Netti hidastelee,,,

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 22.7.2025 / 14:20

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > netti hidastelee,,,

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Netti hidastelee,,,

Siirry:

Kirjoittaja

Viesti

nemo_O

Newbie

26. tammikuuta 2007 @ 15:01

Linkki tähän viestiin

Voiskohan joku fiksu katsoa minun logini... sillä itse en vielä taitoa hallitse

Logfile of HijackThis v1.99.1
Scan saved at 19:59:24, on 26.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ap\Application Data\s?stem32\n?tdde.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system\CmSNXeye.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ap\Omat tiedostot\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ok.turkuai.fi/oklukuj/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {3BFCA615-68F4-682E-DEDE-6E637369D7BB} - C:\WINDOWS\system32\elixu.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3BFCA615-68F4-682E-DEDE-6E637369D7BB} - C:\WINDOWS\system32\elixu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\yuarujfk.dll
O2 - BHO: (no name) - {9D2DD63B-CEF2-4172-B431-A47F8D6AAD08} - C:\WINDOWS\java\classes\vaiwn.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [qwm43391] RUNDLL32.EXE w00e49d6.dll,n 0034338e0000000a00e49d6
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\tgilkyjv.dll",setvm
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\RunOnce: [VS98_Setup_Wizard] "C:\Documents and Settings\ap\Omat tiedostot\Downloads\Visual Basic 6.0 Enterprise Edition\Visual Basic 6.0 Enterprise Edition\SETUP.EXE" /runonce /reboot /location:C:\Documents and Settings\ap\Omat tiedostot\Downloads\Visual Basic 6.0 Enterprise Edition\Visual Basic 6.0 Enterprise Edition
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acat] "C:\DOCUME~1\ap\OMATTI~1\YSTEM3~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Lpt] C:\Documents and Settings\ap\Application Data\s?stem32\n?tdde.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Reminder 2.1 Start.lnk = C:\Program Files\Reminder\reminder21.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\g0220afoed2c0.dll (file missing)
O20 - Winlogon Notify: vaiwn - C:\WINDOWS\java\classes\vaiwn.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[ + lainaa]

hilu

Junior Member

26. tammikuuta 2007 @ 16:34

Linkki tähän viestiin

Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

lähetä:

tuore:
hjt:n loki
combofix:n loki
C:\vundofix.txt:n sisältö

[ + lainaa]

nemo_O

Newbie

28. tammikuuta 2007 @ 18:57

Linkki tähän viestiin

Kiitos noista tarkistan asian ja lähetän nuo tänne sitten...

[ + lainaa]

Mainos

nemo_O

Newbie

7. helmikuuta 2007 @ 19:06

Linkki tähän viestiin

Anteeksi kesti tovi kun vaihdoimme palvelun tarjoajaa ja netti oli poissa 2 viikkoa... joten tässä ovat kaikki logit.

ComboFix:

"ap" - 07-02-07 23:51:47 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\ap\Ty?p?yt?"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{2708896d-041f-4888-afbf-bfd88a0c7c2b}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{2708896d-041f-4888-afbf-bfd88a0c7c2b}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{2708896d-041f-4888-afbf-bfd88a0c7c2b}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{2708896d-041f-4888-afbf-bfd88a0c7c2b}\InprocServer32]
@="C:\\WINDOWS\\system32\\qpvd.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{6ede094e-0171-4348-a6a8-03f500e37b41}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{6ede094e-0171-4348-a6a8-03f500e37b41}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{6ede094e-0171-4348-a6a8-03f500e37b41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{6ede094e-0171-4348-a6a8-03f500e37b41}\InprocServer32]
@="C:\\WINDOWS\\system32\\slc.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{279a0497-535c-4d21-9291-3024bfa78399}]
@=""

[HKEY_CLASSES_ROOT\clsid\{279a0497-535c-4d21-9291-3024bfa78399}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{279a0497-535c-4d21-9291-3024bfa78399}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{279a0497-535c-4d21-9291-3024bfa78399}\InprocServer32]
@="C:\\WINDOWS\\system32\\uyrsvpia.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{4b0aaf24-b02d-4be4-a672-d25a63a6e2b7}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4b0aaf24-b02d-4be4-a672-d25a63a6e2b7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{4b0aaf24-b02d-4be4-a672-d25a63a6e2b7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4b0aaf24-b02d-4be4-a672-d25a63a6e2b7}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Granting SeDebugPrivilege to Järjestelmänvalvojat ... successful

