Onko jotain vinossa

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:29, on 24.9.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\dqjktkna\xqbitglm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\xctgxmjy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [shcmd] C:\Windows\system32\xctgxmjy.exe
O4 - HKLM\..\Policies\Explorer\Run: [JrUw08AGI0] C:\ProgramData\dqjktkna\xqbitglm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O21 - SSODL: UiMsg - {4F4340DB-CD1A-4809-DE6C-0739642F95EC} - C:\Program Files\yhqsls\UiMsg.dll
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\Windows\system32\emaudsv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7112 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1202
Windows 6.0.6001 Service Pack 1

24.9.2008 22:16:33
mbam-log-2008-09-24 (22-16-33).txt

Tarkistustyyppi: Täysi tarkistus (C:\|H:\|R:\|)
Tarkistetut kohteet: 71462
Kulunut aika: 21 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Tää oli toine ajo, ekas se löysi 5 sontaa ja poisti ne.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tässäpä tämä:
ComboFix 08-09-24.09 - Ž„li” 2008-09-25 11:22:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2040 [GMT 3:00]
Sijainti: C:\Users\Ž„li”\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Ž„li”\AppData\Roaming\Adobe\crc.dat
C:\Windows\msvrc20.dll

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://78.157.143.163
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-25 to 2008-09-25 )))))))))))))))))
.

