Virus - hjt log

Mitä Pitäis Poistaa ??? tossa logi : Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:13:35, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Ohjelmat\AntiVir PersonalEdition Classic\sched.exe
D:\Ohjelmat\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
D:\Ohjelmat\AntiVir PersonalEdition Classic\avgnt.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Ohjelmat\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
D:\OHJELMAT\MOZILL~1\FIREFOX.EXE
d:\Ohjelmat\FREEDO~1\fdm.exe
D:\Ohjelmat\Hjt\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {245A7328-A7BA-427F-BE11-847CA8174FF0} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\gebcbaw.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\ahdyriww.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8A7BB324-8DF4-41AF-981B-24B58750A0E3} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Ohjelmat\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\drsdqfde.dll (file missing)
O2 - BHO: (no name) - {D6ABD8EC-B45C-4A71-B78B-06B105CD8577} - C:\WINDOWS\system32\nkfnmqvo.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avgnt] "D:\Ohjelmat\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [j6291133] rundll32 C:\WINDOWS\system32\j6291133.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\bceybdbu.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll
O20 - Winlogon Notify: gebcbaw - C:\WINDOWS\SYSTEM32\gebcbaw.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Ohjelmat\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Ohjelmat\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aqnjvpkv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

--
End of file - 8612 bytes

 

Poista ohjauspaneelin lisää/poista sovelluksen kautta

VSToolBar,

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

myös uusi hjtlogi

 

Vundofix : VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 21:07:23 8.7.2007

Listing files found while scanning....

C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\windows\system32\achlcnox.dll
C:\WINDOWS\system32\ahdyriww.dll
C:\windows\system32\aoocbhfw.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\windows\system32\ayadd.tmp
C:\WINDOWS\system32\bceybdbu.dll
C:\WINDOWS\system32\bgyiqthr.dll
C:\windows\system32\buhmaqjh.dll
C:\WINDOWS\system32\chmdpbhu.dll
C:\windows\system32\dadabikj.exe
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\drsdqfde.dll
C:\windows\system32\eopmuhlm.dll
C:\WINDOWS\system32\gebcbaw.dll
C:\WINDOWS\system32\gebcy.dll
C:\windows\system32\gfsacuiq.ini
C:\windows\system32\ghcyrohm.ini
C:\WINDOWS\system32\hibjathm.dll
C:\windows\system32\hjqamhub.ini
C:\windows\system32\jwkkerwp.ini
C:\windows\system32\ljjkkll.dll
C:\windows\system32\lobfrkgd.exe
C:\windows\system32\mhorychg.dll
C:\windows\system32\mlhumpoe.ini
C:\WINDOWS\system32\nfjgqpfl.dll
C:\windows\system32\ofdccist.ini
C:\windows\system32\owvghmaa.exe
C:\windows\system32\pcwoyotq.dll
C:\windows\system32\phxioefs.ini
C:\windows\system32\pwrekkwj.dll
C:\WINDOWS\system32\qaakxhyl.dll
C:\windows\system32\qhocxnqu.dll
C:\windows\system32\qiucasfg.dll
C:\windows\system32\qtoyowcp.ini
C:\windows\system32\repelvjn.exe
C:\WINDOWS\system32\sbypnflj.dll
C:\windows\system32\sfeoixhp.dll
C:\windows\system32\ssqnlll.dll
C:\WINDOWS\system32\tjqgetjh.dll
C:\windows\system32\tqgooyky.ini
C:\windows\system32\tsiccdfo.dll
C:\WINDOWS\system32\ubdbyecb.ini
C:\windows\system32\uqnxcohq.ini
C:\windows\system32\utrwastr.exe
C:\WINDOWS\system32\uxkwspva.dll
C:\windows\system32\wfhbcooa.dll
C:\windows\system32\xaglxags.exe
C:\windows\system32\xonclhca.ini
C:\windows\system32\ykyoogqt.dll
C:\windows\system32\ypmhbihe.exe

Beginning removal...

Attempting to delete C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Mikaelos\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\windows\system32\achlcnox.dll
C:\windows\system32\achlcnox.dll Has been deleted!

Attempting to delete C:\windows\system32\aoocbhfw.ini
C:\windows\system32\aoocbhfw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bceybdbu.dll
C:\WINDOWS\system32\bceybdbu.dll Has been deleted!

Attempting to delete C:\windows\system32\buhmaqjh.dll
C:\windows\system32\buhmaqjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\chmdpbhu.dll
C:\WINDOWS\system32\chmdpbhu.dll Has been deleted!

Attempting to delete C:\windows\system32\dadabikj.exe
C:\windows\system32\dadabikj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Could not be deleted.

Attempting to delete C:\windows\system32\eopmuhlm.dll
C:\windows\system32\eopmuhlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcbaw.dll
C:\WINDOWS\system32\gebcbaw.dll Could not be deleted.

Attempting to delete C:\windows\system32\gfsacuiq.ini
C:\windows\system32\gfsacuiq.ini Has been deleted!

