Koneella pop-uppeja sun muuta - HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:26:19, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\skeqofmr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8AFA728E-2EEF-485E-A7F5-92AACD0906DC} - C:\WINDOWS\system32\pmnno.dll
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddcyvss.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mrxnnlhx.dll",forkonce
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: ddcyvss - C:\WINDOWS\SYSTEM32\ddcyvss.dll
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rudlqvyc.exe (file missing)
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 4961 bytes

 

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lopuksi viel uusi HIjackthislogi!

 

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 14:30:26 27.6.2007

Listing files found while scanning....

C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\pmnno.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\onnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------

SDFix: Version 1.88

Run by Nik Alsson on ke 27.06.2007 at 14:36

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDfix

Safe Mode:
Checking Services:

Name:
Driver

ImagePath:
\??\C:\WINDOWS\system32\nso12k.sys




Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\win41.tmp.exe - Deleted
C:\WINDOWS\Temp\win45.tmp.exe - Deleted
C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
C:\WINDOWS\Temp\win55.tmp.exe - Deleted
C:\WINDOWS\Temp\win41.tmp.exe - Deleted
C:\WINDOWS\Temp\win45.tmp.exe - Deleted
C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
C:\WINDOWS\Temp\win55.tmp.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDfix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\SoftwareDistribution\Download\79c3ec9e566ab9aff1b04775d258df76\download\BITA4.tmp

Listing User Accounts:


HelpAssistant J„rjestelm„nvalvoja Nik Alsson
SUPPORT_388945a0 Vieras
Komento on suoritettu.


Finished

------------------------------------------------------------

ComboFix 07-06-18.2
"Nik Alsson" - 2007-06-27 14:40:13 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


2007-06-27 14:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 14:30 <KANSIO> d-------- C:\VundoFix Backups
2007-06-27 14:17 1,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 14:12 128,576 --a------ C:\WINDOWS\system32\mrxnnlhx.dll
2007-06-27 14:10 60,416 --a------ C:\WINDOWS\system32\antiwpa.dll
2007-06-27 13:58 592 --a------ C:\WINDOWS\chgkey.vbs
2007-06-27 13:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-27 13:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-27 13:41 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-27 13:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-27 13:40 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-27 13:40 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-27 13:40 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-06-27 13:39 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-27 13:39 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-27 13:39 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-27 13:32 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2007-06-27 12:38 <KANSIO> d---s---- C:\DOCUME~1\NIKALS~1\UserData
2007-06-27 12:36 128,576 --------- C:\WINDOWS\system32\defrhysc.dll
2007-06-27 11:41 <KANSIO> d-------- C:\DOCUME~1\NIKALS~1\APPLIC~1\X-Chat 2
2007-06-27 11:40 <KANSIO> d-------- C:\Program Files\X-Chat 2
2007-06-27 11:34 31,254 --a------ C:\WINDOWS\system32\iifeddb.dll
2007-06-27 11:34 <KANSIO> d-------- C:\Program Files\Undelete Plus
2007-06-27 11:29 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-06-27 11:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ID3-TagIT 3
2007-06-27 11:27 120,490 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2007-06-27 11:27 <KANSIO> d-------- C:\Program Files\File Renamer
2007-06-27 11:24 <KANSIO> d-------- C:\Program Files\Winamp
2007-06-27 11:23 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-27 11:23 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-27 11:16 128,576 --a------ C:\WINDOWS\system32\xnlwbihn.dll
2007-06-27 04:17 66,112 --a------ C:\WINDOWS\system32\skeqofmr.dll
2007-06-27 03:58 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-27 03:58 <KANSIO> d-------- C:\Program Files\Panda Software
2007-06-27 03:57 <KANSIO> d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 03:55 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-06-27 03:55 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2007-06-27 03:55 <KANSIO> dr------- C:\WINDOWS\Web
2007-06-27 03:55 <KANSIO> d--h----- C:\WINDOWS\inf
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\WinSxS
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\twain_32
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\wins
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\spool
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\ras
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\npp
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\mui
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\IME
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\ias
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\export
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\config
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\3076
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\2052
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1054
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1042
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1041
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1037
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1035
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1033
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1031
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1028
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32\1025
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system32
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\system
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\security
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Resources
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\repair
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\mui
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\msapps
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\msagent
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Media
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\ime
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Help
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Debug
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Cursors
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\Config
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\AppPatch
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS\addins
2007-06-27 03:55 <KANSIO> d-------- C:\WINDOWS
2007-06-27 03:54 <KANSIO> d-------- C:\Program Files\CCleaner
2007-06-27 03:25 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-27 03:21 31,254 --a------ C:\WINDOWS\system32\mljjjki.dll
2007-06-27 03:21 31,254 --a------ C:\WINDOWS\system32\ddcyvss.dll
2007-06-27 03:02 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2007-06-27 03:01 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2007-06-27 02:53 <KANSIO> d-------- C:\Program Files\uTorrent
2007-06-27 02:53 <KANSIO> d-------- C:\DOCUME~1\NIKALS~1\APPLIC~1\uTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 08:15:35 48,448 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-27 08:15:35 283,024 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-19 10:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 10:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 10:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 10:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 10:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 10:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 10:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 10:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 10:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 10:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 10:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 10:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 10:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 10:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 10:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 10:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 10:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 10:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 10:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 10:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 10:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 10:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 10:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 10:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 10:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 10:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 10:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 10:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 10:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 10:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\skeqofmr.dll [2007-06-27 04:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{8AFA728E-2EEF-485E-A7F5-92AACD0906DC}=C:\WINDOWS\system32\pmnno.dll []
{A6807262-1D7A-44AB-947B-23B71E97915C}=C:\WINDOWS\system32\ddcyvss.dll [2007-06-27 03:21]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-27 13:38]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-06-27 02:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"="C:\WINDOWS\system32\ddcyvss.dll" [2007-06-27 03:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyvss]
ddcyvss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexz32]
winexz32.dll


