 |  |  |  |  |  |  |  |
Virus problems..
 |
Hi
I did read some threads here in daniweb, but i decided to register and make an own thread.
I have weak english but i'll try..
i've had problems with slowness of my computer and pop-ups etc. and i think it's becoming worse all the time.
i read this forum and tried some anti-virus programs but those didn't help much. One reason is, that some of those programs ''crashed'' when cleaning the infected files/spyware etc.
damn it, i can't explain it with my english so i'll just post my current Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:50, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\d3hb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntzu32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HiJackThis!\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe
O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = E:\Tmas\Tmas.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
I know there's much wrong in my computer, hope you can help me out.
Thanks.
I did read some threads here in daniweb, but i decided to register and make an own thread.
I have weak english but i'll try..
i've had problems with slowness of my computer and pop-ups etc. and i think it's becoming worse all the time.
i read this forum and tried some anti-virus programs but those didn't help much. One reason is, that some of those programs ''crashed'' when cleaning the infected files/spyware etc.
damn it, i can't explain it with my english so i'll just post my current Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:50, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\d3hb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntzu32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HiJackThis!\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe
O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = E:\Tmas\Tmas.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
I know there's much wrong in my computer, hope you can help me out.
Thanks.
•
•
•
•
Originally Posted by eemis
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\d3hb.exe
C:\WINDOWS\system32\ntzu32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe
O4 - HKLM\..\Run:
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe
O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - [url]
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
.
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Download
ewido - http://www.ewido.net/en/
MS Antispyware - http://www.majorgeeks.com/download.php?det=4466
CW Shredder - http://www.intermute.com/spysubtract..._download.html
install them, update them and also update ur antivirus if u have one. or download McAfee Avert Stinger http://vil.nai.com/vil/stinger/
Disconnet from LAN, Reboot ur computer, enter into Safe Mode by hitting F8 at startup
Disable system restore(Mycomputer-Properties-system restore-turn off system restore on all drives)
Perform a complete system scan with all the above utilities
Empty temporary internet files and folders and recycle bin.
Restart ur computer and post ur new hijackthis log
ewido - http://www.ewido.net/en/
MS Antispyware - http://www.majorgeeks.com/download.php?det=4466
CW Shredder - http://www.intermute.com/spysubtract..._download.html
install them, update them and also update ur antivirus if u have one. or download McAfee Avert Stinger http://vil.nai.com/vil/stinger/
Disconnet from LAN, Reboot ur computer, enter into Safe Mode by hitting F8 at startup
Disable system restore(Mycomputer-Properties-system restore-turn off system restore on all drives)
Perform a complete system scan with all the above utilities
Empty temporary internet files and folders and recycle bin.
Restart ur computer and post ur new hijackthis log
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
I did about:buster scan and now my computer runs faster and there's no pop ups anymore. Search Extender etc has been vanished.
Now i scanned all my drivers with BitDefender Online Scan, it found 38 viruses, 1167 infected files, one suspect file. It disinfected 220 files and deleted 1046.
Virus names:
Backdoor.Agent.MO
Win32.Jeefo.A.dam
Trojan.Proxy.Ranky.CB
GenPack:Trojan.Downloader.Agent.TD
Trojan.Win32.Favadd.F
Java.Trojan.Exploit.Bytverify
Java.Trojan.Exploit.Bytverify.C
Application.Cometsystems.A
Trojan.Java.ClassLoader.D
Trojan.Downloader.Vb.OV
Backdoor.Agent.MO
Trojan.Exploit.Java.Bytverify
Trojan.Purityad.BP
Win32.Worm.Kelvir.Gen
Exploit.Phel.Gen
Trojan.Pokapoka62.C
Win32.Worm.Kelvir.DV
Trojan.Downloader.2489.C
Trojan.Downloader.Istbar.LI
Trojan.Win32.Favadd.F
Trojan.Downloader.WinShow.L
GenPack:Trojan.Agent.BI
Application.Adware.SpySheriff
Win32.Worm.Kelvir.AV
Trojan.Purityad.E
Backdoor.Sdbot.ABS
Trojan.Dyfuca.52104.B
Win32.ExplorerHijack
Trojan.Lowzones.CA
JS.Trojan.Downloader.IstBar.A
HTML.MediaTickets.A
Trojan.Dialer.Premium
Adware.Gator.A
(these are what i found from the bitdefender scan log)
I don't put the whole scan log here now, becouse it's so damn long :( But i can show it if it's neccessary.