Attempting to delete C:\windows\system32\ghcyrohm.ini
C:\windows\system32\ghcyrohm.ini Has been deleted!

Attempting to delete C:\windows\system32\hjqamhub.ini
C:\windows\system32\hjqamhub.ini Has been deleted!

Attempting to delete C:\windows\system32\jwkkerwp.ini
C:\windows\system32\jwkkerwp.ini Has been deleted!

Attempting to delete C:\windows\system32\ljjkkll.dll
C:\windows\system32\ljjkkll.dll Has been deleted!

Attempting to delete C:\windows\system32\lobfrkgd.exe
C:\windows\system32\lobfrkgd.exe Has been deleted!

Attempting to delete C:\windows\system32\mhorychg.dll
C:\windows\system32\mhorychg.dll Has been deleted!

Attempting to delete C:\windows\system32\mlhumpoe.ini
C:\windows\system32\mlhumpoe.ini Has been deleted!

Attempting to delete C:\windows\system32\ofdccist.ini
C:\windows\system32\ofdccist.ini Has been deleted!

Attempting to delete C:\windows\system32\owvghmaa.exe
C:\windows\system32\owvghmaa.exe Has been deleted!

Attempting to delete C:\windows\system32\pcwoyotq.dll
C:\windows\system32\pcwoyotq.dll Has been deleted!

Attempting to delete C:\windows\system32\phxioefs.ini
C:\windows\system32\phxioefs.ini Has been deleted!

Attempting to delete C:\windows\system32\pwrekkwj.dll
C:\windows\system32\pwrekkwj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qaakxhyl.dll
C:\WINDOWS\system32\qaakxhyl.dll Has been deleted!

Attempting to delete C:\windows\system32\qhocxnqu.dll
C:\windows\system32\qhocxnqu.dll Has been deleted!

Attempting to delete C:\windows\system32\qiucasfg.dll
C:\windows\system32\qiucasfg.dll Has been deleted!

Attempting to delete C:\windows\system32\qtoyowcp.ini
C:\windows\system32\qtoyowcp.ini Has been deleted!

Attempting to delete C:\windows\system32\repelvjn.exe
C:\windows\system32\repelvjn.exe Has been deleted!

Attempting to delete C:\windows\system32\sfeoixhp.dll
C:\windows\system32\sfeoixhp.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqnlll.dll
C:\windows\system32\ssqnlll.dll Has been deleted!

Attempting to delete C:\windows\system32\tqgooyky.ini
C:\windows\system32\tqgooyky.ini Has been deleted!

Attempting to delete C:\windows\system32\tsiccdfo.dll
C:\windows\system32\tsiccdfo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ubdbyecb.ini
C:\WINDOWS\system32\ubdbyecb.ini Has been deleted!

Attempting to delete C:\windows\system32\uqnxcohq.ini
C:\windows\system32\uqnxcohq.ini Has been deleted!

Attempting to delete C:\windows\system32\utrwastr.exe
C:\windows\system32\utrwastr.exe Has been deleted!

Attempting to delete C:\windows\system32\wfhbcooa.dll
C:\windows\system32\wfhbcooa.dll Has been deleted!

Attempting to delete C:\windows\system32\xaglxags.exe
C:\windows\system32\xaglxags.exe Has been deleted!

Attempting to delete C:\windows\system32\xonclhca.ini
C:\windows\system32\xonclhca.ini Has been deleted!

Attempting to delete C:\windows\system32\ykyoogqt.dll
C:\windows\system32\ykyoogqt.dll Has been deleted!

Attempting to delete C:\windows\system32\ypmhbihe.exe
C:\windows\system32\ypmhbihe.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcbaw.dll
C:\WINDOWS\system32\gebcbaw.dll Has been deleted!

Performing Repairs to the registry.
Done!



HJT : Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:24:13, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\OHJELMAT\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
d:\Ohjelmat\FREEDO~1\fdm.exe
C:\WINDOWS\system32\drwtsn32.exe
D:\Ohjelmat\Hjt\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8A7BB324-8DF4-41AF-981B-24B58750A0E3} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Ohjelmat\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D6ABD8EC-B45C-4A71-B78B-06B105CD8577} - C:\WINDOWS\system32\nkfnmqvo.dll (file missing)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [j6291133] rundll32 C:\WINDOWS\system32\j6291133.dll sook
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aqnjvpkv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

--
End of file - 7265 bytes

 

Ajappas toi combofix viel ja sen logi

 

"Mikaelos" - 2007-07-08 21:38:10 - ComboFix 07-07-07.3 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Mikaelos\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TBXMNCSU\www.broadcaster.com
C:\DOCUME~1\Mikaelos\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Mikaelos\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Mikaelos\APPLIC~1.\searchtoolbarcorp
C:\Program Files\deskalerts
C:\Program Files\deskalerts\deskbar.dll
C:\Program Files\vsadd-in


