Kone epävakaa

Pari viikoa sitten kesken pelin tilttasi ja hetken päästä tuli BSOD, joten käynnistin uudestaan jolloin tuli lukemaan: "Reboot and select proper boot device or insert boot media in selected boot device and press a key" Sitten käynnistin uudestaan ja tuli lukemaan: "Levyltä ei voi lukea. Käynnistä uudelleen painamalla CTRL+ALT+DEL. Painoin niitä ja tuli tuo eka teksti. Sitten sammutin ja kokeilin n.20 min. kuluttua uudestaan ja kone käynnistyi normaalisti. Muutama päivä sitten koneen käynnistyminen hidastui ja muutenkin meni todella tukkoiseksi. Lämpötilasta ei johdu ja tein eilen Windowsin korjausasennuksen, joka nopeutti konetta, mutta ei lopettanut BSOD:ita. Onko lokissa vikaa?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:55:53, on 3.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
E:\HiJackThis_v2.0.0.0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Stellar Smart ] C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = F:\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\System32\winsys32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 11721 bytes

 

moi, sinulla on takaovi infektio koneellasi

=====0

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

"***** ******”" - 2007-06-03 18:53:39 Service Pack 1
ComboFix 07-05.27.BV - Running from: "C:\Program Files\Mozilla Firefox\"

/wow section - STAGE #3

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\install.log"
"C:\WINDOWS\svchost.exe"
"C:\WINDOWS\system32\rpcc.dll"


