Pop-uppeja, sekoilua, kaatumista.. HjT-logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 13.11.2025 / 12:53

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > pop-uppeja, sekoilua, kaatumista.. hjt-logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Pop-uppeja, sekoilua, kaatumista.. HjT-logi

Siirry:

Kirjoittaja

Viesti

blindpeer

Member

2 tuotearviota

11. toukokuuta 2008 @ 11:00

Linkki tähän viestiin

Viimeks tais jäädä puhdistus puoli tiehen kun tuli armeijaan lähtö.. Nyttenkin tuplakinkku edessä, mutta jos sais broidin hoitaan asian.

Kone alkanu heittämään pop-uppeja (TurvaPC.com ja PokerStrategy.com), lisäksi kone kaatuilee (kaikki häviää, vain taustakuva jää jäljelle), kone on hidas. Omituisimpana ongelmana on, että FireFox ei saa välillä sivuja auki vaikka kuinka latailee.

Kone scannattu SpyBotilla, Ad-Awarella, Norton Anti-Viruksella, AVG Anti-Spywarella ja Windows Defenderillä.

Tässä olis HjT-logia:

Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:30, on 11.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
F:\HyötyOhjelmat\Ad-Aware 2007 Professional\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\HyötyOhjelmat\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\HyötyOhjelmat\Winamp\winampa.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\hyötyohjelmat\bandwidthmonitor pro\Bandwidth Monitor Pro.exe
C:\WINDOWS\system32\ctfmon.exe
F:\HyötyOhjelmat\DAEMON Tools Pro\DTProAgent.exe
F:\HyötyOhjelmat\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
F:\HYTYOH~2\FREEDO~1\fdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] F:\HyötyOhjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BM5b72fedd] Rundll32.exe "C:\WINDOWS\system32\mgfegfse.dll",s
O4 - HKCU\..\Run: [µTorrent] "F:\P2P\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "F:\hyötyohjelmat\bandwidthmonitor pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\HyötyOhjelmat\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: SecureDoc.lnk.disabled
O4 - Global Startup: Windowsin työpöytähaku.lnk.disabled
O8 - Extra context menu item: &NeoTrace It! - F:\HYTYOH~2\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Append to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download video with Free Download Manager - file://F:\HyötyOhjelmat\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lataa FDM:llä - file://F:\HyötyOhjelmat\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://F:\HyötyOhjelmat\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://F:\HyötyOhjelmat\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://F:\MICROS~1\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://F:\MICROS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\HYTYOH~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\HYTYOH~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - F:\HYTYOH~2\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1187688439968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1187688425046
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...iaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://www.isaackorea.net/update/ansim/ilkactx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft\Office XP Professional\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\HyötyOhjelmat\Ad-Aware 2007 Professional\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\InCD\InCDsrv.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: IWin service - Symantec Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\HyötyOhjelmat\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 14911 bytes

EDIT: Eli kyseessä Virtumonde haittaohjelma. Latasin F-Securen sivuilta poisto-ohjelman (http://www.f-secure.com/sw-desc/virtumonde.shtml). Ajoin sen läpi. Tuossa tulos:

Nyt koneen rebootti ja uusi HjT-login postaus..

[ + lainaa]

blind_peer

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. toukokuuta 2008 @ 11:10

blindpeer

Member

2 tuotearviota

11. toukokuuta 2008 @ 11:54

Linkki tähän viestiin

Enään en saanu Afterdawnia auki omalla koneella :/

Mutta toisella koneella pääsin tänne..

Tässäpä logi:

Lainaus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:31, on 11.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
F:\HyötyOhjelmat\Ad-Aware 2007 Professional\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\HyötyOhjelmat\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\HyötyOhjelmat\Winamp\winampa.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
F:\hyötyohjelmat\bandwidthmonitor pro\Bandwidth Monitor Pro.exe
C:\WINDOWS\system32\ctfmon.exe
F:\HyötyOhjelmat\DAEMON Tools Pro\DTProAgent.exe
F:\HyötyOhjelmat\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: {13af58fc-6c27-d1a8-1064-d1740e1419a2} - {2a9141e0-471d-4601-8a1d-72c6cf85fa31} - C:\WINDOWS\system32\dmwywjkd.dll
O2 - BHO: (no name) - {438472A6-C636-4285-9A71-7B8E7612FB9E} - C:\WINDOWS\system32\iifdCRJC.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\HYTYOH~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\khfCutuR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {81CAD625-02EC-48BF-A2B6-3933B806A01C} - C:\WINDOWS\system32\xxyvuVPI.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\HyötyOhjelmat\Free Download Manager\iefdm2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] F:\HyötyOhjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BM5b72fedd] Rundll32.exe "C:\WINDOWS\system32\mgfegfse.dll",s
O4 - HKCU\..\Run: [µTorrent] "F:\P2P\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "F:\hyötyohjelmat\bandwidthmonitor pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\HyötyOhjelmat\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: SecureDoc.lnk.disabled
O4 - Global Startup: Windowsin työpöytähaku.lnk.disabled
O8 - Extra context menu item: &NeoTrace It! - F:\HYTYOH~2\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Append to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Adobe\Adobe Acrobat 8 Professional\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download video with Free Download Manager - file://F:\HyötyOhjelmat\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lataa FDM:llä - file://F:\HyötyOhjelmat\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://F:\HyötyOhjelmat\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://F:\HyötyOhjelmat\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://F:\MICROS~1\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://F:\MICROS~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\HYTYOH~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\HYTYOH~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - F:\HYTYOH~2\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1187688439968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1187688425046
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...iaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://www.isaackorea.net/update/ansim/ilkactx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft\Office XP Professional\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: khfCutuR - khfCutuR.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\HyötyOhjelmat\Ad-Aware 2007 Professional\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\HyötyOhjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\InCD\InCDsrv.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: IWin service - Symantec Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - F:\Hyöty Ohjelmat\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\HyötyOhjelmat\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15842 bytes

EDIT: Ja kuva uudelleen ajetusta F-Securen poisto-ohjelmasta:

Myöskään VundoFix ei löydä yhtään tartuntaa..

Kone ei päästä millään selaimella Afterdawniin (tai useimmille muille sivuille,mutta esim. kotisivun aukaisee), myöskään hakukoneilla ei voi tehdä hakuja.. En tiedä onko kyseessä virus vai onko mennyt jotenkin muuten sekaisin koko kone :'(

[ + lainaa]

blind_peer

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. toukokuuta 2008 @ 12:58

blindpeer

Member

2 tuotearviota

11. toukokuuta 2008 @ 21:15

Linkki tähän viestiin

Ajoin vielä ComboFixin, poisti jotain, mutta logia ei saa nyt upittua..

Taitaa mennä Winukan uudelleen asennukseks.. Netti (uTorrent yms.) toimii muuten erinomaisesti, mutta millään selaimella (IE, Opera, FF) ei pääse mihinkään. Koitin verkkokortin ajuritkin asentaa but no luck.

Mut nyt varuskunnan kautta mehtään. 3n viikon päästä takasin ja uudestaan neuvoja kyselemään, jos ilmenee ongelmia vielä.

[ + lainaa]

blind_peer

Hujo

Suspended permanently

12. toukokuuta 2008 @ 14:37

Linkki tähän viestiin

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

=========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

=============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Mainos

blindpeer

Member

2 tuotearviota

31. toukokuuta 2008 @ 14:23

Linkki tähän viestiin

Tässäpä olisi logeja:

VundoFix:

Lainaus:

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 3:49:44 21.8.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V7.0.3

Scan started at 12:41:13 11.5.2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.5

Scan started at 09:13:33 2008-05-31

Listing files found while scanning....

No infected files were found.

SDFix:

Lainaus:

SDFix: Version 1.187
Run by J?rjestelm?nvalvoja on 2008-05-31 at 10:10

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\J?rjestelm?nvalvoja\Local Settings\Temp\uttA.tmp.exe - Deleted
C:\Documents and Settings\J?rjestelm?nvalvoja\Local Settings\Temp\uttF.tmp.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 10:18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000002
"ujdew"=hex:e2,1c,f6,61,a4,3a,9d,90,f1,c5,1f,22,54,18,ef,a6,81,0f,31,17,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:28,92,7b,d2,ed,86,a7,a9,1f,44,fd,60,04,e3,e8,80,fe,d5,70,70,5d,..
"p0"="F:\HyötyOhjelmat\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,23,5e,e3,d3,a4,54,24,80,f3,d0,31,ac,29,42,9e,0e,..
"hdf12"=hex:d0,62,33,57,1f,34,25,50,07,3f,a4,88,98,82,dc,a5,d1,47,6e,97,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:99,40,51,9a,71,a6,6a,ae,62,99,45,07,93,cb,41,d0,ab,1c,a8,ac,24,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:6d,5c,1f,02,fb,eb,69,64,bb,64,cb,a8,02,3e,d8,44,6c,24,89,ba,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:7c,46,c6,92,80,d2,e5,64,a7,0c,b7,86,fb,a7,98,96,93,bb,a4,29,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:84,8c,40,a5,c3,31,05,a9,45,1b,2a,06,b3,bb,24,fd,6b,dc,d3,13,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000002
"ujdew"=hex:e6,b4,20,4b,d7,a8,8c,25,c4,43,e2,b0,f0,ed,a3,df,15,28,f1,f8,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:28,92,7b,d2,ed,86,a7,a9,1f,44,fd,60,04,e3,e8,80,fe,d5,70,70,5d,..
"p0"="F:\HyötyOhjelmat\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,23,5e,e3,d3,a4,54,24,80,f3,d0,31,ac,29,42,9e,0e,..
"hdf12"=hex:d0,62,33,57,1f,34,25,50,07,3f,a4,88,98,82,dc,a5,d1,47,6e,97,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:48,91,a1,2f,10,30,4c,6f,8e,7d,a4,4e,4b,41,88,f7,cf,98,16,f6,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:23,a3,f7,fb,02,e6,59,fa,8c,f8,5b,1a,5a,de,02,97,d6,e4,f1,8f,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:e5,50,8b,98,01,0f,62,20,be,92,a4,1a,2a,0d,45,9a,40,6e,ef,b8,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:84,8c,40,a5,c3,31,05,a9,45,1b,2a,06,b3,bb,24,fd,6b,dc,d3,13,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000002
"ujdew"=hex:e6,b4,20,4b,d7,a8,8c,25,c4,43,e2,b0,f0,ed,a3,df,15,28,f1,f8,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:28,92,7b,d2,ed,86,a7,a9,1f,44,fd,60,04,e3,e8,80,fe,d5,70,70,5d,..
"p0"="F:\HyötyOhjelmat\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,23,5e,e3,d3,a4,54,24,80,f3,d0,31,ac,29,42,9e,0e,..
"hdf12"=hex:d0,62,33,57,1f,34,25,50,07,3f,a4,88,98,82,dc,a5,d1,47,6e,97,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:23,a3,f7,fb,02,e6,59,fa,8c,f8,5b,1a,5a,de,02,97,d6,e4,f1,8f,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:46,16,f2,a5,d1,a9,e6,e3,13,1f,29,4f,19,fd,63,6f,06,87,29,c8,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:d7,23,a2,f2,9a,8b,01,98,e2,5f,8e,48,9b,41,db,49,49,6c,aa,06,12,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:84,8c,40,a5,c3,31,05,a9,45,1b,2a,06,b3,bb,24,fd,6b,dc,d3,13,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2a5600c4
"s2"=dword:812860ab
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000002
"ujdew"=hex:e6,b4,20,4b,d7,a8,8c,25,c4,43,e2,b0,f0,ed,a3,df,15,28,f1,f8,83,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:28,92,7b,d2,ed,86,a7,a9,1f,44,fd,60,04,e3,e8,80,fe,d5,70,70,5d,..
"p0"="F:\HyötyOhjelmat\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,23,5e,e3,d3,a4,54,24,80,f3,d0,31,ac,29,42,9e,0e,..
"hdf12"=hex:d0,62,33,57,1f,34,25,50,07,3f,a4,88,98,82,dc,a5,d1,47,6e,97,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:22,09,d9,55,bd,1d,24,00,e8,e9,41,97,c4,fc,02,75,64,1c,76,e8,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:c4,ec,0b,8d,97,a8,a4,ed,cc,89,82,11,a4,97,c7,a7,4e,77,3f,f9,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:e5,50,8b,98,01,0f,62,20,be,92,a4,1a,2a,0d,45,9a,40,6e,ef,b8,08,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:84,8c,40,a5,c3,31,05,a9,45,1b,2a,06,b3,bb,24,fd,6b,dc,d3,13,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000002
"ujdew"=hex:e6,b4,20,4b,d7,a8,8c,25,c4,43,e2,b0,f0,ed,a3,df,15,28,f1,f8,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:28,92,7b,d2,ed,86,a7,a9,1f,44,fd,60,04,e3,e8,80,fe,d5,70,70,5d,..
"p0"="F:\HyötyOhjelmat\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,23,5e,e3,d3,a4,54,24,80,f3,d0,31,ac,29,42,9e,0e,..
"hdf12"=hex:d0,62,33,57,1f,34,25,50,07,3f,a4,88,98,82,dc,a5,d1,47,6e,97,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:22,09,d9,55,bd,1d,24,00,e8,e9,41,97,c4,fc,02,75,64,1c,76,e8,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:c4,ec,0b,8d,97,a8,a4,ed,cc,89,82,11,a4,97,c7,a7,4e,77,3f,f9,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:e5,50,8b,98,01,0f,62,20,be,92,a4,1a,2a,0d,45,9a,40,6e,ef,b8,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:84,8c,40,a5,c3,31,05,a9,45,1b,2a,06,b3,bb,24,fd,6b,dc,d3,13,e5,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B00F15351AEA8A249A5708E4549F2579]
"P9}X\xbe\f?@\2Ì?\bï\x2039?|& }U& }\xa0\x008f9}\x90\xbd\f?X9}\xa8\22"=str(7):"C:\WINDOWS\Microsoft.NET\Framewor\b\3@\0CA_CacheGACAssembly\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\Ø?\xffff\xffff?ù6\2]
"P9}X\xbe\f?@\2Ì?\bï\x2039?|& }U& }\xa0\x008f9}\x90\xbd\f?X9}\xa8\22"=str(7):"C:\WINDOWS\Microsoft.NET\Framewor\b\3@\0CA_CacheGACAssembly\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E728B571-C610-E465-43AB-50346CB324D5}]