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


2007-07-08 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-07-08 19:26 50,708 --a------ C:\WINDOWS\system32\xnauovmg.exe
2007-07-08 18:16 50,708 --a------ C:\WINDOWS\system32\iuturiiv.exe
2007-07-08 15:09 50,708 --a------ C:\WINDOWS\system32\xdncpbye.exe
2007-07-08 12:54 50,708 --a------ C:\WINDOWS\system32\sofinqhm.exe
2007-07-07 13:20 50,708 --a------ C:\WINDOWS\system32\ablterxw.exe
2007-07-07 12:45 50,708 --a------ C:\WINDOWS\system32\ypatmudx.exe
2007-07-06 13:01 50,708 --a------ C:\WINDOWS\system32\kbqfsddw.exe
2007-06-30 17:22 67,318 --a------ C:\WINDOWS\War3Unin.dat
2007-06-30 17:22 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-30 17:22 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-28 11:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-26 15:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 18:30:10 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Free Download Manager
2007-07-08 16:13:02 940,587 --sha-w C:\WINDOWS\system32\ycbeg.ini2
2007-07-08 16:10:03 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\uTorrent
2007-07-08 15:16:47 941,288 --sha-w C:\WINDOWS\system32\ycbeg.bak2
2007-07-04 11:34:16 941,768 --sha-w C:\WINDOWS\system32\ycbeg.bak1
2007-06-07 16:14:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 13:34:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-03 21:10:53 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Media Player Classic
2007-05-29 20:12:32 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BearShare
2007-05-28 13:14:31 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Screaming Bee
2007-05-28 13:13:50 -------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-05-19 19:05:32 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Real
2007-05-19 19:03:08 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-19 19:03:01 -------- d-----w C:\Program Files\Common Files\Real
2007-05-17 18:16:08 3,360 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-05-17 18:15:38 10,883,960 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-05-17 15:22:19 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\CoreCodec
2007-05-17 15:21:28 -------- d-----w C:\Program Files\Haali
2007-05-17 15:17:40 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer
2007-05-17 15:13:11 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer Pro
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 17:11:34 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-14 13:16:35 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Help
2007-05-14 13:15:13 13,008 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-13 06:49:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-10 16:54:48 2,451 ----a-w C:\WINDOWS\system32\wbers.dat
2007-05-09 18:29:58 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Azureus
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ D:\Ohjelmat\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A7BB324-8DF4-41AF-981B-24B58750A0E3}]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
2006-08-20 20:55 81920 --a------ d:\Ohjelmat\Free Download Manager\iefdmcks.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6ABD8EC-B45C-4A71-B78B-06B105CD8577}]
C:\WINDOWS\system32\nkfnmqvo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="D:\Ohjelmat\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"DAEMON Tools"="d:\Ohjelmat\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"SunJavaUpdateSched"="D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="D:\Ohjelmat\QuickTime\qttask.exe" [2006-12-28 08:45]
"Control Center"="d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe" [2004-05-05 15:18]
"RemoteControl"="d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57]
"LanguageShortcut"="d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"PWRISOVM.EXE"="D:\Ohjelmat\PowerISO\PWRISOVM.EXE" [2006-07-29 14:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 22:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-08 20:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"DesktopX"="D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" []
"Steam"="D:\Ohjelmat\Steam\Steam.exe" [2007-06-28 11:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 21:40:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 21:41:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 21:41

--- E O F ---

 

Ja uus HJT logi : Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:44:12, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Ohjelmat\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\OHJELMAT\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Ohjelmat\Hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8A7BB324-8DF4-41AF-981B-24B58750A0E3} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Ohjelmat\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D6ABD8EC-B45C-4A71-B78B-06B105CD8577} - C:\WINDOWS\system32\nkfnmqvo.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Ohjelmat\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

--
End of file - 6640 bytes

 

Pitäs nopeesti saada apua ku täyttyy Kovalevyt...

 

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {8A7BB324-8DF4-41AF-981B-24B58750A0E3} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {D6ABD8EC-B45C-4A71-B78B-06B105CD8577} - C:\WINDOWS\system32\nkfnmqvo.dll (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)

Tässä ohje miten merkataan:


===========

Poista ohjauspaneelin lisää/poista sovelluksen kautta jos on

BearShare
Free Download Manager


Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=========

Mene spykilleriin

Klikkaa new topic, anna otsikoksi "Files for Atri and Subs (vundofiles and domainservice)"
Lisää viestiin tämän viestiketjun linkki, sitten liitä zip-tiedosto viestiin ja lähetä viesti.
Tämä zip tiedosto löytyy työpöydältäsi, sen lähettämisen jälkeen voit poistaa sen.