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\deskbar.exe
C:\Program Files\Common Files\Yazzle1125OinAdmin.exe
C:\Program Files\Common Files\Yazzle1125OinUninstaller.exe
C:\WINDOWS\b.exe
C:\b.exe
C:\Program Files\Conquer 2.0\c3\0003\611\_desktop.ini
C:\Program Files\Conquer 2.0\c3\0003\741\_desktop.ini
C:\Program Files\Common Files\{94941~1
C:\Program Files\Deskbar
C:\Program Files\Deskbar\Cache
C:\Program Files\VSAdd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\ap
C:\qoobox\purity\DOCUME~1\ap\Application Data
C:\qoobox\purity\DOCUME~1\ap\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\ap\Application Data\ICROSO~1
C:\qoobox\purity\DOCUME~1\ap\Application Data\SSTEM3~1
C:\qoobox\purity\DOCUME~1\ap\Application Data\SSTEM3~1\n?tdde.exe
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\CURITY~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\CURITY~1\winspool.0xe
C:\qoobox\purity\Program Files\Common Files\CURITY~1\??curity
C:\qoobox\purity\Program Files\STEM32~1\nopdb.0xe
C:\qoobox\purity\Program Files\STEM32~1\??stem32
C:\qoobox\purity\WINDOWS\RACLE~1
C:\qoobox\purity\WINDOWS\RACLE~2
C:\qoobox\purity\WINDOWS\RACLE~1\s?ool32.exe
C:\qoobox\purity\WINDOWS\system32\SCURIT~1

((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))