scanning hidden files ...

C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\lulock.dat
C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\tmp5f0d.tmp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\lulock.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5f17.tmp

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\P2P\\uTorrent\\utorrent.exe"="F:\\P2P\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\P2P\\RevConnect\\DCPlusPlus.exe"="F:\\P2P\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"
"E:\\HL2\\SteamApps\\blind_peer\\day of defeat source\\hl2.exe"="E:\\HL2\\SteamApps\\blind_peer\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"E:\\HL2\\SteamApps\\blind_peer\\counter-strike source\\hl2.exe"="E:\\HL2\\SteamApps\\blind_peer\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"E:\\HL2\\SteamApps\\blind_peer\\half-life 2\\hl2.exe"="E:\\HL2\\SteamApps\\blind_peer\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\bluetoothDispatcher.exe"="C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\bluetoothDispatcher.exe:*:Enabled:bluetoothDispatcher"
"C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\phoneNumberRegistry.exe"="C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\phoneNumberRegistry.exe:*:Enabled:phoneNumberRegistry"
"C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\rendezvous.exe"="C:\\Nokia\\Tools\\Nokia_Connectivity_Framework\\bin\\rendezvous.exe:*:Enabled:rendezvous"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"E:\\FlatOut2\\flatout2.exe"="E:\\FlatOut2\\flatout2.exe:*:Enabled:flatout2"
"E:\\HL2\\SteamApps\\blind_peer\\deathmatch classic\\hl.exe"="E:\\HL2\\SteamApps\\blind_peer\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Microsoft\\Office XP Professional\\Office12\\OUTLOOK.EXE"="F:\\Microsoft\\Office XP Professional\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\\Microsoft\\Office XP Professional\\Office12\\GROOVE.EXE"="F:\\Microsoft\\Office XP Professional\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\\Microsoft\\Office XP Professional\\Office12\\ONENOTE.EXE"="F:\\Microsoft\\Office XP Professional\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\\AoE3\\age3x.exe"="G:\\AoE3\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\\HL2\\Steam.exe"="E:\\HL2\\Steam.exe:*:Enabled:Steam"
"E:\\MOHAA\\mohaa.exe"="E:\\MOHAA\\mohaa.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"E:\\MOHAA\\moh_spearhead.exe"="E:\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"E:\\MOHAA\\moh_breakthrough.exe"="E:\\MOHAA\\moh_breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"E:\\TF2\\[psy] Team Fortress 2 v - 1.0.0.4\\hl2.exe"="E:\\TF2\\[psy] Team Fortress 2 v - 1.0.0.4\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"J:\\PELIT\\R6-Vegas\\Binaries\\R6Vegas_Game.exe"="J:\\PELIT\\R6-Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"J:\\PELIT\\R6-Vegas\\Binaries\\R6Vegas_Launcher.exe"="J:\\PELIT\\R6-Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"J:\\PELIT\\Crysis\\Bin32\\Crysis.exe"="J:\\PELIT\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"J:\\PELIT\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="J:\\PELIT\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"J:\\PELIT\\BlackSite-Area51\\Binaries\\BlackSite.exe"="J:\\PELIT\\BlackSite-Area51\\Binaries\\BlackSite.exe:*:Enabled:Blacksite Area 51"
"J:\\PELIT\\Painkiller Overdose\\Bin\\Overdose.exe"="J:\\PELIT\\Painkiller Overdose\\Bin\\Overdose.exe:*:Enabled:Painkiller Overdose"
"J:\\PELIT\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"="J:\\PELIT\\Painkiller Overdose\\Bin\\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor"