===========

Lataa RogueRemover
(tai tästä)

Tallenna rr-free-setup.exe työpöydällesi.
Klikkaa rr-free-setup.exe aloittaksesi ohjelman asennuksen

*Klikkaa Next ja sitten I agree ja lopuksi Install
*Ota rasti pois Show Readme edestä ja paina Finish
*Tämä käynnistää RogueRemover-ohjelman
*Sulje Help- kkunan
*Paina Check for updates
*Jos on uusia päivityksiä saatavilla, paina Download
*Odota, että ohjelma lataa ja asentaa uudet päivitykset,kun valmis paina Close päivitysikkunassa
*Paina Scan

*Jos ei mitään löytynyt ,sulje RogueRemover
*Jos RogueRemover löysi jotain, niin se esittelee listan löydetyistä tiedostoista
*Paina Save log
*Paina OK ponnahdusikkunassa
*Paina Remove selected
*Paina YES ponnahdusikkunassa
*Odota että ohjelma suorittaa tiedostojen poistoa loppuun,sen jälkeen sulje RogueRemover
*Käytä muistiota (Notepad) avataaksesi tämän tiedoston

C:\Program Files\RogueRemover\RRLog******.txt
Huom: ****** on aika kun ajoit RogueRemoverin

Lähetä tämä loki tiedosto viestiketjuusi

==========

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

Eiköhän tän jälkee olla viisampia, nyt varmistellaa ja katotaa löytyyks viel mitä.

 

"Mikaelos" - 2007-07-08 22:29:08 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Mikaelos\Desktop\CFSript.txt


((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


2007-07-08 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-07-08 19:26 50,708 --a------ C:\WINDOWS\system32\xnauovmg.exe
2007-07-08 18:16 50,708 --a------ C:\WINDOWS\system32\iuturiiv.exe
2007-07-08 15:09 50,708 --a------ C:\WINDOWS\system32\xdncpbye.exe
2007-07-08 12:54 50,708 --a------ C:\WINDOWS\system32\sofinqhm.exe
2007-07-07 13:20 50,708 --a------ C:\WINDOWS\system32\ablterxw.exe
2007-07-07 12:45 50,708 --a------ C:\WINDOWS\system32\ypatmudx.exe
2007-07-06 13:01 50,708 --a------ C:\WINDOWS\system32\kbqfsddw.exe
2007-06-30 17:22 67,318 --a------ C:\WINDOWS\War3Unin.dat
2007-06-30 17:22 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-30 17:22 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-28 11:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-26 15:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 16:13:02 940,587 --sha-w C:\WINDOWS\system32\ycbeg.ini2
2007-07-08 16:10:03 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\uTorrent
2007-07-08 15:16:47 941,288 --sha-w C:\WINDOWS\system32\ycbeg.bak2
2007-07-04 11:34:16 941,768 --sha-w C:\WINDOWS\system32\ycbeg.bak1
2007-06-07 16:14:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 13:34:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-03 21:10:53 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Media Player Classic
2007-05-28 13:14:31 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Screaming Bee
2007-05-28 13:13:50 -------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-05-19 19:05:32 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Real
2007-05-19 19:03:08 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-19 19:03:01 -------- d-----w C:\Program Files\Common Files\Real
2007-05-17 18:16:08 3,360 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-05-17 18:15:38 10,883,960 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-05-17 15:22:19 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\CoreCodec
2007-05-17 15:21:28 -------- d-----w C:\Program Files\Haali
2007-05-17 15:17:40 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer
2007-05-17 15:13:11 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer Pro
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 17:11:34 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-14 13:16:35 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Help
2007-05-14 13:15:13 13,008 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-13 06:49:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-10 16:54:48 2,451 ----a-w C:\WINDOWS\system32\wbers.dat
2007-05-09 18:29:58 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Azureus
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ D:\Ohjelmat\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="D:\Ohjelmat\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"DAEMON Tools"="d:\Ohjelmat\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"SunJavaUpdateSched"="D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="D:\Ohjelmat\QuickTime\qttask.exe" [2006-12-28 08:45]
"Control Center"="d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe" [2004-05-05 15:18]
"RemoteControl"="d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57]
"LanguageShortcut"="d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"PWRISOVM.EXE"="D:\Ohjelmat\PowerISO\PWRISOVM.EXE" [2006-07-29 14:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 22:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-08 20:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"DesktopX"="D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" []
"Steam"="D:\Ohjelmat\Steam\Steam.exe" [2007-06-28 11:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 22:30:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-08 22:31:35
C:\ComboFix-quarantined-files.txt ... 2007-07-08 22:30
C:\ComboFix2.txt ... 2007-07-08 21:41

--- E O F ---

 