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


2007-06-02 20:25 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-02 20:25 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-02 20:25 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-02 20:25 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-02 20:25 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-02 20:25 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2007-06-02 20:25 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-02 20:25 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-02 20:10 <KANSIO> d-------- C:\WINDOWS\Prefetch
2007-06-02 20:02 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-02 20:02 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-06-02 20:02 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2007-06-02 20:02 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-06-02 20:02 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-06-02 20:02 69,120 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-06-02 20:02 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-02 20:02 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-02 20:02 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-06-02 20:02 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-06-02 20:02 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-06-02 20:02 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-06-02 20:02 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-06-02 20:02 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-06-02 20:02 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-06-02 20:02 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-06-02 20:02 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-06-02 20:02 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-06-02 20:02 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-06-02 20:02 251,904 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-02 20:02 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-06-02 20:02 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-06-02 20:02 227,840 --a------ C:\WINDOWS\system32\srrstr.dll
2007-06-02 20:02 221,184 --a------ C:\WINDOWS\system32\qmgr.dll
2007-06-02 20:02 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-02 20:02 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-06-02 20:02 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-06-02 20:01 98,304 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-02 20:01 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-06-02 20:01 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-02 20:01 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-06-02 20:01 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-02 20:01 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-06-02 20:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-06-02 20:01 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-06-02 20:01 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-06-02 20:01 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-02 20:01 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-06-02 20:01 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-06-02 20:01 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-02 20:01 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-06-02 20:01 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-06-02 20:01 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-06-02 20:01 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-02 20:01 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-06-02 20:01 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-02 20:01 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-06-02 20:01 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-02 20:01 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-06-02 20:01 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-06-02 20:01 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-06-02 20:01 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-06-02 20:01 386,560 --a------ C:\WINDOWS\system32\mstsc.exe
2007-06-02 20:01 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-06-02 20:01 340,992 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-02 20:01 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-06-02 20:01 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-06-02 20:01 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-06-02 20:01 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-06-02 20:01 181,760 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-02 20:01 18,944 --a------ C:\WINDOWS\system32\qprocess.exe
2007-06-02 20:01 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-06-02 20:01 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-06-02 20:01 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-06-02 20:01 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-06-02 20:01 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-06-02 20:01 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-06-02 20:01 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-02 20:01 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-06-02 20:01 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-02 20:01 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-06-02 20:01 114,456 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-02 20:01 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-06-02 20:01 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-06-02 20:01 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-06-02 20:01 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-02 20:00 99,840 --a------ C:\WINDOWS\system32\irftp.exe
2007-06-02 20:00 77,824 --a------ C:\WINDOWS\system32\irmon.dll
2007-06-02 20:00 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2007-06-02 20:00 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-06-02 19:55 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-06-02 19:55 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-06-02 19:54 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-06-02 19:54 56,448 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-02 19:52 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-06-02 19:52 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-06-02 19:51 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-06-01 17:29 0 --a------ C:\WINDOWS\system32\2954312ld.exe
2007-06-01 16:54 21,504 --a------ C:\WINDOWS\system32\54164532ld.exe