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 14:42:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 14:42:37

--- E O F ---

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:45:04, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\skeqofmr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8AFA728E-2EEF-485E-A7F5-92AACD0906DC} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddcyvss.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: ddcyvss - C:\WINDOWS\SYSTEM32\ddcyvss.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rudlqvyc.exe (file missing)
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 4917 bytes

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\skeqofmr.dll
[*]C:\WINDOWS\system32\ddcyvss.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

========

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.


HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

 

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 14:30:26 27.6.2007

Listing files found while scanning....

C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\pmnno.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\onnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 14:57:23 27.6.2007

Listing files found while scanning....

C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\ssqpq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

Performing Repairs to the registry.
Done!


----------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:40:43, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\skeqofmr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68B39C64-2463-4341-A121-842B7502C5E2} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {8AFA728E-2EEF-485E-A7F5-92AACD0906DC} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddcyvss.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: ddcyvss - C:\WINDOWS\SYSTEM32\ddcyvss.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rudlqvyc.exe (file missing)
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5332 bytes


----------------------------------------------------


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:39:45 27.6.2007

+ Scan result:



C:\WINDOWS\MGRS.0XE -> Downloader.Alphabet : No action taken.
D:\Downloads\Make Window XP 100% Genuine\Port_RockXP_v4.exe/RockXP4.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : No action taken.
:mozilla.28:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.92:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.52:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.45:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Nik Alsson\Cookies\nik alsson@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.51:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.93:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.94:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.95:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.96:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.97:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.86:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.87:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.46:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.16:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.71:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.72:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Nik Alsson\Cookies\nik alsson@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.7:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Statistik-gallup : No action taken.
:mozilla.79:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.80:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.81:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.82:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.83:C:\Documents and Settings\Nik Alsson\Application Data\Mozilla\Firefox\Profiles\nmvmilch.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\system32\NSO12K.0YS -> Trojan.Agent.amr : No action taken.


::Report end

 

No action taken.

