Poista nää tiedostot jos löytyy
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\bxbxjcvp.dll

Laita piilotiedostot näkyviin jos ei löydy

laita uusi hijackthis logi, kerro onko ongelmia millasia?

e212 · Mar 23, 2007

Joo, kone on nyt paljon nopeampi ku ennen, ei oo enää mitään isompia ongelmia ilmenny. Kiitti avusta!

Logfile of HijackThis v1.99.1
Scan saved at 14:03:09, on 23.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Auttaja · Mar 23, 2007

http://www.virustotal.com

C:\WINDOWS\system32\reg.exe lähetä tuo tiedosto sinne ja laita tänne tulokset.

**********

Lataa joku ilmanen palomuuri koneelle!

Log in or Sign up

Ilmoittelee jatkuvasti viruksista ja haittaohjelmista, sekä hidas kone

e212 Member

Auttaja Guest

e212 Member

Hujo Guest

Auttaja Guest

e212 Member

Auttaja Guest

e212 Member

Auttaja Guest

Share This Page

Log in or Sign up

Ilmoittelee jatkuvasti viruksista ja haittaohjelmista, sekä hidas kone

e212 Member

Auttaja Guest

e212 Member

Hujo Guest

Auttaja Guest

e212 Member

Auttaja Guest

e212 Member

Auttaja Guest

Share This Page

Useful Searches