2007-05-31 18:37 311,296 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-05-31 18:37 311,296 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-05-31 18:37 303,104 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-05-31 18:37 290,816 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-05-31 18:37 290,816 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-05-31 18:37 282,624 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrses.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-05-31 18:37 253,952 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-05-31 18:37 253,952 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-05-31 18:37 249,856 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-05-31 18:37 245,760 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-05-31 18:37 245,760 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-05-31 18:37 241,664 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-05-31 18:37 241,664 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-05-31 18:37 204,800 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-05-31 18:37 196,608 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-05-31 18:37 184,320 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-05-31 18:37 155,648 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-05-31 18:37 151,552 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-05-31 18:37 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-05-31 18:35 <KANSIO> d-------- C:\Program Files\Nvidia Omega Drivers
2007-05-30 17:25 <KANSIO> d-------- C:\Spiderman 3 2007 mVs TeleSync KVCD Brady(TUS Release)
2007-05-27 13:05 <KANSIO> d-------- C:\Metal gear
2007-05-26 15:48 <KANSIO> d-------- C:\Flatout 2 Soundtrack
2007-05-25 15:07 <KANSIO> d-------- C:\Program Files\Disk Checker
2007-05-21 17:45 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-17 16:19 0 --a------ C:\WINDOWS\system32\19436712ld.exe
2007-05-14 15:00 20,480 --a------ C:\WINDOWS\system32\040932ld.exe
2007-05-12 20:27 <KANSIO> d-------- C:\DOCUME~1\******~1\APPLIC~1\Uniblue
2007-05-12 20:22 <KANSIO> d-------- C:\Program Files\Security Task Manager
2007-05-12 20:22 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-05-12 11:36 19,968 --a------ C:\WINDOWS\system32\36378902ld.exe
2007-05-12 11:08 0 --a------ C:\WINDOWS\system32\883592ld.exe
2007-05-09 20:22 19,968 --a------ C:\WINDOWS\system32\22467962ld.exe
2007-05-09 20:20 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 12:15:02 -------- d-----w C:\Program Files\SpeedFan
2007-06-02 18:41:17 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-02 18:00:33 -------- d-----w C:\Program Files\DC++
2007-06-02 17:36:11 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 17:23:40 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-02 17:12:11 64,812 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-02 17:12:11 354,486 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-02 17:02:39 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 17:01:41 23,364 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 17:01:27 -------- d-----w C:\Program Files\Windows NT
2007-06-02 12:06:41 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-02 11:46:30 21,504 ----a-w C:\WINDOWS\system32\winsys32.dll
2007-06-01 17:02:59 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-01 14:33:39 -------- d-----w C:\Program Files\GetRight
2007-05-31 13:57:58 -------- d-----w C:\Program Files\Winamp
2007-05-13 09:15:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 13:11:40 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\MegauploadToolbar
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 11:25:14 -------- d-----w C:\Program Files\America's Army Server Manager
2007-04-25 14:28:51 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Ulead Systems
2007-04-25 13:56:53 -------- d-----w C:\Program Files\Windows Media Components
2007-04-25 13:54:57 -------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-04-24 17:22:24 -------- d--h--r C:\DOCUME~1\*****~1\APPLIC~1\SecuROM
2007-04-24 17:22:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-23 14:01:06 23,510,720 ----a-w C:\dotnetfx.exe
2007-04-21 11:57:49 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-04-21 10:43:13 -------- d-----w C:\Program Files\Pinnacle
2007-04-21 10:31:37 -------- d-----w C:\Program Files\SmartSound Software
2007-04-21 10:30:40 95 ----a-w C:\AUTOEXEC.BAT
2007-04-21 10:21:47 -------- d-----w C:\Program Files\DivX
2007-04-21 06:18:19 -------- d-----w C:\Program Files\Rockstar Games
2007-04-21 05:53:54 -------- d-----w C:\Program Files\vcmm
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 18:15:39 -------- d-----w C:\Program Files\SlySoft
2007-04-15 09:22:30 -------- d-----w C:\Program Files\PowerISO
2007-04-14 12:47:03 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Leadertech
2007-04-09 12:27:07 31,548 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-07 09:24:41 -------- d-----w C:\Program Files\Game Cam v1.4
2007-04-04 10:29:34 -------- d-----w C:\Program Files\vodei2
2007-04-02 14:51:59 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-03-29 13:55:13 37,860,928 ----a-w C:\Program Files\iTunesSetup.exe
2007-03-21 18:09:18 336,976 ----a-w C:\getright-download.exe
2007-03-17 20:54:19 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-12 18:21:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-11-29 16:52]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2006-10-31 09:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]
{bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-12-11 18:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-01-08 18:07]
"MultiRes"="C:\Program Files\MultiRes\MultiRes.exe" [2005-01-27 01:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-04 18:52]
"NWEReboot"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"Cmaudio"="cmicnfg.cpl" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 22:21]
"UVS10 Preload"="F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22]
"Stellar Smart "="C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe" []
"nwiz"="nwiz.exe" [2004-10-29 23:50 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 23:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-27 16:21]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44]
"Steam"="c:\progra~1\steam\steam.exe" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:13]
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\install.log"
"C:\WINDOWS\svchost.exe"
"C:\WINDOWS\system32\rpcc.dll"