Painoitko jossain vaiheessa apply all actions?

ja tuossa vundofixiss lisaa nuo 2 tiedostoa siihen aja uudestaan ja laita uusi vundofix ja uusi hijackthis logi

 

Otin ensin lokin ja sitten tuhosin ne. "Ja tuossa vundofixiss lisaa nuo 2 tiedostoa siihen" mitkä tiedostot?

 

[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\skeqofmr.dll
[*]C:\WINDOWS\system32\ddcyvss.dll

nuo mita jo edellisessa viestissa oli

 

VundoFix V6.5.1

Checking Java version...

Scan started at 15:59:08 27.6.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.1

Checking Java version...

Scan started at 16:32:46 27.6.2007

Listing files found while scanning....

C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\mllji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 16:36:35 27.6.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyvss.dll
C:\WINDOWS\system32\ddcyvss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\skeqofmr.dll
C:\WINDOWS\system32\skeqofmr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 16:42:48 27.6.2007

Listing files found while scanning....

C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\mllji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Has been deleted!

Performing Repairs to the registry.
Done!


--------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:49:15, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {07A1FEBE-9FE3-4246-8FF0-C9B2199115E0} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\skeqofmr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68B39C64-2463-4341-A121-842B7502C5E2} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8AFA728E-2EEF-485E-A7F5-92AACD0906DC} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddcyvss.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\yxdreojf.dll",forkonce
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rudlqvyc.exe (file missing)
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5790 bytes

 

kopioi seuraavat rivit esim notepad:in

@echo off
sc stop DomainService
sc delete DomainService

Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a

========

avaa hijackthis, sulje muut ohjelmat, merkkaa seuraavat rivit ja paina fix checked

O2 - BHO: (no name) - {07A1FEBE-9FE3-4246-8FF0-C9B2199115E0} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\skeqofmr.dll (file missing)
O2 - BHO: (no name) - {68B39C64-2463-4341-A121-842B7502C5E2} - C:\WINDOWS\system32\ssqpq.dll (file missing
O2 - BHO: (no name) - {8AFA728E-2EEF-485E-A7F5-92AACD0906DC} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddcyvss.dll (file missing)
Unknown
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\yxdreojf.dll",forkonce
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rudlqvyc.exe (file missing)

==========

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\rudlqvyc.exe
C:\WINDOWS\system32\mrxnnlhx.dll
C:\WINDOWS\chgkey.vbs

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.


========

* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
* Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
* Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
* Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
* Klikaa vihreää nuolta oikealla ja scan alkaa.
* Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
* Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
* Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
* Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
* Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
* Sulje Dr.Web Cureit.
* Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
* Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Myos uusi HIJACKTHISLOGI

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:28:01, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5091 bytes


------------------------------------------------------------
tob_snd_20070616[1];C:\Documents and Settings\Nik Alsson\Local Settings\Temporary Internet Files\Content.IE5\W9AN0DER;Trojan.EzulaAd;Deleted.;
5JVAX5BA.NQF;C:\Program Files\ESET\infected;Trojan.LowZones.233;Deleted.;
Process.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.Prockill;Incurable.Deleted.;
restart.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.ShutDown.11;Incurable.Deleted.;
secgmgyi.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;

 

tän voi viel fixiä

O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)

=====

tarkistetaa viel

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

 

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 655.93 MiB
Pagefile Memory (total/avail): 2461.48 MiB / 2179.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.45 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 14.63 GiB free.
D: is Fixed (NTFS) - 213.34 GiB total, 53.37 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nik Alsson\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NIK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nik Alsson
LOGONSERVER=\\NIK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NIKALS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NIKALS~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=NIK
USERNAME=Nik Alsson
USERPROFILE=C:\Documents and Settings\Nik Alsson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nik Alsson (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe
AVIcodec (remove only) --> "d:\Ohjelmat\AVIcodec\uninst.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compaq V700 INF and ICM files --> C:\WINDOWS\IsUn040b.exe -f"C:\Compaq\V700 INF and ICM files\Uninst.isu"
File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
ID3-TagIT 3 --> "d:\Ohjelmat\ID3 TagIT\unins000.exe"
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSN Messenger 7.5 --> MsiExec.exe /I{9A379B72-03EC-11DA-BFBD-00065BBDC0B5}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0xb -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0xb REMOVE
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Ss Undelete Plus 2.91 --> "C:\Program Files\Undelete Plus\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
VentriloMIX --> d:\Ohjelmat\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_E783E764342BBAD7FC3DCA2F865A310E6364DB83\amdk8.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinXP Manager --> MsiExec.exe /I{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-06-27 at 18:55:14 ---------