Moi, nyt ei onnistunut tuo pyytämäni asia, eli laitoitko notepadin alkuun esim. tyhjää riviä (ei pidä olla) ja raahasitko tuolleen kuten ohjeessa on? voisitko koittaa uudestaan.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 09, 2007 12:15:26 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/07/2007
Kaspersky Anti-Virus database records: 359736
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 78832
Number of viruses found: 18
Number of infected objects: 62 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:21:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\history.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\key3.db Object is locked skipped
C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mikaelos\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Temp\fla28.tmp Object is locked skipped
C:\Documents and Settings\Mikaelos\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mikaelos\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\DeskAlerts\deskbar.dll.vir Infected: not-a-virus:AdWare.Win32.Softomate.ai skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\VundoFix Backups\achlcnox.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\bceybdbu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\buhmaqjh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\chmdpbhu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\dadabikj.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ddaya.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\eopmuhlm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\gebcbaw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.it skipped
C:\VundoFix Backups\ljjkkll.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\lobfrkgd.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mhorychg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\owvghmaa.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\pcwoyotq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\pwrekkwj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\qaakxhyl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\VundoFix Backups\qhocxnqu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\qiucasfg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\VundoFix Backups\repelvjn.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\sfeoixhp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\ssqnlll.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.it skipped
C:\VundoFix Backups\tsiccdfo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\utrwastr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wfhbcooa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\xaglxags.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykyoogqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\ypmhbihe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\ablterxw.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4957.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iuturiiv.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\kbqfsddw.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\sofinqhm.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xdncpbye.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\xnauovmg.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ypatmudx.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Imutetut tavarat\Ohjelmat\BSPlayer\bsplayer212.941_video.exe/data0012 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\Imutetut tavarat\Ohjelmat\BSPlayer\bsplayer212.941_video.exe NSIS: infected - 1 skipped
D:\Imutetut tavarat\Ohjelmat\mIRC\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Imutetut tavarat\Ohjelmat\mIRC\mirc617.exe mIRC: infected - 1 skipped
D:\Imutetut tavarat\Warcraft3\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\Warcraft3keygen.exe.exe Infected: Backdoor.Win32.Hupigon.bde skipped
D:\Ohjelmat\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\Ohjelmat\Sygate\SPF\debug.log Object is locked skipped
D:\Ohjelmat\Sygate\SPF\rawlog.log Object is locked skipped
D:\Ohjelmat\Sygate\SPF\seclog.log Object is locked skipped
D:\Ohjelmat\Sygate\SPF\syslog.log Object is locked skipped
D:\Ohjelmat\Sygate\SPF\tralog.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0055764.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057002.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057002.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057002.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057002.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057002.exe WiseSFX Dropper: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057003.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057003.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057003.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057003.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057003.exe WiseSFX Dropper: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057004.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057004.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057004.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057004.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057004.exe WiseSFX Dropper: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057005.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057005.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057005.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057005.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{F612B6DE-3B67-4427-AF10-921DEBAD377E}\RP292\A0057005.exe WiseSFX Dropper: infected - 3 skipped

Scan process completed.

 

Tossa on ylimmäisenä Main.txt ja alimmaisena Extra.txt


Deckard's System Scanner v20070611.50
Run by Mikaelos on 2007-07-09 at 00:16:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2007-07-08 21:16:58 UTC - RP297 - Deckard's System Scanner Restore Point


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-09 00:18:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Ohjelmat\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mikaelos\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - "C:\Program Files\Cyberlink\Shared files\RichVideo.exe"


-- HijackThis Fixed Entries (D:\Ohjelmat\Hjt\backups\) -------------------------

backup-20070708-222637-920 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20070708-222638-490 O2 - BHO: (no name) - {D6ABD8EC-B45C-4A71-B78B-06B105CD8577} - C:\WINDOWS\system32\nkfnmqvo.dll (file missing)
backup-20070708-222638-710 O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
backup-20070708-222638-783 O2 - BHO: (no name) - {8A7BB324-8DF4-41AF-981B-24B58750A0E3} - C:\WINDOWS\system32\gebcy.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>

S3 cdrmkaun - c:\docume~1\mikaelos\locals~1\temp\cdrmkaun.sys (file missing)
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Files created between 2007-06-09 and 2007-07-09 -----------------------------

2007-07-08 22:41:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-08 22:41:26 0 d-------- C:\WINDOWS\LastGood
2007-07-08 22:37:06 0 d-------- C:\Program Files\RogueRemover
2007-07-08 21:07:23 0 d-------- C:\VundoFix Backups
2007-07-08 20:35:34 0 dr-h----- C:\$VAULT$.AVG
2007-07-08 20:07:50 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\AVG7
2007-07-08 20:07:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-07-08 20:07:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-08 19:38:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-07-08 19:26:32 50708 --a------ C:\WINDOWS\system32\xnauovmg.exe <Not Verified; ; DDC>
2007-07-08 18:16:47 50708 --a------ C:\WINDOWS\system32\iuturiiv.exe <Not Verified; ; DDC>
2007-07-08 15:09:43 50708 --a------ C:\WINDOWS\system32\xdncpbye.exe <Not Verified; ; DDC>
2007-07-08 12:54:53 50708 --a------ C:\WINDOWS\system32\sofinqhm.exe <Not Verified; ; DDC>
2007-07-07 13:20:26 50708 --a------ C:\WINDOWS\system32\ablterxw.exe <Not Verified; ; DDC>
2007-07-07 12:45:49 50708 --a------ C:\WINDOWS\system32\ypatmudx.exe <Not Verified; ; DDC>
2007-07-06 13:01:55 50708 --a------ C:\WINDOWS\system32\kbqfsddw.exe <Not Verified; ; DDC>
2007-06-30 17:22:09 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-30 17:22:09 67318 --a------ C:\WINDOWS\War3Unin.dat
2007-06-30 17:22:08 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-06-28 11:30:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-06-26 15:56:02 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2007-07-08 19:13:02 940587 --ahs---- C:\WINDOWS\system32\ycbeg.ini2
2007-07-08 19:10:03 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\uTorrent
2007-07-08 18:16:47 941288 --ahs---- C:\WINDOWS\system32\ycbeg.bak2
2007-07-04 14:34:16 941768 --ahs---- C:\WINDOWS\system32\ycbeg.bak1
2007-06-07 19:14:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-07 16:34:42 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-06-04 00:10:53 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\Media Player Classic
2007-05-28 16:14:31 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\Screaming Bee
2007-05-28 16:13:50 0 d-------- C:\Program Files\Common Files\Screaming Bee
2007-05-19 22:05:32 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\Real
2007-05-19 22:03:08 0 d-------- C:\Program Files\Common Files\xing shared
2007-05-19 22:03:01 0 d-------- C:\Program Files\Common Files\Real
2007-05-17 21:16:08 3360 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-05-17 18:22:19 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\CoreCodec
2007-05-17 18:21:28 0 d-------- C:\Program Files\Haali
2007-05-17 18:17:40 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\BSplayer
2007-05-17 18:13:11 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\BSplayer Pro
2007-05-15 20:11:34 0 d-------- C:\Program Files\MSXML 4.0
2007-05-14 16:16:35 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\Help
2007-05-14 16:15:13 13008 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-13 09:49:29 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-10 19:54:48 2451 --a------ C:\WINDOWS\system32\wbers.dat
2007-05-09 21:29:58 0 d-------- C:\Documents and Settings\Mikaelos\Application Data\Azureus