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 12:15:02 -------- d-----w C:\Program Files\SpeedFan
2007-06-02 18:41:17 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-02 18:00:33 -------- d-----w C:\Program Files\DC++
2007-06-02 17:36:11 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 17:23:40 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-02 17:12:11 64,812 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-02 17:12:11 354,486 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-02 17:02:39 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 17:01:41 23,364 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 17:01:27 -------- d-----w C:\Program Files\Windows NT
2007-06-02 12:06:41 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-02 11:46:30 21,504 ----a-w C:\WINDOWS\system32\winsys32.dll
2007-06-01 17:02:59 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-01 14:33:39 -------- d-----w C:\Program Files\GetRight
2007-05-31 13:57:58 -------- d-----w C:\Program Files\Winamp
2007-05-13 09:15:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 13:11:40 -------- d-----w C:\DOCUME~1\******~1\APPLIC~1\MegauploadToolbar
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 11:25:14 -------- d-----w C:\Program Files\America's Army Server Manager
2007-04-25 14:28:51 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Ulead Systems
2007-04-25 13:56:53 -------- d-----w C:\Program Files\Windows Media Components
2007-04-25 13:54:57 -------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-04-24 17:22:24 -------- d--h--r C:\DOCUME~1\*****S~1\APPLIC~1\SecuROM
2007-04-24 17:22:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-23 14:01:06 23,510,720 ----a-w C:\dotnetfx.exe
2007-04-21 11:57:49 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-04-21 10:43:13 -------- d-----w C:\Program Files\Pinnacle
2007-04-21 10:31:37 -------- d-----w C:\Program Files\SmartSound Software
2007-04-21 10:30:40 95 ----a-w C:\AUTOEXEC.BAT
2007-04-21 10:21:47 -------- d-----w C:\Program Files\DivX
2007-04-21 06:18:19 -------- d-----w C:\Program Files\Rockstar Games
2007-04-21 05:53:54 -------- d-----w C:\Program Files\vcmm
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 18:15:39 -------- d-----w C:\Program Files\SlySoft
2007-04-15 09:22:30 -------- d-----w C:\Program Files\PowerISO
2007-04-14 12:47:03 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Leadertech
2007-04-09 12:27:07 31,548 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-07 09:24:41 -------- d-----w C:\Program Files\Game Cam v1.4
2007-04-04 10:29:34 -------- d-----w C:\Program Files\vodei2
2007-04-02 14:51:59 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-03-29 13:55:13 37,860,928 ----a-w C:\Program Files\iTunesSetup.exe
2007-03-21 18:09:18 336,976 ----a-w C:\getright-download.exe
2007-03-17 20:54:19 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-12 18:21:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-11-29 16:52]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2006-10-31 09:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]
{bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-12-11 18:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-01-08 18:07]
"MultiRes"="C:\Program Files\MultiRes\MultiRes.exe" [2005-01-27 01:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-04 18:52]
"NWEReboot"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"Cmaudio"="cmicnfg.cpl" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 22:21]
"UVS10 Preload"="F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22]
"Stellar Smart "="C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe" []
"nwiz"="nwiz.exe" [2004-10-29 23:50 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-27 16:21]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44]
"Steam"="c:\progra~1\steam\steam.exe" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\System32\winsys32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-04-30 10:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-03 15:09:00 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 19:34:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Windows Update.log
C:\WINDOWS\WMPrfDeu.prx
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winmech
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\winstart.bat
C:\WINDOWS\WinSxS
C:\WINDOWS\WMPrfAra.prx
C:\WINDOWS\WMPrfCHS.prx
C:\WINDOWS\WMPrfCHT.prx
C:\WINDOWS\wmprfcsy.prx
C:\WINDOWS\wmprfdan.prx
C:\WINDOWS\wmprfell.prx
C:\WINDOWS\wmprfesp.prx
C:\WINDOWS\wmprfFIN.prx
C:\WINDOWS\wmprffra.prx
C:\WINDOWS\wmprfheb.prx
C:\WINDOWS\wmprfhun.prx
C:\WINDOWS\wmprfita.prx
C:\WINDOWS\WMPrfJpn.prx
C:\WINDOWS\WMPrfKor.prx
C:\WINDOWS\wmprfnld.prx
C:\WINDOWS\wmprfnor.prx
C:\WINDOWS\wmprfplk.prx
C:\WINDOWS\wmprfptb.prx
C:\WINDOWS\wmprfptg.prx
C:\WINDOWS\wmprfrus.prx
C:\WINDOWS\wmprfsky.prx
C:\WINDOWS\wmprfslv.prx
C:\WINDOWS\wmprfsve.prx
C:\WINDOWS\wmprftrk.prx
C:\WINDOWS\wmsetup.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\ydi.log
C:\WINDOWS\Zapoteekki.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 42