2007-02-07 20:46 76,412 --a------ C:\WINDOWS\system32\tnbyolci.dll
2007-02-05 14:22 <KANSIO> d-------- C:\DOCUME~1\ap\Application Data\vlc
2007-02-05 14:21 <KANSIO> d-------- C:\Program Files\VideoLAN
2007-02-04 14:21 <KANSIO> d-------- C:\Program Files\CCP
2007-01-30 23:43 452,626 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-01-30 23:43 <KANSIO> d-------- C:\Program Files\x264
2007-01-30 00:43 <KANSIO> d-------- C:\Program Files\Haali
2007-01-29 23:57 44,165 --a------ C:\WINDOWS\system32\abfunuqg.dll
2007-01-27 14:30 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-01-27 00:17 <KANSIO> d-------- C:\VundoFix Backups
2007-01-24 20:48 76,412 --a------ C:\WINDOWS\system32\iqlycxvh.dll
2007-01-16 22:20 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}
2007-01-16 22:02 <KANSIO> d-------- C:\DOCUME~1\ap\Application Data\RecordPad
2007-01-16 22:02 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-01-16 22:01 <KANSIO> d-------- C:\DOCUME~1\ap\Application Data\NCH Swift Sound
2007-01-14 23:53 <KANSIO> d-------- C:\Program Files\DC++
2007-01-11 20:17 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-01-11 20:17 <KANSIO> d-------- C:\Program Files\Illustrate
2007-01-11 20:10 393,216 --a------ C:\WINDOWS\system32\VorbisEncX.dll
2007-01-11 20:10 303,104 --a------ C:\WINDOWS\system32\WMAEncX.dll
2007-01-11 20:09 892,928 --a------ C:\WINDOWS\system32\NCTAudioInformation.dll
2007-01-11 20:09 765,952 --a------ C:\WINDOWS\system32\tvqenc.dll
2007-01-11 20:09 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-01-11 20:09 339,968 --a------ C:\WINDOWS\system32\MP3EncX.dll
2007-01-11 20:09 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-01-11 20:09 <KANSIO> d-------- C:\Program Files\CD to MP3 Ripper
2007-01-10 14:10 <KANSIO> d-------- C:\WINDOWS\ie7updates
2007-01-09 15:06 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2007-01-09 15:06 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-01-09 15:06 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2007-01-09 15:06 61,440 --a------ C:\WINDOWS\system\cmsnxeye.exe
2007-01-09 15:06 45,056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-01-09 15:06 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2007-01-09 15:06 241,664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe
2007-01-09 15:06 16,384 --a------ C:\WINDOWS\system32\cmpropu.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-07 23:41 -------- d-------- C:\Program Files\mirc
2007-02-07 20:49 -------- d-------- C:\Program Files\mozilla Firefox
2007-02-07 20:17 -------- d-------- C:\Program Files\steam
2007-02-07 12:04 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-02-07 12:04 -------- d-------- C:\Program Files\diablo ii
2007-02-07 11:34 -------- d-------- C:\Program Files\warcraft iii
2007-02-07 11:31 -------- d-------- C:\Program Files\ea games
2007-02-07 11:30 -------- d--h----- C:\Program Files\installshield installation information
2007-02-07 11:26 -------- d-------- C:\Documents and Settings\ap\Application Data\utorrent
2007-02-05 14:22 -------- d-------- C:\Documents and Settings\ap\Application Data\vlc
2007-02-04 23:55 -------- d-------- C:\Program Files\conquer 2.0
2007-01-29 09:16 -------- d-------- C:\Documents and Settings\ap\Application Data\adobe
2007-01-27 01:05 -------- d-------- C:\Program Files\lwloads
2007-01-26 18:46 -------- d-------- C:\Program Files\ultimatezip
2007-01-24 16:45 -------- d-------- C:\Program Files\world of warcraft
2007-01-16 22:02 -------- d-------- C:\Documents and Settings\ap\Application Data\recordpad
2007-01-16 22:02 -------- d-------- C:\Documents and Settings\ap\Application Data\nch swift sound
2007-01-11 21:07 -------- d-------- C:\Program Files\incomplete
2007-01-10 17:04 -------- d-------- C:\Program Files\speed-link medusa 5.1 usb
2007-01-05 19:38 -------- d-------- C:\Program Files\antivir personaledition classic
2007-01-03 20:49 42516 --a------ C:\WINDOWS\system32\ydsrcvbe.dll
2006-12-31 20:39 42516 --a------ C:\WINDOWS\system32\ohaofaoh.dll
2006-12-27 12:55 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-27 12:53 0 --a------ C:\WINDOWS\system32\taskkill.exe
2006-12-26 21:30 -------- d-------- C:\Program Files\game cam v1.4
2006-12-21 15:05 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-12-21 13:56 -------- d-------- C:\Program Files\movie player pro activex control
2006-12-20 20:10 -------- d-------- C:\Program Files\ubisoft
2006-12-17 16:55 720896 --a------ C:\WINDOWS\iun6002.exe
2006-12-15 14:35 -------- d-------- C:\Program Files\winamp
2006-12-12 20:24 -------- d---s---- C:\Documents and Settings\ap\Application Data\microsoft
2006-12-12 20:20 -------- d-------- C:\Program Files\web publish
2006-12-11 21:15 -------- d-------- C:\Program Files\samurize
2006-12-11 07:16 -------- d-------- C:\Program Files\poweriso
2006-12-10 11:04 -------- d-------- C:\Program Files\daemon tools
2006-12-10 10:59 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-08 22:13 -------- d-------- C:\Program Files\neoact
2006-12-07 16:12 126996 --a------ C:\WINDOWS\system32\ouhkuxen.dll
2006-12-07 07:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-30 17:07 18484 ---hs---- C:\WINDOWS\system32\awtqn.dll
2006-11-30 16:13 126996 --a------ C:\WINDOWS\system32\xuyxfxma.dll
2006-11-29 16:39 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-29 16:39 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-28 10:55 42516 --a------ C:\WINDOWS\system32\oatobsrf.dll
2006-11-23 16:14 126996 --a------ C:\WINDOWS\system32\ahsgwypd.dll
2006-11-23 15:38 126996 --a------ C:\WINDOWS\system32\apyltput.dll
2006-11-16 15:39 126996 --a------ C:\WINDOWS\system32\lpwnfxtq.dll
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Acat"="\"C:\\DOCUME~1\\ap\\OMATTI~1\\YSTEM3~1\\winlogon.exe\" -vt ndrv"
"Lpt"="C:\\Documents and Settings\\ap\\Application Data\\s?stem32\\n?tdde.exe"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"qwm43391"="RUNDLL32.EXE w00e49d6.dll,n 0034338e0000000a00e49d6"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"STICAP"="C:\\Program Files\\Trust\\WB-3500T USB2 Webcam\\SnapTrap.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"EPSON Stylus DX4200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAEE.EXE /P26 \"EPSON Stylus DX4200 Series\" /O6 \"USB001\" /M \"Stylus DX4200\""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"RecordPadRun"="\"C:\\Program Files\\NCH Swift Sound\\RecordPad\\recordpad.exe\" -logon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"VS98_Setup_Wizard"="\"C:\\Documents and Settings\\ap\\Omat tiedostot\\Downloads\\Visual Basic 6.0 Enterprise Edition\\Visual Basic 6.0 Enterprise Edition\\SETUP.EXE\" /runonce /reboot /location:C:\\Documents and Settings\\ap\\Omat tiedostot\\Downloads\\Visual Basic 6.0 Enterprise Edition\\Visual Basic 6.0 Enterprise Edition"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Winsock2 wqr1s"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"Winsock2 wqr1s"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ap^Käynnistä-valikko^Ohjelmat^Käynnistys^UltimateZip Quick Start.lnk]
"path"="C:\\Documents and Settings\\ap\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\UltimateZip Quick Start.lnk"
"backup"="C:\\WINDOWS\\pss\\UltimateZip Quick Start.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\ULTIMA~1\\uzqkst.exe "
"item"="UltimateZip Quick Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asoc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winspool"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\COMMON~1\\CURITY~1\\winspool.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_11a"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_11a.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_11a"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_11a.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_11"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_11.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06apelt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="thiselt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\thiselt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock2 wqr1s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LOL"
"hkey"="HKLM"
"command"="EM32\\LOL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wvfja]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="d?xplore"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\ap\\Omat tiedostot\\?ystem\\d?xplore.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll MsgPlusLoader.dll"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Asoc"="\"C:\\PROGRA~1\\STEM32~1\\nopdb.exe\" -vt yazb"
"rkwo"="C:\\PROGRA~1\\COMMON~1\\rkwo\\rkwom.exe"
"Tzqo"="C:\\WINDOWS\\?racle\\s?ool32.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Asoc"="\"C:\\PROGRA~1\\STEM32~1\\nopdb.exe\" -vt yazb"
"rkwo"="C:\\PROGRA~1\\COMMON~1\\rkwo\\rkwom.exe"
"Tzqo"="C:\\WINDOWS\\?racle\\s?ool32.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-02-08 0:00:45