Deckard's System Scanner v20070611.50
Run by Nik Alsson on 2007-06-27 at 18:53:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Nik Alsson.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:54:11, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nik Alsson\Työpöytä\dss.exe
C:\PROGRA~1\HIJACK~1\Nik Alsson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>

S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>


-- Files created between 2007-05-27 and 2007-06-27 -----------------------------

2007-06-27 17:56:20 0 d-------- C:\Documents and Settings\Nik Alsson\DoctorWeb
2007-06-27 17:50:12 0 d-------- C:\!KillBox
2007-06-27 17:21:10 0 d-------- C:\Program Files\Yamicsoft
2007-06-27 16:55:47 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\savIRC
2007-06-27 16:42:18 128576 --a------ C:\WINDOWS\system32\yxdreojf.dll
2007-06-27 15:59:08 0 d-------- C:\VundoFix Backups
2007-06-27 15:47:00 0 d-------- C:\Program Files\Java
2007-06-27 15:43:26 0 d-------- C:\Program Files\Common Files\Java
2007-06-27 15:10:40 0 d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-06-27 14:17:16 1226 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 14:10:19 60416 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-06-27 13:47:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-27 13:47:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-06-27 13:41:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-27 13:40:52 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-27 13:40:28 0 d-------- C:\WINDOWS\Internet Logs
2007-06-27 13:39:42 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-27 13:32:08 0 d-------- C:\Program Files\DAEMON Tools
2007-06-27 12:38:27 0 d---s---- C:\Documents and Settings\Nik Alsson\UserData
2007-06-27 12:36:34 128576 -----n--- C:\WINDOWS\system32\defrhysc.dll
2007-06-27 11:41:28 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\X-Chat 2
2007-06-27 11:34:52 0 d-------- C:\Program Files\Undelete Plus
2007-06-27 11:34:31 31254 --a------ C:\WINDOWS\system32\iifeddb.dll
2007-06-27 11:29:13 0 d-------- C:\Program Files\MSN Messenger
2007-06-27 11:28:11 0 d-------- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
2007-06-27 11:27:25 120490 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2007-06-27 11:27:24 0 d-------- C:\Program Files\File Renamer
2007-06-27 11:24:21 0 d-------- C:\Program Files\Winamp
2007-06-27 11:23:21 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-27 11:23:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-27 11:16:07 128576 --a------ C:\WINDOWS\system32\xnlwbihn.dll
2007-06-27 03:58:56 9488 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2007-06-27 03:58:13 0 d-------- C:\Program Files\Panda Software
2007-06-27 03:57:53 0 d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 03:55:01 0 d-------- C:\WINDOWS
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\WinSxS
2007-06-27 03:55:01 0 dr------- C:\WINDOWS\Web
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\twain_32
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\wins
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\wbem
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\usmt
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\spool
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\ShellExt
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\Setup
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\ras
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\oobe
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\npp
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\mui
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\inetsrv
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\IME
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\icsxml
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\ias
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\export
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\drivers
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-06-27 03:55:01 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\dhcp
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\config
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\3076
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\2052
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1054