********************************************************************

Completion time: 2007-06-03 19:36:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-03 19:36

--- E O F ---

 

Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:

Tallenna se nimellä ComboFix-Do.txt

Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

========

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan


HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

Laita myös uusi HIJACKTHISLOGI

 

"***** *****”" - 2007-06-03 20:53:42 Service Pack 1
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\***** *****”\"
Command switches used :: "E:\ComboFix-Do.txt"

/wow section - STAGE #3

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\2954312ld.exe"
"C:\WINDOWS\system32\54164532ld.exe"
"C:\WINDOWS\system32\19436712ld.exe"
"C:\WINDOWS\system32\040932ld.exe"
"C:\WINDOWS\system32\36378902ld.exe"
"C:\WINDOWS\system32\883592ld.exe"
"C:\WINDOWS\system32\22467962ld.exe"
"C:\WINDOWS\iun6002.exe"
"C:\WINDOWS\Windows Update.log"
"C:\WINDOWS\winnt256.bmp"
"C:\WINDOWS\winstart.bat"
"C:\WINDOWS\WMPrfAra.prx"
"C:\WINDOWS\WMPrfCHS.prx"
"C:\WINDOWS\WMPrfCHT.prx"
"C:\WINDOWS\wmprfcsy.prx"
"C:\WINDOWS\wmprfdan.prx"
"C:\WINDOWS\wmprfell.prx"
"C:\WINDOWS\wmprfesp.prx"
"C:\WINDOWS\wmprfFIN.prx"
"C:\WINDOWS\wmprffra.prx"
"C:\WINDOWS\wmprfheb.prx"
"C:\WINDOWS\wmprfhun.prx"
"C:\WINDOWS\wmprfita.prx"
"C:\WINDOWS\WMPrfJpn.prx"
"C:\WINDOWS\WMPrfKor.prx"
"C:\WINDOWS\wmprfnld.prx"
"C:\WINDOWS\wmprfnor.prx"
"C:\WINDOWS\wmprfplk.prx"
"C:\WINDOWS\wmprfptb.prx"
"C:\WINDOWS\wmprfptg.prx"
"C:\WINDOWS\wmprfrus.prx"
"C:\WINDOWS\wmprfsky.prx"
"C:\WINDOWS\wmprfslv.prx"
"C:\WINDOWS\wmprfsve.prx"
"C:\WINDOWS\wmprftrk.prx"
"C:\WINDOWS\WMSysPrx.prx"
"C:\WINDOWS\_default.pif"
"C:\WINDOWS\system32\winsys32.dll"