Most of the infected files are infected by Win32.Jeefo.A.dam and GenPack:Trojan.Downloader.Agent.TD. And most of the infected files are in System Volume Information -files.
I guess many of those viruses have been quite a long while in my computer, but i haven't found any problems caused by them (if i remember this right now.).
I also did some other scans (Trend micro online scan, ad-aware se scans etc.) and they did clean/remove most of the problems what they found.
Here's my Kaspersky online scan's log:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 19:25:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 169658
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics:
Total number of scanned objects: 192010
Number of viruses found: 27
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 8847 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\22A2626E-99E4-4040-BA60-E2B656.bac_a00604 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604 Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMEIIAPI.dll.tcf.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMESys.exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6034
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\Del29.tmp.bac_a00604 Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\EGIEProcess.dll.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\kw[1].exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.EliteBar.ao
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/10a.exe Infected: not-a-virus:AdWare.Win32.WinAD.bf
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/vonner.exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\!update.exe Infected: not-a-virus:AdWare.Win32.PurityScan.cu
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\res2A.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.g
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\WXIJKTYJ\content25360-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\O5AN0L2J\content23599-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Program Files\Microsoft AntiSpyware\Quarantine\326DC0E2-BBE9-4DE8-9794-B42B08\6891859C-7CCC-46E4-99DC-C6B590 Infected: not-a-virus:AdWare.Win32.180Solutions.b
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\WINDOWS\noC=.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\SK@J:exsglm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\SK@J:vqsazq:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\int_ver32b.oc$ Infected: not-a-virus:Porn-Dialer.Win32.Creazione.x
C:\WINDOWS\system32\mousecrm.exe Infected: Backdoor.Win32.Agent.mo
C:\WINDOWS\system32\ysbactivex.dll.tc$ Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\Temp\MT\PornAttitude[1].exe Infected: not-a-virus:Porn-Dialer.Win32.CapreDeam.c
C:\winstall.exe.tcf Infected: not-virus:Hoax.Win32.Renos.al
D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf Infected: not-a-virus:AdWare.Win32.Comet.p
D:\Program Files\Common Files\CMEII\GIocl.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GMTProxy.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GObjs.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GStoreServer.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\Gtools.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\GMT\GatorRes.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
E:\DC++\extfix.exe Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar/FOOTBALL MANAGER 2006 FRENCH CRACK NOCD+SERIAL+KEYGEN/La 1ère astuce pour tricher avec eurobarre/Eurofake.exe Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\DC++\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612
Scan process completed.
And my current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 20:02:51, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\HiJackThis!\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
Now i scanned all my drivers with BitDefender Online Scan, it found 38 viruses, 1167 infected files, one suspect file. It disinfected 220 files and deleted 1046.
Virus names:
Backdoor.Agent.MO
Win32.Jeefo.A.dam
Trojan.Proxy.Ranky.CB
GenPack:Trojan.Downloader.Agent.TD
Trojan.Win32.Favadd.F
Java.Trojan.Exploit.Bytverify
Java.Trojan.Exploit.Bytverify.C
Application.Cometsystems.A
Trojan.Java.ClassLoader.D
Trojan.Downloader.Vb.OV
Backdoor.Agent.MO
Trojan.Exploit.Java.Bytverify
Trojan.Purityad.BP
Win32.Worm.Kelvir.Gen
Exploit.Phel.Gen
Trojan.Pokapoka62.C
Win32.Worm.Kelvir.DV
Trojan.Downloader.2489.C
Trojan.Downloader.Istbar.LI
Trojan.Win32.Favadd.F
Trojan.Downloader.WinShow.L
GenPack:Trojan.Agent.BI
Application.Adware.SpySheriff
Win32.Worm.Kelvir.AV
Trojan.Purityad.E
Backdoor.Sdbot.ABS
Trojan.Dyfuca.52104.B
Win32.ExplorerHijack
Trojan.Lowzones.CA
JS.Trojan.Downloader.IstBar.A
HTML.MediaTickets.A
Trojan.Dialer.Premium
Adware.Gator.A
(these are what i found from the bitdefender scan log)
I don't put the whole scan log here now, becouse it's so damn long :( But i can show it if it's neccessary.