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1042
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1041
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1037
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1035
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1033
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1031
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1028
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system32\1025
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\system
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\security
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Resources
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\repair
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\mui
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\msapps
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\msagent
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Media
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\java
2007-06-27 03:55:01 0 d--h----- C:\WINDOWS\inf
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\ime
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Help
2007-06-27 03:55:01 0 dr--s---- C:\WINDOWS\Fonts
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Driver Cache
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Debug
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Cursors
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Connection Wizard
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\Config
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\AppPatch
2007-06-27 03:55:01 0 d-------- C:\WINDOWS\addins
2007-06-27 03:54:05 0 d-------- C:\Program Files\CCleaner
2007-06-27 03:25:17 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\Macromedia
2007-06-27 03:25:12 1277 --a------ C:\WINDOWS\mozver.dat
2007-06-27 03:21:34 31254 --a------ C:\WINDOWS\system32\mljjjki.dll
2007-06-27 03:02:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-27 03:01:37 0 d-------- C:\WINDOWS\system32\Lang
2007-06-27 02:53:43 0 d-------- C:\Program Files\uTorrent
2007-06-27 02:53:34 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\uTorrent
2007-06-27 02:41:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-06-27 02:33:11 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-06-27 02:33:07 0 d-------- C:\Program Files\Realtek AC97
2007-06-27 02:32:25 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\WinRAR
2007-06-27 02:20:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-06-27 02:20:39 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\Azureus
2007-06-27 02:19:24 0 d-------- C:\Program Files\VideoLAN
2007-06-27 02:14:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-06-27 02:08:52 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-27 02:08:18 0 d-------- C:\Program Files\DIFX
2007-06-27 02:08:17 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-06-27 01:59:05 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-27 01:59:03 0 dr------- C:\Program Files
2007-06-27 01:59:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-27 01:58:42 0 d--h----- C:\Documents and Settings\Default User\Verkkoympäristö
2007-06-27 01:58:42 0 d-------- C:\Documents and Settings\Default User\Työpöytä
2007-06-27 01:58:42 0 d--h----- C:\Documents and Settings\Default User\Tulostinympäristö
2007-06-27 01:58:42 0 d-------- C:\Documents and Settings\Default User\Suosikit
2007-06-27 01:58:42 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-06-27 01:58:42 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-06-27 01:58:42 0 d--h----- C:\Documents and Settings\Default User\Mallit
2007-06-27 01:58:42 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-06-27 01:58:42 0 dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2007-06-27 01:58:42 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-06-27 01:58:42 0 d-------- C:\Documents and Settings\All Users\Työpöytä
2007-06-27 01:58:42 0 dr------- C:\Documents and Settings\All Users\Tiedostot
2007-06-27 01:58:42 0 d-------- C:\Documents and Settings\All Users\Suosikit
2007-06-27 01:58:42 0 d--h----- C:\Documents and Settings\All Users\Mallit
2007-06-27 01:58:42 0 dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2007-06-27 01:58:33 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-06-27 01:58:33 0 d-------- C:\WINDOWS\system32\CatRoot