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


2007-06-03 19:36 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 20:25 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-02 20:25 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-02 20:25 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-02 20:25 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-02 20:25 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-02 20:25 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2007-06-02 20:25 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-02 20:25 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-02 20:10 <KANSIO> d-------- C:\WINDOWS\Prefetch
2007-06-02 20:02 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-02 20:02 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-06-02 20:02 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2007-06-02 20:02 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-06-02 20:02 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-06-02 20:02 69,120 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-06-02 20:02 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-02 20:02 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-02 20:02 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-06-02 20:02 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-06-02 20:02 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-06-02 20:02 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-06-02 20:02 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-06-02 20:02 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-06-02 20:02 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-06-02 20:02 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-06-02 20:02 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-06-02 20:02 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-06-02 20:02 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-06-02 20:02 251,904 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-02 20:02 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-06-02 20:02 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-06-02 20:02 227,840 --a------ C:\WINDOWS\system32\srrstr.dll
2007-06-02 20:02 221,184 --a------ C:\WINDOWS\system32\qmgr.dll
2007-06-02 20:02 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-02 20:02 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-06-02 20:02 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-06-02 20:01 98,304 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-02 20:01 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-06-02 20:01 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-02 20:01 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-06-02 20:01 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-02 20:01 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-06-02 20:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-06-02 20:01 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-06-02 20:01 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-06-02 20:01 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-02 20:01 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-06-02 20:01 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-06-02 20:01 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-02 20:01 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-06-02 20:01 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-06-02 20:01 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-06-02 20:01 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-02 20:01 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-06-02 20:01 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-02 20:01 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-06-02 20:01 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-02 20:01 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-06-02 20:01 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-06-02 20:01 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-06-02 20:01 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-06-02 20:01 386,560 --a------ C:\WINDOWS\system32\mstsc.exe
2007-06-02 20:01 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-06-02 20:01 340,992 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-02 20:01 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-06-02 20:01 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-06-02 20:01 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-06-02 20:01 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-06-02 20:01 181,760 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-02 20:01 18,944 --a------ C:\WINDOWS\system32\qprocess.exe
2007-06-02 20:01 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-06-02 20:01 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-06-02 20:01 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-06-02 20:01 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-06-02 20:01 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-06-02 20:01 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-06-02 20:01 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-02 20:01 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-06-02 20:01 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-02 20:01 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-06-02 20:01 114,456 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-02 20:01 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-06-02 20:01 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-06-02 20:01 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-06-02 20:01 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-02 20:00 99,840 --a------ C:\WINDOWS\system32\irftp.exe
2007-06-02 20:00 77,824 --a------ C:\WINDOWS\system32\irmon.dll
2007-06-02 20:00 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2007-06-02 20:00 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-06-02 19:55 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-06-02 19:55 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-06-02 19:54 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-06-02 19:54 56,448 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-02 19:52 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-06-02 19:52 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-06-02 19:51 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-31 18:37 311,296 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-05-31 18:37 311,296 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-05-31 18:37 303,104 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-05-31 18:37 299,008 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-05-31 18:37 294,912 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-05-31 18:37 290,816 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-05-31 18:37 290,816 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-05-31 18:37 282,624 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-05-31 18:37 278,528 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-05-31 18:37 274,432 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-05-31 18:37 262,144 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrses.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-05-31 18:37 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-05-31 18:37 253,952 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-05-31 18:37 253,952 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-05-31 18:37 249,856 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-05-31 18:37 245,760 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-05-31 18:37 245,760 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-05-31 18:37 241,664 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-05-31 18:37 241,664 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-05-31 18:37 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-05-31 18:37 233,472 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-05-31 18:37 225,280 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-05-31 18:37 204,800 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-05-31 18:37 196,608 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-05-31 18:37 184,320 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-05-31 18:37 155,648 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-05-31 18:37 151,552 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-05-31 18:37 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-05-31 18:35 <KANSIO> d-------- C:\Program Files\Nvidia Omega Drivers
2007-05-30 17:25 <KANSIO> d-------- C:\Spiderman 3 2007 mVs TeleSync KVCD Brady(TUS Release)
2007-05-27 13:05 <KANSIO> d-------- C:\Metal gear
2007-05-26 15:48 <KANSIO> d-------- C:\Flatout 2 Soundtrack
2007-05-25 15:07 <KANSIO> d-------- C:\Program Files\Disk Checker
2007-05-21 17:45 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-12 20:27 <KANSIO> d-------- C:\DOCUME~1\*****~1\APPLIC~1\Uniblue
2007-05-12 20:22 <KANSIO> d-------- C:\Program Files\Security Task Manager
2007-05-12 20:22 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-05-09 20:20 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 12:15:02 -------- d-----w C:\Program Files\SpeedFan
2007-06-02 18:41:17 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-02 18:00:33 -------- d-----w C:\Program Files\DC++
2007-06-02 17:36:11 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 17:12:11 64,812 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-02 17:12:11 354,486 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-02 17:02:39 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 17:01:41 23,364 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 17:01:27 -------- d-----w C:\Program Files\Windows NT
2007-06-02 12:06:41 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-01 17:02:59 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-01 14:33:39 -------- d-----w C:\Program Files\GetRight
2007-05-31 13:57:58 -------- d-----w C:\Program Files\Winamp
2007-05-13 09:15:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 13:11:40 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\MegauploadToolbar
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 11:25:14 -------- d-----w C:\Program Files\America's Army Server Manager
2007-04-25 14:28:51 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Ulead Systems
2007-04-25 13:56:53 -------- d-----w C:\Program Files\Windows Media Components
2007-04-25 13:54:57 -------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-04-24 17:22:24 -------- d--h--r C:\DOCUME~1\*****~1\APPLIC~1\SecuROM
2007-04-24 17:22:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-23 14:01:06 23,510,720 ----a-w C:\dotnetfx.exe
2007-04-21 11:57:49 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-04-21 10:43:13 -------- d-----w C:\Program Files\Pinnacle
2007-04-21 10:31:37 -------- d-----w C:\Program Files\SmartSound Software
2007-04-21 10:30:40 95 ----a-w C:\AUTOEXEC.BAT
2007-04-21 10:21:47 -------- d-----w C:\Program Files\DivX
2007-04-21 06:18:19 -------- d-----w C:\Program Files\Rockstar Games
2007-04-21 05:53:54 -------- d-----w C:\Program Files\vcmm
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 18:15:39 -------- d-----w C:\Program Files\SlySoft
2007-04-15 09:22:30 -------- d-----w C:\Program Files\PowerISO
2007-04-14 12:47:03 -------- d-----w C:\DOCUME~1\*****~1\APPLIC~1\Leadertech
2007-04-09 12:27:07 31,548 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-07 09:24:41 -------- d-----w C:\Program Files\Game Cam v1.4
2007-04-04 10:29:34 -------- d-----w C:\Program Files\vodei2
2007-04-02 14:51:59 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-03-29 13:55:13 37,860,928 ----a-w C:\Program Files\iTunesSetup.exe
2007-03-21 18:09:18 336,976 ----a-w C:\getright-download.exe
2007-03-17 20:54:19 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-12 18:21:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-11-29 16:52]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2006-10-31 09:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]
{bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-12-11 18:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-01-08 18:07]
"MultiRes"="C:\Program Files\MultiRes\MultiRes.exe" [2005-01-27 01:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-04 18:52]
"NWEReboot"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"Cmaudio"="cmicnfg.cpl" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 22:21]
"UVS10 Preload"="F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22]
"Stellar Smart "="C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe" []
"nwiz"="nwiz.exe" [2004-10-29 23:50 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-27 16:21]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44]
"Steam"="c:\progra~1\steam\steam.exe" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\System32\winsys32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-04-30 10:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-03 17:09:00 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 20:59:36
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