2008-09-25 20:39 . 2008-01-18 23:45 333,203 -rahs---- C:\bootmgr
2008-09-25 20:35 . 2008-09-25 20:39 <KANSIO> d--hs---- C:\Boot
2008-09-24 20:51 . 2008-09-24 20:51 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-09-24 20:51 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\Malwarebytes
2008-09-24 20:51 . 2008-09-24 20:51 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-09-24 20:51 . 2008-09-24 20:52 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 20:51 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-24 20:51 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-24 09:17 . 2008-09-24 09:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-21 19:26 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\foobar2000
2008-09-21 19:26 . 2008-09-21 19:26 <KANSIO> d-------- C:\Program Files\foobar2000
2008-09-21 14:13 . 2008-09-24 20:11 <KANSIO> d-------- C:\Program Files\Wise Disk Cleaner 3 Pro
2008-09-20 21:12 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\IrfanView
2008-09-20 21:12 . 2008-09-20 21:12 <KANSIO> d-------- C:\Program Files\IrfanView
2008-09-20 14:53 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\Media Player Classic
2008-09-20 14:52 . 2008-09-20 14:52 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-09-20 14:52 . 2008-07-09 11:05 421,888 --a------ C:\Windows\System32\ac3filter.acm
2008-09-20 14:49 . 2008-09-20 17:40 <KANSIO> d-------- C:\Program Files\ffdshow
2008-09-20 14:49 . 2007-11-29 12:52 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-09-20 14:49 . 2006-10-02 13:44 5,120 --a------ C:\Windows\System32\ff_vfw.dll
2008-09-20 14:49 . 2006-08-05 12:06 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-09-20 14:48 . 2008-09-20 17:37 <KANSIO> d-------- C:\Program Files\TVersity Codec Pack
2008-09-20 14:47 . 2008-09-20 14:47 <KANSIO> d-------- C:\Program Files\TVersity
2008-09-20 14:46 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\vlc
2008-09-20 14:46 . 2008-09-20 14:46 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-09-19 18:09 . 2008-09-21 14:39 <KANSIO> d-------- C:\Users\All Users\AutoPowerOn
2008-09-19 18:09 . 2008-09-21 14:39 <KANSIO> d-------- C:\ProgramData\AutoPowerOn
2008-09-19 12:52 . 2008-09-19 12:52 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-19 12:21 . 2008-09-19 12:21 <KANSIO> d-------- C:\Program Files\PowerISO
2008-09-19 11:08 . 2008-09-19 13:00 <KANSIO> d-------- C:\Users\All Users\Nero
2008-09-19 11:08 . 2008-09-19 13:00 <KANSIO> d-------- C:\ProgramData\Nero
2008-09-19 10:15 . 2008-09-21 14:41 <KANSIO> d-------- C:\Program Files\MagicISO
2008-09-19 08:57 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\Ashampoo
2008-09-19 08:55 . 2008-09-19 08:55 <KANSIO> d-------- C:\Users\All Users\ashampoo
2008-09-19 08:55 . 2008-09-19 08:55 <KANSIO> d-------- C:\ProgramData\ashampoo
2008-09-19 08:55 . 2008-09-19 08:55 <KANSIO> d-------- C:\Program Files\Ashampoo
2008-09-19 08:47 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\Nero
2008-09-18 23:32 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\Symantec
2008-09-18 22:23 . 2008-08-07 17:31 138,080 --a------ C:\Windows\System32\drivers\symsnap.sys
2008-09-18 22:23 . 2008-08-13 17:07 38,112 --a------ C:\Windows\System32\drivers\v2imount.sys
2008-09-18 21:58 . 2008-09-18 22:23 <KANSIO> d----c--- C:\Windows\System32\DRVSTORE
2008-09-18 21:58 . 2008-09-18 21:58 <KANSIO> d-------- C:\Program Files\Norton Ghost
2008-09-18 21:58 . 2008-01-19 20:12 128,104 --a------ C:\Windows\System32\drivers\WimFltr.sys
2008-09-18 21:58 . 2008-01-19 19:31 109,360 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-18 21:58 . 2008-01-19 19:31 15,664 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-18 21:58 . 2008-01-19 19:40 15,088 --a------ C:\Windows\System32\drivers\vproeventmonitor.sys
2008-09-18 20:40 . 2008-09-18 19:54 2,731 --a------ C:\Windows\Fujitsu.xrm-ms
2008-09-18 17:57 . 2008-09-21 14:40 <KANSIO> d-------- C:\Program Files\Registry Clean Expert
2008-09-18 17:56 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\iExpert Software
2008-09-18 17:27 . 2008-09-18 17:27 <KANSIO> d-------- C:\Program Files\yhqsls
2008-09-18 17:26 . 2008-09-24 21:13 <KANSIO> d-------- C:\Users\All Users\dqjktkna
2008-09-18 17:26 . 2008-09-24 21:13 <KANSIO> d-------- C:\ProgramData\dqjktkna
2008-09-18 16:29 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-09-18 16:29 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-09-18 16:29 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-09-18 12:32 . 2008-09-18 12:32 16 --a------ C:\Windows\System32\coh.cache
2008-09-18 12:20 . 2008-09-19 08:26 <KANSIO> d-------- C:\Program Files\Norton 360
2008-09-18 12:19 . 2008-09-18 12:48 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-09-18 12:19 . 2008-09-18 12:48 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-09-18 12:19 . 2008-09-18 12:48 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-09-18 12:18 . 2008-09-25 05:59 <KANSIO> d-------- C:\Users\All Users\Symantec
2008-09-18 12:18 . 2008-09-25 05:59 <KANSIO> d-------- C:\ProgramData\Symantec
2008-09-18 12:18 . 2008-09-18 12:48 <KANSIO> d-------- C:\Program Files\Symantec
2008-09-18 12:18 . 2008-09-18 21:58 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-18 12:16 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\WinRAR
2008-09-18 11:42 . 2008-09-25 11:00 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-09-18 11:42 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\URSoft
2008-09-18 11:42 . 2008-09-25 11:00 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-09-18 11:42 . 2008-09-18 16:04 <KANSIO> d-------- C:\Program Files\Your Uninstaller 2008
2008-09-18 11:35 . 2008-09-25 09:40 54,911 --a------ C:\Windows\System32\oodbs.lor
2008-09-18 11:33 . 2008-09-18 11:33 0 --a------ C:\Windows\oodcnt.INI
2008-09-18 11:32 . 2008-09-18 11:32 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-09-18 11:32 . 2008-09-18 11:32 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-09-18 11:28 . 2008-09-18 11:28 <KANSIO> d-------- C:\Program Files\Windows Live
2008-09-18 11:28 . 2008-09-18 11:28 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-18 11:27 . 2008-09-21 14:38 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-09-18 11:27 . 2008-09-21 14:38 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-09-18 11:07 . 2008-09-25 09:51 <KANSIO> d-------- C:\Windows\System32\oodag
2008-09-18 11:01 . 2008-09-18 11:01 <KANSIO> d-------- C:\Program Files\OO Software