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 23:50:39, on 7.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ap\Application Data\s?stem32\n?tdde.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system\CmSNXeye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ap\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ok.turkuai.fi/oklukuj/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {3BFCA615-68F4-682E-DEDE-6E637369D7BB} - C:\WINDOWS\system32\elixu.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3BFCA615-68F4-682E-DEDE-6E637369D7BB} - C:\WINDOWS\system32\elixu.dll
O2 - BHO: (no name) - {51604168-3D22-410A-82BD-4ED05611F067} - C:\WINDOWS\java\classes\vaiwn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\abfunuqg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [qwm43391] RUNDLL32.EXE w00e49d6.dll,n 0034338e0000000a00e49d6
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\RunOnce: [VS98_Setup_Wizard] "C:\Documents and Settings\ap\Omat tiedostot\Downloads\Visual Basic 6.0 Enterprise Edition\Visual Basic 6.0 Enterprise Edition\SETUP.EXE" /runonce /reboot /location:C:\Documents and Settings\ap\Omat tiedostot\Downloads\Visual Basic 6.0 Enterprise Edition\Visual Basic 6.0 Enterprise Edition
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acat] "C:\DOCUME~1\ap\OMATTI~1\YSTEM3~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Lpt] C:\Documents and Settings\ap\Application Data\s?stem32\n?tdde.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Reminder 2.1 Start.lnk = C:\Program Files\Reminder\reminder21.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\g0220afoed2c0.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

VundoFix:

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.8

Scan started at 0:17:54 27.1.2007

Listing files found while scanning....

C:\WINDOWS\java\classes\nwiav.bak1
C:\WINDOWS\java\classes\nwiav.bak2
C:\WINDOWS\java\classes\nwiav.ini
C:\WINDOWS\java\classes\nwiav.ini2
C:\WINDOWS\java\classes\nwiav.tmp
C:\WINDOWS\java\classes\vaiwn.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awturss.dll
C:\WINDOWS\system32\bjggqyxp.exe
C:\WINDOWS\system32\cbxurqo.dll
C:\WINDOWS\system32\cbxwvwu.dll
C:\WINDOWS\system32\ftpoiacm.dll
C:\WINDOWS\system32\gawfwgyu.exe
C:\WINDOWS\system32\gcnxbfsv.dll
C:\WINDOWS\system32\gobywvmc.dll
C:\WINDOWS\system32\gtibmewr.dll
C:\WINDOWS\system32\lberagch.dll
C:\WINDOWS\system32\mljhfcy.dll
C:\WINDOWS\system32\njvreyan.dll
C:\WINDOWS\system32\nnnmlmn.dll
C:\WINDOWS\system32\pvqhjxgo.dll
C:\WINDOWS\system32\qomnlih.dll
C:\WINDOWS\system32\sgwtqfsu.dll
C:\WINDOWS\system32\tgilkyjv.dll
C:\WINDOWS\system32\uaxcymws.dll
C:\WINDOWS\system32\vjykligt.ini
C:\WINDOWS\system32\voxmvcyt.dll
C:\WINDOWS\system32\wriugoew.exe
C:\WINDOWS\system32\xbsjultv.dll
C:\WINDOWS\system32\xxyawwv.dll
C:\WINDOWS\system32\yrleuyvy.dll
C:\WINDOWS\system32\yrlnogqg.dll
C:\WINDOWS\system32\yuarujfk.dll

Beginning removal...