"J:\\PELIT\\Painkiller Overdose\\Bin\\OverdoseServer.exe"="J:\\PELIT\\Painkiller Overdose\\Bin\\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server"
"G:\\Kane and Lynch\\kaneandlynch.exe"="G:\\Kane and Lynch\\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men"
"E:\\DukeNukemCompilation\\HRP-Penthouse.Paradise\\DUKE3D.EXE"="E:\\DukeNukemCompilation\\HRP-Penthouse.Paradise\\DUKE3D.EXE:*:Enabled:DUKE3D"
"J:\\PELIT\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="J:\\PELIT\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears Of War"
"E:\\DukeNukemCompilation\\HRP-The.Gate\\Eduke32.exe"="E:\\DukeNukemCompilation\\HRP-The.Gate\\Eduke32.exe:*:Enabled:Eduke32"
"E:\\DukeNukemCompilation\\HRP-Xtreme!\\DUKE3D.EXE"="E:\\DukeNukemCompilation\\HRP-Xtreme!\\DUKE3D.EXE:*:Enabled:DUKE3D"
"G:\\The Club\\Launcher.exe"="G:\\The Club\\Launcher.exe:*:Enabled:The Club Launcher"
"G:\\The Club\\TheClub.exe"="G:\\The Club\\TheClub.exe:*:Enabled:The Club"
"J:\\PELIT\\Hour of Victory\\Binaries\\LTCG-HOVGame.exe"="J:\\PELIT\\Hour of Victory\\Binaries\\LTCG-HOVGame.exe:*:Enabled:Hour of Victory"
"G:\\CoD4\\iw3mp.exe"="G:\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"J:\\PELIT\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"="J:\\PELIT\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe:*:Enabled:Turning Point - Fall of Liberty"
"J:\\PELIT\\Frontlines - Fuel of War\\Binaries\\FFOW.exe"="J:\\PELIT\\Frontlines - Fuel of War\\Binaries\\FFOW.exe:*:Enabled:Frontlines Game"
"J:\\PELIT\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="J:\\PELIT\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"J:\\PELIT\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="J:\\PELIT\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="J:\\PELIT\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"J:\\PELIT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="J:\\PELIT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"J:\\PELIT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="J:\\PELIT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"J:\\PELIT\\Team Fortress 2\\hl2.exe"="J:\\PELIT\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\JRJEST~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 30 Dec 2007 24 ..SH. --- "C:\WINDOWS\SD2B09628.tmp"
Sun 21 Jan 2007 1,888 A..H. --- "C:\WINDOWS\system32\starting.reg"
Tue 2 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\27d4a83e15599dacf71be27edd0b072a\BIT6.tmp"
Mon 25 Feb 2008 16,065 ...HR --- "C:\Documents and Settings\J?rjestelm?nvalvoja\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Malwarebytes' Anti-Malware 1.14

Lainaus:
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 807

14:10:38 2008-05-31
mbam-log-5-31-2008 (14-10-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|Q:\|X:\|)
Tarkistetut kohteet: 515005
Kulunut aika: 3 hour(s), 25 minute(s), 17 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
D:\xxx\xxx\xxx\xxx.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
J:\xxx\xxx\xxx.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Eipä tunnu vieläkään selaimet toimivan. Jotkin sivut toimivat, kun laittaa sivun kotisivuksi (esim. Travian). Toiset eivät silti esim. AD:n sivuille pääsee, mutta linkit ei toimi. MicroSoftin sivuille pääsee ja pystyy etsimään päivitykset, mutta niitä ei voi ladata. Googleen pääsee, mutta haku ei toimi. Nyt taas tupla kinkku intissä eli seuraavaan reiluun pariin viikkoon en pääse säätämään koneen kanssa, mutta sitten jussina taas.

[ + lainaa]

blind_peer

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 31. toukokuuta 2008 @ 14:26

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > pop-uppeja, sekoilua, kaatumista.. hjt-logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.