2008-09-18 10:49 . <KANSIO> C:\Users\Ääliö\AppData\Roaming\uTorrent
2008-09-18 10:49 . 2008-09-18 21:25 <KANSIO> d-------- C:\Program Files\uTorrent
2008-09-18 10:32 . 2008-09-18 10:32 <KANSIO> d-------- C:\Windows\Sun
2008-09-18 10:23 . 2008-09-18 10:23 <KANSIO> d-------- C:\Windows\System32\RTCOM
2008-09-18 10:23 . 2007-06-25 14:37 84,480 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-09-18 10:21 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-18 10:21 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-18 10:21 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-18 10:21 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-18 10:19 . 2008-09-21 14:41 <KANSIO> dr------- C:\DRIVER
2008-09-18 10:19 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-18 10:19 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-18 10:19 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-18 10:19 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-18 10:19 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-18 10:19 . 2006-10-30 12:22 8,192 --a------ C:\Windows\System32\drivers\AtiPcie.sys
2008-09-17 22:45 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-09-17 20:44 . 2008-09-17 20:45 <KANSIO> d-------- C:\Program Files\Java
2008-09-17 20:43 . 2008-09-24 20:03 <KANSIO> d--hs---- C:\Windows\Installer
2008-09-17 20:43 . 2008-09-17 20:43 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-09-17 20:37 . 2008-09-17 20:37 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2008-09-17 20:37 . 2008-09-17 20:37 <KANSIO> d-------- C:\ProgramData\NVIDIA
2008-09-17 20:30 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-17 20:29 . 2008-06-26 04:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-17 20:29 . 2008-06-26 04:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-17 20:29 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-17 20:28 . 2007-11-06 20:00 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-09-17 20:28 . 2008-06-26 06:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-17 20:28 . 2007-11-06 20:00 757,760 --a------ C:\Windows\System32\nvcplui.exe
2008-09-17 20:28 . 2007-11-06 20:00 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-09-17 20:28 . 2007-11-06 20:00 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-09-17 20:27 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-17 20:27 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-17 20:27 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-17 20:27 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-17 10:43 . 2008-09-17 10:43 <KANSIO> d-------- C:\Windows\System32\OEM
2008-09-17 10:43 . 2008-09-17 00:01 <KANSIO> d-------- C:\Windows\PANTHER
2008-09-17 10:43 . 2006-10-05 11:40 57,656 -ra------ C:\Windows\System32\OEMLOGO.BMP
2008-09-17 10:43 . 2006-10-05 11:40 57,656 -ra------ C:\Windows\FSC_LOGO_POSITIVE_JPG_MIDDLE.BMP
2008-09-17 10:43 . 2006-11-24 12:07 5,658 -ra------ C:\Windows\System32\OEMLOGO.PNG
2008-09-17 10:42 . 2008-09-17 00:50 <KANSIO> d-------- C:\Windows\System32\fi
2008-09-17 10:42 . 2008-09-17 00:50 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
2008-09-17 10:42 . 2008-09-17 10:42 <KANSIO> d-------- C:\Windows\fi-FI
2008-09-17 10:42 . 2008-09-25 09:48 435,388 --a------ C:\Windows\System32\perfh00B.dat
2008-09-17 10:42 . 2008-09-17 10:42 274,158 --a------ C:\Windows\System32\perfi00B.dat
2008-09-17 10:42 . 2008-09-25 09:48 80,514 --a------ C:\Windows\System32\perfc00B.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 11:46 --------- d-----w C:\Users\Ääliö\AppData\Roaming\vlc
2008-09-17 17:29 --------- d-----w C:\Program Files\Windows Mail
2008-09-16 21:57 174 --sha-w C:\Program Files\desktop.ini
2008-09-16 21:50 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-16 21:50 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-16 21:50 --------- d-----w C:\Program Files\Windows Defender
2008-09-16 21:50 --------- d-----w C:\Program Files\Windows Calendar
2008-09-16 21:36 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-16 21:36 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-16 21:03 --------- d-sh--w C:\ProgramData\Työpöytä
2008-09-16 21:03 --------- d-sh--w C:\ProgramData\Tiedostot
2008-09-16 21:03 --------- d-sh--w C:\ProgramData\Suosikit
2008-09-16 21:03 --------- d-sh--w C:\ProgramData\Mallit
2008-09-16 21:03 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-08-13 13:55 215,144 ----a-r C:\Windows\pw32a.dll
2008-08-13 13:55 215,144 ----a-r C:\Windows\patchw32.dll
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"E-MU USB Audio Control Panel"="C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe" [2007-11-26 274432]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-02-19 604920]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-18 267056]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 81920]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 2512392]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-08-13 2245984]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UiMsg"= {4F4340DB-CD1A-4809-DE6C-0739642F95EC} - C:\Program Files\yhqsls\UiMsg.dll [2008-09-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8F0F93CD-F9E8-4697-BFE7-AF802950B265}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A1CD2F65-0481-4DD7-9108-EBE085014F06}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AABA25D6-DC7E-4DEB-B99C-1B2B81BA71D0}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D3CEA6DC-71EC-49A5-8890-6730C12ECA6C}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{4056184C-F868-44FA-BDF0-E0B9B9FF65A8}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.004\IDSvix86.sys [2008-09-12 270384]
R2 emaudsv;E-MU Audio Service;C:\Windows\system32\emaudsv.exe [2007-11-26 20992]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\system32\dllhost.exe [2006-11-02 7168]
R3 emusba10;E-MU USB-Audio 1.0 Driver;C:\Windows\system32\DRIVERS\emusba10.sys [2007-11-26 163352]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2008-08-07 1558000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILDRVI7
*Newly Created Service* - PROCEXP90
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Täydentävä tarkistus -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ircdown.com/fi/index.php?rvs=hompag&d=79919074
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 11:24:07
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-09-25 11:25:53
ComboFix-quarantined-files.txt 2008-09-25 08:25:50