2007-06-27 01:58:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-06-27 01:58:28 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-06-27 01:58:28 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-06-27 01:58:28 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-06-27 01:58:16 0 d-------- C:\Documents and Settings
2007-06-27 01:50:54 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-27 01:50:26 0 d-------- C:\WINDOWS\Downloaded Installations
2007-06-27 01:44:33 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-06-27 01:42:00 0 d-------- C:\Program Files\ASUSTeK
2007-06-27 01:41:53 992896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System>
2007-06-27 01:41:53 992896 --a------ C:\WINDOWS\system32\drivers\Bravo_a.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System>
2007-06-27 01:41:53 11008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
2007-06-27 01:41:53 10496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2007-06-27 01:41:53 241152 --a------ C:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
2007-06-27 01:41:52 2032640 --a------ C:\WINDOWS\system32\ATKOSDX32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game>
2007-06-27 01:41:52 37888 --a------ C:\WINDOWS\system32\ATKOGL32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUSTeK Computer Inc. AsusOGL>
2007-06-27 01:41:52 1667072 --a------ C:\WINDOWS\system32\ATKDispCPL.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS Display Property Page>
2007-06-27 01:41:52 228224 --a------ C:\WINDOWS\system32\ATKDISP.dll <Not Verified; ASUSTeK Computer Inc.; ASUS Windows 2000/XP Display Driver>
2007-06-27 01:41:52 46080 --a------ C:\WINDOWS\system32\asrussian.dll
2007-06-27 01:41:52 45568 --a------ C:\WINDOWS\system32\askorean.dll
2007-06-27 01:41:52 45568 --a------ C:\WINDOWS\system32\asjapan.dll
2007-06-27 01:41:52 46080 --a------ C:\WINDOWS\system32\asgerman.dll
2007-06-27 01:41:52 46592 --a------ C:\WINDOWS\system32\asfrench.dll
2007-06-27 01:41:52 46080 --a------ C:\WINDOWS\system32\aseng.dll
2007-06-27 01:41:52 45568 --a------ C:\WINDOWS\system32\ASCHT.dll
2007-06-27 01:41:52 45568 --a------ C:\WINDOWS\system32\aschs.dll
2007-06-27 01:41:23 0 d-------- C:\WINDOWS\nview
2007-06-27 01:40:04 11264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2007-06-27 01:39:05 0 d-------- C:\Program Files\Common Files\Raxco
2007-06-27 01:39:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-06-27 01:38:47 0 d-------- C:\Program Files\RAXCO
2007-06-27 01:37:50 0 d-------- C:\Program Files\NVIDIA Corporation
2007-06-27 01:37:01 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-06-27 01:31:59 0 d-------- C:\WINDOWS\OPTIONS
2007-06-27 01:31:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 01:31:55 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-27 01:28:59 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\FlashFXP
2007-06-27 01:26:55 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-27 01:26:54 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\Mozilla
2007-06-27 01:26:14 0 d-------- C:\Program Files\FlashFXP
2007-06-27 01:23:47 0 d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2007-06-27 01:23:23 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-06-27 01:23:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-06-27 01:23:20 0 d-------- C:\WINDOWS\Prefetch
2007-06-27 01:18:47 0 d-------- C:\WINDOWS\provisioning
2007-06-27 01:18:47 0 d-------- C:\WINDOWS\peernet
2007-06-27 01:17:52 0 d-------- C:\WINDOWS\ServicePackFiles
2007-06-27 01:15:52 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-27 01:14:56 0 d-------- C:\WINDOWS\EHome
2007-06-27 01:12:01 0 d-------- C:\WINDOWS\system32\Color
2007-06-27 01:12:01 0 d-------- C:\Compaq
2007-06-27 01:11:57 306688 --a------ C:\WINDOWS\IsUn040b.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-06-27 01:09:56 0 d--hs---- C:\WINDOWS\Installer
2007-06-27 01:09:54 0 d-------- C:\Documents and Settings\Nik Alsson\Application Data\Identities
2007-06-27 01:09:50 0 dr------- C:\Documents and Settings\Nik Alsson\Omat tiedostot
2007-06-27 01:09:48 0 d--h----- C:\Documents and Settings\Nik Alsson\Local Settings
2007-06-27 01:09:48 0 dr------- C:\Documents and Settings\Nik Alsson\Käynnistä-valikko