? [2668]


scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\WMPrfDeu.prx
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winmech
C:\WINDOWS\winnt.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\ydi.log
C:\WINDOWS\Zapoteekki.bmp

scan completed successfully
hidden files: 12


********************************************************************

Completion time: 2007-06-03 21:03:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-03 21:03
C:\ComboFix2.txt ... 2007-06-03 19:57

--- E O F ---

 

jees, hyvä, poistu osa roskasta.

Sun outlook express on mitä todennäkösemmin saastunut. Tee toi AVG antispyware ja laita uusi hjtlogi niin jatketaan.

 

Teen skannauksen sitten, kun olen ensin katsonut yhden elokuvan loppuun. Kiitokset avusta tähänkin mennessä.

EDIT: Tai sitten en, koska jokaisella kolmella kerralla kun olen yrittänyt skannata niin kesken skannauksen kone on tiltannut ja on tullut BSOD.

 

Kokeilin normaalitilassa skannata, ja skannasi ilman ongelmia(eikä mennyt kuin 2h 20min ).

Voisiko joku tarkistaa onko HJT-lokissa vielä ongelmia?

Tässä AVG Anti-Spywaren raportti:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:31:05 4.6.2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
F:\NEED.FOR.SPEED.C.PLUS17TRN.UNLEASHED\unl-nfsctrn.exe -> Backdoor.Shell : Cleaned with backup (quarantined).
C:\WINDOWS\AdmDll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{033B1930-CB57-42B6-ADE0-B1A77527E709}\RP1\A0002537.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\rpcc.dll.vir -> Proxy.Dlena.cb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{033B1930-CB57-42B6-ADE0-B1A77527E709}\RP1\A0002541.dll -> Proxy.Dlena.cb : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.39:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.396:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.397:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.49:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.50:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.51:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.289:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.290:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.326:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.25:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.165:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.30:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.7:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Sauli Sirniö\Cookies\sauli sirniö@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.306:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.146:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sauli Sirniö\Cookies\sauli sirniö@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.96:C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.


::Report end

Ja tässä uusi HijackThis-logi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:33:31, on 4.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis_v2.0.0.0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UVS10 Preload] F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Stellar Smart ] C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = F:\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\System32\winsys32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 11174 bytes

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\System32\winsys32.dll (file missing)

merkkaa nuo rivit ja paina fix checked

Poista tää kansio C:\Program Files\AskTBar\

=========

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Myös uusi HIJACKTHISLOGI

 

Ja taas tulee aina kesken skannauksen BSOD. Pitää jossain välissä yrittää taas.

Edit: Tuli BSOD eikä enää mennyt Windowsiin, vaan valitti: "Windows XP:tä ei voi käynnistää, koska seuraava tiedosto puuttuu tai on vioittunut:
\windows\system32\config\system". Yritän korjausasennusta, mutta tulee kesken BSOD. Onkohan tuo kiintolevy-vika vai viruksesta johtuva? Mitäköhän pitäisi tehdä?

EDIT2: Sain korjattua. Saa nähdä pitkäänkö toimii.

 

jees, laitaks uuden hijackthislogin

 

En siis ole vieläkään saanut skannattua, kun tulee BSOD. Tässä silti tämä HJT-logi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:51:17, on 7.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\HiJackThis_v2.0.0.0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UVS10 Preload] F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Stellar Smart ] C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = F:\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4f98f1ff415e4fe28d7c476f5fa0d5a7
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 10768 bytes

 

fixaa

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


=====

omaan silmää loki näyttää puhtaalta.

======

jos haluut varmista

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

=======

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HJT-koulu. Koulussa syvennytään HJT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

 

Nyt tuli vakaammaksi kun käytin palautuskonsolia ja CHKDSK-komentoa. Ennen tuota pystyi olemaan koneella 1min-15min ennen kuin lakkasi vastaamasta käskyihin nyt on toiminut n.2h.

En taida tehdä tuota skannausta f-securen sivuilta.

 

Tuo online-skanneri kannattaa ajaa nyt. Voisit kokeilla Dr.webbiä myöhemmin uudelleen, lataat vain tuosta ohjeen linkistä uusimman version ensin.

***
Tyhjennä AVG:n karanteeni:

Avaa AVG, Infections/Quarantine,
valinta Select all,
ja Remove finally

***

Tyhjennä C:\QooBox\ -->Quarantine<---kansion sisältö

***

Puhdista järjestelmänpalautus ja tee uusi palautuspiste

Auttajan ohjeitten mukaan.

***

Laita vielä uusi hijack logi, edellisessä näkyi muutaman fixattava rivi, ja muutakin korjattavaa

 

Kokeilin tuota F-securen Online-skanneria ja se jätti kesken skannauksen. Dr. Web ei löytänyt mitään. Tyhjensin tuon AVG:n ja Qooboxin karanteenin sekä tein uuden palautuspisteen. Tässä uusi hijack loki vaikka taitaa olla samanlainen kuin edellinen:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:17:03, on 11.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
E:\HiJackThis_v2.0.0.0.exe
E:\HiJackThis_v2.0.0.0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UVS10 Preload] F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Stellar Smart ] C:\Program Files\Stellar Smart (Early Disk Warning System)\smrt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = F:\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?87c58706b5f841cb89636c5348bd4693
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?87c58706b5f841cb89636c5348bd4693
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 11537 bytes

 

Moro

Tee hijackille oma kansio, ja siirrä se näin: E:\hjt\HiJackThis_v2.0.0.0.exe

Katso vielä Ohjauspaneelin lisää/poista sovelluksista, ja poista, jos löytyy:

SweetIM

***

Tee seuraavaksi uusi skannaus hjt:llä, merkkaa rivit, sulje muut sovellukset ja selain,
ja klikkaa Fix Checked

Samalla poistuu turhia ohjelmia pois käynnistyvistä.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Käynnistä kone uudelleen

Poista kansio C:\Program Files\-->Macrogaming<--

Tyhjennä roskakori.