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} D:\Ohjelmat\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"SmcService"="D:\\Ohjelmat\\Sygate\\SPF\\smc.exe -startgui"
"DAEMON Tools"="\"d:\\Ohjelmat\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SunJavaUpdateSched"="\"D:\\Ohjelmat\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"D:\\Ohjelmat\\QuickTime\\qttask.exe\" -atboottime"
"Control Center"="d:\\Ohjelmat\\ASUS\\WLAN Card Utilities\\Center.exe"
"RemoteControl"="d:\\Ohjelmat\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="d:\\Ohjelmat\\CyberLink\\PowerDVD\\Language\\Language.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
"PWRISOVM.EXE"="D:\\Ohjelmat\\PowerISO\\PWRISOVM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DesktopX"="\"D:\\Ohjelmat\\Stardock\\OBJECT~1\\DesktopX\\DesktopX Builder.exe\" -noui"
"Steam"="\"D:\\Ohjelmat\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME


-- End of Deckard's System Scanner: finished at 2007-07-09 at 00:18:58 ---------


Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1023.23 MiB / 486.39 MiB
Pagefile Memory (total/avail): 2459.52 MiB / 2014.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.52 MiB

C: is Fixed (NTFS) - 9.77 GiB total, 3.41 GiB free.
D: is Fixed (NTFS) - 139.27 GiB total, 95.72 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mikaelos\Application Data
CLASSPATH=.;D:\Ohjelmat\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KOTI-UXIIRTM3SQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mikaelos
LOGONSERVER=\\KOTI-UXIIRTM3SQ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;D:\Ohjelmat\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=D:\Ohjelmat\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=d:\ohjelmat\steam\steamapps\paskahousu666\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mikaelos\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mikaelos\LOCALS~1\Temp
USERDOMAIN=KOTI-UXIIRTM3SQ
USERNAME=Mikaelos
USERPROFILE=C:\Documents and Settings\Mikaelos
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Mikaelos (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> d:\ohjelmat\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> D:\Ohjelmat\Lavasoft\AD-AWA~1\UNWISE.EXE D:\Ohjelmat\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{7B76034B-B3ED-46D5-8C66-DEB102CB830A}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
µTorrent --> "D:\Ohjelmat\utorrent\uninstall.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BrainBread v1.2 --> d:\ohjelmat\steam\steamapps\paskahousu666\half-life\unins001.exe
Counter-Strike: Condition Zero --> D:\Pelit\Valve\CONDIT~1\UNWISE.EXE D:\Pelit\Valve\CONDIT~1\INSTALL.LOG
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DivX Codec --> d:\ohjelmat\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> d:\ohjelmat\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> d:\ohjelmat\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> d:\ohjelmat\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> d:\ohjelmat\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule++ 2.0a --> d:\Ohjelmat\eMule++\uninst.exe
GoldWave v5.12 --> "D:\Ohjelmat\GoldWave\GoldWave\unstall.exe" "GoldWave v5.12" "D:\Ohjelmat\GoldWave\GoldWave\unstall.log"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Half-Life --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/70
Half-Life 2 --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/340
HijackThis 2.0.0 --> "C:\Documents and Settings\Mikaelos\Desktop\HijackThis.exe" /uninstall
HL2 Co-Operative Follow Freeman Client 1.01 --> D:\Ohjelmat\Steam\steamapps\SourceMods\HL2coop\uninst.exe
HL2 Co-Operative Follow Freeman Server 1.01 --> d:\ohjelmat\steam\SteamApps\SourceMods\uninst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Mozilla Firefox (1.5.0.12) --> D:\OHJELMAT\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.12 (fi)"
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Plan of Attack --> d:\ohjelmat\steam\SteamApps\SourceMods\planofattack\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "D:\Ohjelmat\PowerISO\uninstall.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1035
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RogueRemover 1.20 --> C:\Program Files\RogueRemover\uninst.exe
Source Dedicated Server --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/205
Source SDK --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/211
Source SDK Base --> "D:\Ohjelmat\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "d:\Ohjelmat\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TeamSpeak 2 RC2 --> d:\Ohjelmat\Teamspeak2_RC2\unins000.exe
The Core Media Player 4.0 --> "D:\Ohjelmat\CoreCodec\The Core Media Player\uninstall-tcmp4.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Winamp (remove only) --> "d:\Ohjelmat\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{57319C68-AC4B-43DB-B516-349FE09E6774}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR-pakkausohjelma --> d:\Ohjelmat\WinRAR\uninstall.exe
WinZip --> "d:\Ohjelmat\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
ZD Soft Screen Recorder --> "D:\Ohjelmat\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
Zombie Panic! 1.0 --> d:\ohjelmat\steam\steamapps\paskahousu666\half-life\unins000.exe