2007-06-27 01:09:48 0 d---s---- C:\Documents and Settings\Nik Alsson\Cookies
2007-06-27 01:09:48 0 dr-h----- C:\Documents and Settings\Nik Alsson\Application Data
2007-06-27 01:09:47 0 d--h----- C:\Documents and Settings\Nik Alsson\Verkkoympäristö
2007-06-27 01:09:47 0 d-------- C:\Documents and Settings\Nik Alsson\Työpöytä
2007-06-27 01:09:47 0 d--h----- C:\Documents and Settings\Nik Alsson\Tulostinympäristö
2007-06-27 01:09:47 0 dr------- C:\Documents and Settings\Nik Alsson\Suosikit
2007-06-27 01:09:47 0 dr-h----- C:\Documents and Settings\Nik Alsson\SendTo
2007-06-27 01:09:47 0 dr-h----- C:\Documents and Settings\Nik Alsson\Recent
2007-06-27 01:09:47 1310720 --ah----- C:\Documents and Settings\Nik Alsson\NTUSER.DAT
2007-06-27 01:09:47 0 d--h----- C:\Documents and Settings\Nik Alsson\Mallit
2007-06-27 01:09:10 0 d--hs---- C:\System Volume Information
2007-06-27 01:09:09 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-06-27 01:09:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-06-27 01:09:09 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-06-27 01:09:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-06-27 01:09:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-06-27 01:09:09 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-06-27 01:09:09 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-06-27 01:09:09 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-06-27 01:09:09 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-06-27 01:09:09 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-06-27 01:05:26 0 d-------- C:\WINDOWS\system32\xircom
2007-06-27 01:05:26 0 d-------- C:\Program Files\microsoft frontpage
2007-06-27 01:05:19 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-06-27 01:05:14 0 -rahs---- C:\MSDOS.SYS
2007-06-27 01:05:14 0 -rahs---- C:\IO.SYS
2007-06-27 01:05:14 0 --a------ C:\CONFIG.SYS
2007-06-27 01:05:14 0 --a------ C:\AUTOEXEC.BAT
2007-06-27 01:04:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-06-27 01:04:39 0 dr------- C:\WINDOWS\Offline Web Pages
2007-06-27 01:04:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-06-27 01:04:26 0 d-------- C:\WINDOWS\srchasst
2007-06-27 01:04:20 0 d-------- C:\WINDOWS\system32\Macromed
2007-06-27 01:04:20 0 d-------- C:\WINDOWS\system32\DirectX
2007-06-27 01:04:08 0 d-------- C:\Program Files\Movie Maker
2007-06-27 01:03:42 0 d-------- C:\WINDOWS\system32\Restore
2007-06-27 01:03:36 0 d-------- C:\WINDOWS\PCHEALTH
2007-06-27 01:03:30 0 d---s---- C:\WINDOWS\Tasks
2007-06-27 01:03:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-06-27 01:03:03 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-27 01:02:53 0 d-------- C:\WINDOWS\Registration
2007-06-27 01:02:48 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-27 01:02:48 0 d-------- C:\Program Files\Online Services
2007-06-27 01:02:44 0 d-------- C:\Program Files\Messenger
2007-06-27 01:02:37 0 d-------- C:\Program Files\MSN Gaming Zone
2007-06-27 01:02:28 0 d-------- C:\Program Files\Windows NT
2007-06-27 01:02:16 0 d-------- C:\WINDOWS\system32\MsDtc
2007-06-27 01:02:14 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-06-27 17:07:15 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-27 17:07:14 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-06-27 01:58:42 62 --ahs---- C:\Documents and Settings\Nik Alsson\Application Data\desktop.ini
2007-04-19 13:26:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-04-19 13:26:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 13:26:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-04-19 13:26:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 13:26:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-04-19 13:26:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-04-19 13:26:00 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 13:26:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 13:26:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-04-19 13:26:00 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2007-04-19 13:26:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{E5A1691B-D188-4419-AD02-90002030B8EE} C:\PROGRA~1\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"uTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6807262-1D7A-44AB-947B-23B71E97915C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-27 at 18:55:14 ---------