***

Lataa Atribunen ATF Cleaner http://www.atribune.org/ccount/click.php?id=1

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi

Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi

Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun
alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

***

Jos et ladannut/asentanut vielä, niin tästä CCleaner tästä
[*]Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
[*]Asennuksen jälkeen aukaise CCleaner.
[*]Valitse vasemmalta pystyrivistä Options.

• Valitse viereisestä pystyrivistä Settings.
• Language kohtaan valitse Suomi.
  
  Puhdistaja
• Valitse vasemmalta pystyrivistä Puhdistaja.
  • Paina alhaalta Tutki.
    Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiesit jne.).
  • Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaner poistaa löydetyt tempit, cookiesit jne.
  
  Rekisterin virheiden korjaus
• Valitse vasemmalta pystyrivistä Virheet.
  • Paina alhaalta Etsi rekisterin virheitä.
  • Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
  • Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
  • Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
  • Saat vielä varmistus kysymyksen, paina Ok.
  • Kun virheet on korjattu, paina Sulje.
• Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

***

http://www.kaspersky.com/downloads/kws/kavwebscan.html (toimii vain Internet Explorerilla)

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
Klikkaa nyt asetuksia, Scan Settings
Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Klikkaa OK
Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
Klikkaa nyt Save as Text-painiketta, ja tallenna tiedosto työpöydällesi.

Lähetä Kasperskyn raportti ja uusi hijack logi.

 

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 13, 2007 11:08:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/06/2007
Kaspersky Anti-Virus database records: 342746
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 83511
Number of viruses found 3
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 09:18:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\history.dat Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\key3.db Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yqha9mu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Temp\fla28.tmp Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Temp\flaE8B.tmp Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Temp\~ROMFN_00000A98 Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sauli Sirniö\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sauli Sirniö\Data\storydb.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{033B1930-CB57-42B6-ADE0-B1A77527E709}\RP2\change.log Object is locked skipped
C:\unlock.exe/data.rar/svchost.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\unlock.exe/data.rar/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\unlock.exe/data.rar/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\unlock.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\unlock.exe RarSFX: infected - 4 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\DC sharing\Ohjelmia\Nero-7.5.9.0A_eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\DC sharing\Ohjelmia\Nero-7.5.9.0A_eng.exe RAR: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{033B1930-CB57-42B6-ADE0-B1A77527E709}\RP2\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{033B1930-CB57-42B6-ADE0-B1A77527E709}\RP2\change.log Object is locked skipped
Scan process completed.

HjT-loki

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:14:28, on 13.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\hjt\HiJackThis_v2.0.0.0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UVS10 Preload] F:\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?87c58706b5f841cb89636c5348bd4693
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?87c58706b5f841cb89636c5348bd4693
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 9928 bytes

 

Moi

Tuo C:\unlock.exe onko se sun itsesi lataama? Ellei ole niin poista se koneelta. Poista kansio C:\-->unlock.exe<--kokonaan.

Poista myös:

E:\DC sharing\Ohjelmia\-->Nero-7.5.9.0A_eng.exe/ Toolbar.exe<--
E:\DC sharing\Ohjelmia\-->Nero-7.5.9.0A_eng.exe RAR:<--

Tyhjennä roskakori.

***

Lataa seuraavaksi SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

ja tallenna se työpöydällesi.

***

* Kopioi alla oleva tummennettu teksti notepadiin
* Älä jätä tyhjää riviä alkuun
* Tallenna tiedosto nimellä fix.reg
* Vaihda tiedostotyypiksi All Files
* Tallenna tiedosto työpöydälle


REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]



Tuplaklikkaa fix.reg ja paina kyllä ja ok.

***

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.

* Vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä,
niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy
kansio SDFix, ESIM C:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen
uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.

* Lopuksi avaa SDFix kansio (työpöydällä) ja
kopioi & liitä tiedoston Report.txt sisältö uuden HijackThis lokin kera.