Ennen ajoa: 28ÿ725ÿ354ÿ496 tavua vapaana
Ajon jälkeen: 28,697,825,280 tavua vapaana

255

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22, on 25.9.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919074
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O21 - SSODL: UiMsg - {4F4340DB-CD1A-4809-DE6C-0739642F95EC} - C:\Program Files\yhqsls\UiMsg.dll
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\Windows\system32\emaudsv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6340 bytes

 

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

=================
sulla on siellä tämmöinen

C:\Program Files\yhqsls


Lähetetääs tiedosto Virustotaliin
virustotal

1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto:
C:\Program Files\yhqsls\UiMsg.dll
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.

 

smitfraudfix.cmd

Tommosta ei löydy

 

Puritko sen zipin
sitten löytyy SmitfraudFix tuplalikkaa sitä

 

tuplaklikkaan sitä ja se sanoo.paina mitä nappia hyvänsä ja katoaa.

Jo toimii:

SmitFraudFix v2.354

Scan done at 13:42:39,09, to 25.09.2008
Run from C:\Users\Ž„li”\Downloads\SmitfraudFix
OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\emaudsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ž„li”


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ž„li”\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LID6DD~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!




»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E80F05B-B329-468A-B8CC-232FA68ACB59}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E80F05B-B329-468A-B8CC-232FA68ACB59}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3E80F05B-B329-468A-B8CC-232FA68ACB59}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

onko se taulu punainen?
Silloin et ole purkanut sitä zip kansioo

 

ei ole kuin rar kansio joka on purettu

 

mitäs tietoo tuosta löytyy

C:\Program Files\yhqsls <-- mitäs tuosta sanoo ominaisuudet
C:\Program Files\yhqsls\UiMsg.dll <- mitäs virustotaali tuosta sanoo

 

Ei mitään, pyyhkäsin hitoille ne.

 

Tos on viel hijaktis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:11, on 25.9.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919074
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O21 - SSODL: UiMsg - {4F4340DB-CD1A-4809-DE6C-0739642F95EC} - C:\Program Files\yhqsls\UiMsg.dll (file missing)
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\Windows\system32\emaudsv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6058 bytes

 

Raakaa peliä mutta ei siintä muutakaan tietoa löydy.

scannaa hjt:llä merkkaa paina Fix checked

O21 - SSODL: UiMsg - {4F4340DB-CD1A-4809-DE6C-0739642F95EC} - C:\Program Files\yhqsls\UiMsg.dll (file missing)

===========

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

===========

Lataa Tästä Ccleaner
CCleaner v 2.11.636.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

===========

Mites kone noin muuten toimii

 

lisätty ylös

 

Helvetin hienosti, kiitos paljon vaivan näöstä, kiitän ja kumarran.