Most of the infected files are infected by Win32.Jeefo.A.dam and GenPack:Trojan.Downloader.Agent.TD. And most of the infected files are in System Volume Information -files.
I guess many of those viruses have been quite a long while in my computer, but i haven't found any problems caused by them (if i remember this right now.).
I also did some other scans (Trend micro online scan, ad-aware se scans etc.) and they did clean/remove most of the problems what they found.
Here's my Kaspersky online scan's log:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 19:25:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 169658
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics:
Total number of scanned objects: 192010
Number of viruses found: 27
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 8847 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\22A2626E-99E4-4040-BA60-E2B656.bac_a00604 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604 Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMEIIAPI.dll.tcf.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMESys.exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6034
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\Del29.tmp.bac_a00604 Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\EGIEProcess.dll.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\kw[1].exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.EliteBar.ao
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/10a.exe Infected: not-a-virus:AdWare.Win32.WinAD.bf
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/vonner.exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\!update.exe Infected: not-a-virus:AdWare.Win32.PurityScan.cu
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\res2A.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.g
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\WXIJKTYJ\content25360-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\O5AN0L2J\content23599-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Program Files\Microsoft AntiSpyware\Quarantine\326DC0E2-BBE9-4DE8-9794-B42B08\6891859C-7CCC-46E4-99DC-C6B590 Infected: not-a-virus:AdWare.Win32.180Solutions.b
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\WINDOWS\noC=.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\SK@J:exsglm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\SK@J:vqsazq:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\int_ver32b.oc$ Infected: not-a-virus:Porn-Dialer.Win32.Creazione.x
C:\WINDOWS\system32\mousecrm.exe Infected: Backdoor.Win32.Agent.mo
C:\WINDOWS\system32\ysbactivex.dll.tc$ Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\Temp\MT\PornAttitude[1].exe Infected: not-a-virus:Porn-Dialer.Win32.CapreDeam.c
C:\winstall.exe.tcf Infected: not-virus:Hoax.Win32.Renos.al
D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf Infected: not-a-virus:AdWare.Win32.Comet.p
D:\Program Files\Common Files\CMEII\GIocl.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GMTProxy.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GObjs.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GStoreServer.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\Gtools.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\GMT\GatorRes.dll Infected: not-a-virus:AdWare.Win32.Gator.6041
E:\DC++\extfix.exe Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar/FOOTBALL MANAGER 2006 FRENCH CRACK NOCD+SERIAL+KEYGEN/La 1ère astuce pour tricher avec eurobarre/Eurofake.exe Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\DC++\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612
Scan process completed.
And my current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 20:02:51, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\HiJackThis!\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
Thanks jaishankar, i noticed your reply after doing my new update.
I'll try to do that, what you wrote, tomorrow (though i have had problems with safe mode before..). It's late now.
I'll try to do that, what you wrote, tomorrow (though i have had problems with safe mode before..). It's late now.
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
Put a check mark on the above entries and let HijacktThis fix them.
Go to Add Remove Programs in Control Panel and uninstall 'blondes' if u find and also remove the folder from the Program Files directory
I think u didn't disable the System Restore b4 performing the scans. If u dont disable it Infections will still be left there and they can reinfect ur system. Just disable it and re-enable it.
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
Put a check mark on the above entries and let HijacktThis fix them.
Go to Add Remove Programs in Control Panel and uninstall 'blondes' if u find and also remove the folder from the Program Files directory
I think u didn't disable the System Restore b4 performing the scans. If u dont disable it Infections will still be left there and they can reinfect ur system. Just disable it and re-enable it.
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
|
Similar Threads
- For greycat: spyware, virus problems (Viruses, Spyware and other Nasties)
- spyware, virus problems (Viruses, Spyware and other Nasties)
- Unknown browser problems (Viruses, Spyware and other Nasties)
- Help my virus problems with logs and evidence (Viruses, Spyware and other Nasties)
- Display Problems (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: New to the board, can someone look my hijackthis log...
- Next Thread: Spyware on dEsktop Please, help me out
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