-- End of Deckard's System Scanner: finished at 2007-07-09 at 00:18:58 ---------

 

Voisitko ajaa tuon combofixin uudelleen ja noudattaa näytteiden lähettämisohjetta niin päästään eteenpäin.

 

Eli raahaan sen scriptin taas siihen?

 

Combofix :





"Mikaelos" - 2007-07-09 0:26:51 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Mikaelos\Desktop\CFSript.txt


((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


2007-07-09 00:16 <DIR> d-------- C:\Deckard
2007-07-08 22:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-08 22:41 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-08 22:37 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-08 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-07-08 19:26 50,708 --a------ C:\WINDOWS\system32\xnauovmg.exe
2007-07-08 18:16 50,708 --a------ C:\WINDOWS\system32\iuturiiv.exe
2007-07-08 15:09 50,708 --a------ C:\WINDOWS\system32\xdncpbye.exe
2007-07-08 12:54 50,708 --a------ C:\WINDOWS\system32\sofinqhm.exe
2007-07-07 13:20 50,708 --a------ C:\WINDOWS\system32\ablterxw.exe
2007-07-07 12:45 50,708 --a------ C:\WINDOWS\system32\ypatmudx.exe
2007-07-06 13:01 50,708 --a------ C:\WINDOWS\system32\kbqfsddw.exe
2007-06-30 17:22 67,318 --a------ C:\WINDOWS\War3Unin.dat
2007-06-30 17:22 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-30 17:22 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-28 11:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-26 15:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 16:13:02 940,587 --sha-w C:\WINDOWS\system32\ycbeg.ini2
2007-07-08 16:10:03 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\uTorrent
2007-07-08 15:16:47 941,288 --sha-w C:\WINDOWS\system32\ycbeg.bak2
2007-07-04 11:34:16 941,768 --sha-w C:\WINDOWS\system32\ycbeg.bak1
2007-06-07 16:14:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 13:34:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-03 21:10:53 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Media Player Classic
2007-05-28 13:14:31 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Screaming Bee
2007-05-28 13:13:50 -------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-05-19 19:05:32 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Real
2007-05-19 19:03:08 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-19 19:03:01 -------- d-----w C:\Program Files\Common Files\Real
2007-05-17 18:16:08 3,360 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-05-17 18:15:38 10,883,960 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-05-17 15:22:19 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\CoreCodec
2007-05-17 15:21:28 -------- d-----w C:\Program Files\Haali
2007-05-17 15:17:40 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer
2007-05-17 15:13:11 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer Pro
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 17:11:34 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-14 13:16:35 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Help
2007-05-14 13:15:13 13,008 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-13 06:49:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-10 16:54:48 2,451 ----a-w C:\WINDOWS\system32\wbers.dat
2007-05-09 18:29:58 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Azureus
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ D:\Ohjelmat\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="D:\Ohjelmat\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"DAEMON Tools"="d:\Ohjelmat\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"SunJavaUpdateSched"="D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="D:\Ohjelmat\QuickTime\qttask.exe" [2006-12-28 08:45]
"Control Center"="d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe" [2004-05-05 15:18]
"RemoteControl"="d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57]
"LanguageShortcut"="d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"PWRISOVM.EXE"="D:\Ohjelmat\PowerISO\PWRISOVM.EXE" [2006-07-29 14:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 22:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-08 20:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"DesktopX"="D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" []
"Steam"="D:\Ohjelmat\Steam\Steam.exe" [2007-06-28 11:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 00:27:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 0:28:14
C:\ComboFix-quarantined-files.txt ... 2007-07-09 00:28
C:\ComboFix2.txt ... 2007-07-08 22:31
C:\ComboFix3.txt ... 2007-07-08 21:41