 

Tiiätkö

Poista ohjauspaneelin lisää/poista sovelluksen kautta

File Renamer

Sitte poista nää kansiot
C:\VundoFix Backups
C:\Program Files\File Renamer

========0

mee osoitteeseen http://www.virustotal.com

Laita piilotiedostot näkyviin ja tarkistuksen jälkeen piiloon takaisin

C:\WINDOWS\system32\yxdreojf.dll
C:\WINDOWS\system32\defrhysc.dll
C:\WINDOWS\system32\xnlwbihn.dll

Tarkista joku (tai jotkut) noista siellä ja laita sitten seuraavaan viestiin tulos mitää niis oli.

===========


Lataa Killbox Option^Explicitiltä.


[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\yxdreojf.dll
C:\WINDOWS\system32\defrhysc.dll
C:\WINDOWS\system32\xnlwbihn.dll

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

myös uusi HJTlogi

 

Scanning Report
Wednesday, June 27, 2007 19:39:07 - 20:35:33

Computer name: NIK
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 3 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System

W32/Malware.PZK (virus)

* D:\Muuta\Asennukset\Kaspersky Internet Security asennus\KasperskyAllKeys\AntiHacker\Crack.exe (Submitted)

Statistics
Scanned:

* Files: 109511
* System: 3589
* Not scanned: 64

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 1

Files not scanned:

&#65533;&#65533;x
&#65533;path>D:\PELIT\TALES OF PIRATES ONLINE\TEXTURE\BIGMAP\24.BMPD:\MUUTA\XBOX\SLAYERS EVOX AUTOINSTALL\SLAYERS.ISOD:\MUUTA\ULTIMATE BOOT DISK\UBCD411.ISOD:\Muuta\Asennukset\Kaspersky Internet Security asennus\KasperskyAllKeys\Use Kaspersky Without Any Keys or Serials and Update Easily.exe\AutoPlay/Audio/Click1.oggD:\MUUTA\ASENNUKSET\CIVILIZATION 4 ASENNUS\CIVILIZATION4.MDFD:\MUSIIKIT\TUNNARIT\10 - RAHXEPHON - HEMISPHERE.MP3D:\MUSIIKIT\TUNNARIT\KESENAI TSUMI.MP3D:\MUSIIKIT\MUUT\QUEEN - I WANT IT ALL.MP3D:\MUSIIKIT\MUUT\SCORPIONS - ROCK YOU LIKE A HURRICANE.MP3D:\MUSIIKIT\MUUT\TENACIOUS D - BEELZEBOSS (THE FINAL SHOWDOWN).MP3D:\MUSIIKIT\MACHINE HEAD\MUUT\MACHINE HEAD - SEASONS WITHER.MP3D:\MUSIIKIT\J-POP\AYUMI HAMASAKI - EVOLUTION.MP3D:\DOWNLOADS\NO ONE LVES FOREVER 2\NO.ONE.LIVES.FOREVER.2.V10.ENG.FAIRLIGHT.NOCD.ZIP.!UTD:\DOWNLOADS\NO ONE LVES FOREVER 2\NOLF2_CD1.MDF.!UTD:\DOWNLOADS\NO ONE LVES FOREVER 2\NOLF2_CD1.MDS.!UTD:\DOWNLOADS\NO ONE LVES FOREVER 2\NOLF2_CD2.MDF.!UTD:\DOWNLOADS\NO ONE LVES FOREVER 2\NO_ONE_LIVES_FOREVER_2-[CDCOVERS_CC]-BACK.JPG.!UTD:\DOWNLOADS\NO ONE LVES FOREVER 2\NO_ONE_LIVES_FOREVER_2-[CDCOVERS_CC]-FRONT.JPG.!UTD:\DOWNLOADS\FAHRENHEIT-RELOADED\RLD-FAHR.R05.!UTD:\DOWNLOADS\FAHRENHEIT-RELOADED\RLD-FAHR.R41.!UTD:\DOWNLOADS\FAHRENHEIT-RELOADED\RLD-FAHR.R42.!UT

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-06-27
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Libra: 2.4.2, 2007-06-25
* F-Secure Orion: 1.2.37, 2007-06-27
* F-Secure Pegasus: 1.19.0, 2007-05-26

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:37:17, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmat\HiJackThis!\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5028 bytes

 

ei sitte noita virustotalin tuloksia ollu, eipa se niin vakavaa, ois vaa ollu varmempaa sanoo et oot puhas.. joo eli krakkei kannata ehka ladata.

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HJT-koulu. Koulussa syvennytään HJT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

 

Ok, kiitos!