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.8

Scan started at 23:36:54 7.2.2007

Listing files found while scanning....

C:\WINDOWS\java\classes\nwiav.bak1
C:\WINDOWS\java\classes\nwiav.bak2
C:\WINDOWS\java\classes\nwiav.ini
C:\WINDOWS\java\classes\nwiav.ini2
C:\WINDOWS\java\classes\nwiav.tmp
C:\WINDOWS\java\classes\vaiwn.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awturss.dll
C:\WINDOWS\system32\bjggqyxp.exe
C:\WINDOWS\system32\bsklnrhl.dll
C:\WINDOWS\system32\cbxurqo.dll
C:\WINDOWS\system32\cbxwvwu.dll
C:\WINDOWS\system32\ftpoiacm.dll
C:\WINDOWS\system32\gawfwgyu.exe
C:\WINDOWS\system32\gcnxbfsv.dll
C:\WINDOWS\system32\gobywvmc.dll
C:\WINDOWS\system32\gtibmewr.dll
C:\WINDOWS\system32\lberagch.dll
C:\WINDOWS\system32\mljhfcy.dll
C:\WINDOWS\system32\njvreyan.dll
C:\WINDOWS\system32\nnnmlmn.dll
C:\WINDOWS\system32\pvqhjxgo.dll
C:\WINDOWS\system32\qomnlih.dll
C:\WINDOWS\system32\sgwtqfsu.dll
C:\WINDOWS\system32\tgilkyjv.dll
C:\WINDOWS\system32\uaxcymws.dll
C:\WINDOWS\system32\vjykligt.ini
C:\WINDOWS\system32\voxmvcyt.dll
C:\WINDOWS\system32\wriugoew.exe
C:\WINDOWS\system32\xbsjultv.dll
C:\WINDOWS\system32\xxyawwv.dll
C:\WINDOWS\system32\yrleuyvy.dll
C:\WINDOWS\system32\yrlnogqg.dll
C:\WINDOWS\system32\yuarujfk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\java\classes\nwiav.bak1
C:\WINDOWS\java\classes\nwiav.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\nwiav.bak2
C:\WINDOWS\java\classes\nwiav.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\nwiav.ini
C:\WINDOWS\java\classes\nwiav.ini Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\nwiav.ini2
C:\WINDOWS\java\classes\nwiav.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\nwiav.tmp
C:\WINDOWS\java\classes\nwiav.tmp Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\vaiwn.dll
C:\WINDOWS\java\classes\vaiwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awturss.dll
C:\WINDOWS\system32\awturss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjggqyxp.exe
C:\WINDOWS\system32\bjggqyxp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bsklnrhl.dll
C:\WINDOWS\system32\bsklnrhl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxurqo.dll
C:\WINDOWS\system32\cbxurqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwvwu.dll
C:\WINDOWS\system32\cbxwvwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ftpoiacm.dll
C:\WINDOWS\system32\ftpoiacm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gawfwgyu.exe
C:\WINDOWS\system32\gawfwgyu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gcnxbfsv.dll
C:\WINDOWS\system32\gcnxbfsv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gobywvmc.dll
C:\WINDOWS\system32\gobywvmc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtibmewr.dll
C:\WINDOWS\system32\gtibmewr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhfcy.dll
C:\WINDOWS\system32\mljhfcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\njvreyan.dll
C:\WINDOWS\system32\njvreyan.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmlmn.dll
C:\WINDOWS\system32\nnnmlmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnlih.dll
C:\WINDOWS\system32\qomnlih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tgilkyjv.dll
C:\WINDOWS\system32\tgilkyjv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uaxcymws.dll
C:\WINDOWS\system32\uaxcymws.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vjykligt.ini
C:\WINDOWS\system32\vjykligt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\voxmvcyt.dll
C:\WINDOWS\system32\voxmvcyt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wriugoew.exe
C:\WINDOWS\system32\wriugoew.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyawwv.dll
C:\WINDOWS\system32\xxyawwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yrlnogqg.dll
C:\WINDOWS\system32\yrlnogqg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yuarujfk.dll
C:\WINDOWS\system32\yuarujfk.dll Has been deleted!

Performing Repairs to the registry.
Done!

Kiitos tuhannesti jo valmiiksi jos tuon kaiken jaksat tarkistaa :)

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > netti hidastelee,,,


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.