--- E O F ---

 

jaaha joku siel mättää, otetaa toinen tapa

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\j6291133.dll
C:\WINDOWS\system32\xnauovmg.exe
C:\WINDOWS\system32\iuturiiv.exe
C:\WINDOWS\system32\xdncpbye.exe
C:\WINDOWS\system32\sofinqhm.exe
C:\WINDOWS\system32\ablterxw.exe
C:\WINDOWS\system32\ypatmudx.exe
C:\WINDOWS\system32\kbqfsddw.exe
D:\Imutetut tavarat\Warcraft3\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\Warcraft3keygen.exe.exe

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

============

C:\!KillBox

Mene tuonne siirrä tiedostot zip tiedostoon (ei kräkkiä) jaa tee kuten edellisessä ohjeessa neuvottiin

=========

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

C:\VundoFix Backups
C:\DOCUME~1\Mikaelos\APPLIC~1\BearShare
C:\DOCUME~1\Mikaelos\APPLIC~1\Free Download Manager
D:\Ohjelmat\Free Download Manager

Poista nuo kansiot

=========

Aja rogueremover laita sen logi, aja combofix uudestaan ja sen logi, sekä uus hijackthis logi

 

Rogue remover ei huomannu mitää



"Mikaelos" - 2007-07-09 0:52:50 - ComboFix 07-07-07.3 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


2007-07-09 00:40 <DIR> d-------- C:\!KillBox
2007-07-09 00:16 <DIR> d-------- C:\Deckard
2007-07-08 22:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-08 22:37 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-08 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 17:22 67,318 --a------ C:\WINDOWS\War3Unin.dat
2007-06-30 17:22 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-30 17:22 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-28 11:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-26 15:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 16:10:03 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\uTorrent
2007-06-07 16:14:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 13:34:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-03 21:10:53 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Media Player Classic
2007-05-28 13:14:31 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Screaming Bee
2007-05-28 13:13:50 -------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-05-19 19:05:32 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Real
2007-05-19 19:03:08 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-19 19:03:01 -------- d-----w C:\Program Files\Common Files\Real
2007-05-17 18:16:08 3,360 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-05-17 18:15:38 10,883,960 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-05-17 15:22:19 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\CoreCodec
2007-05-17 15:21:28 -------- d-----w C:\Program Files\Haali
2007-05-17 15:17:40 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer
2007-05-17 15:13:11 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\BSplayer Pro
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 17:11:34 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-14 13:16:35 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Help
2007-05-14 13:15:13 13,008 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-13 06:49:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-10 16:54:48 2,451 ----a-w C:\WINDOWS\system32\wbers.dat
2007-05-09 18:29:58 -------- d-----w C:\DOCUME~1\Mikaelos\APPLIC~1\Azureus
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ D:\Ohjelmat\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="D:\Ohjelmat\Sygate\SPF\smc.exe" [2004-10-15 20:40]
"DAEMON Tools"="d:\Ohjelmat\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"SunJavaUpdateSched"="D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="D:\Ohjelmat\QuickTime\qttask.exe" [2006-12-28 08:45]
"Control Center"="d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe" [2004-05-05 15:18]
"RemoteControl"="d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57]
"LanguageShortcut"="d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"PWRISOVM.EXE"="D:\Ohjelmat\PowerISO\PWRISOVM.EXE" [2006-07-29 14:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 22:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-08 20:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"DesktopX"="D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" []
"Steam"="D:\Ohjelmat\Steam\Steam.exe" [2007-06-28 11:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 00:53:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 0:53:52
C:\ComboFix-quarantined-files.txt ... 2007-07-09 00:53
C:\ComboFix2.txt ... 2007-07-09 00:28
C:\ComboFix3.txt ... 2007-07-08 22:31

--- E O F ---










Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:54:55, on 9.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Ohjelmat\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\OHJELMAT\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Ohjelmat\Real\RealPlayer\RealPlay.exe
D:\Ohjelmat\Hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

--
End of file - 6027 bytes

 

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokone vikasietotilaan:


HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille


==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi Hijackthis logi ja AVG as raportti, onko ongelmia? Muista myös ladata nuo tiedostot spykilleriin.

 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:50:28 9.7.2007

+ Scan result:



C:\QooBox\Quarantine\C\Program Files\DeskAlerts\deskbar.dll.vir -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Mikaelos\Cookies\mikaelos@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.7:C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Mikaelos\Cookies\mikaelos@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.12:C:\Documents and Settings\Mikaelos\Application Data\Mozilla\Firefox\Profiles\zfxj1vg4.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
D:\Krääsää\WinXp Key-generator\Windows.XP.Keygenerator.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).


::Report end












Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:14:10, on 9.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
D:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Ohjelmat\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Ohjelmat\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
D:\OHJELMAT\MOZILL~1\FIREFOX.EXE
D:\Ohjelmat\Hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] d:\Ohjelmat\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] d:\Ohjelmat\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] d:\Ohjelmat\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ohjelmat\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Ohjelmat\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "D:\Ohjelmat\Stardock\OBJECT~1\DesktopX\DesktopX Builder.exe" -noui
O4 - HKCU\..\Run: [Steam] "D:\Ohjelmat\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167141850171
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

--
End of file - 6302 bytes

 

Kiitos