|
Kone sammuu 5 minuutin päästä käynnistämisesta
|
|
|
hartsa82
Member
|
11. marraskuuta 2008 @ 17:00 |
Linkki tähän viestiin
|
Voiko joku tarkistaa lokin?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:15, on 11.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Save Size] "C:\ProgramData\64 Pop Pop.3uz0m4x"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
--
End of file - 4588 bytes
|
Senior Member
4 tuotearviota
|
11. marraskuuta 2008 @ 17:21 |
Linkki tähän viestiin
|
On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen
Lataa Lop S&D täältä
Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
|
|
hartsa82
Member
|
11. marraskuuta 2008 @ 17:27 |
Linkki tähän viestiin
|
Tässä loki:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista? Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : hullu j ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( ti 11.11.2008|17:24 )
[ UAC => 1 ]
--------------------\\ Listaa hakemistoja sijainnissa Local
[19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
[08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
[10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
[10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
[11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
[08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
[15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
[11.11.2008|17:22] C:\Users\HULLUJ~1\AppData\Local\Temp
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
[13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
[3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
[12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks
[11.11.2008 16:49][--ah-----] C:\Windows\tasks\SA.DAT
[11.11.2008 16:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData
[11.11.2008|16:49] C:\ProgramData\.zreglib
[28.10.2008|00:54] C:\ProgramData\64 Pop Pop.3uz0m4x
[28.10.2008|00:54] C:\ProgramData\64 Pop Pop.zkgtj0
[10.11.2008|17:19] C:\ProgramData\Admin Inter 1 Mags
[07.10.2008|22:12] C:\ProgramData\Adobe
[02.11.2006|15:02] C:\ProgramData\Application Data
[07.12.2007|20:37] C:\ProgramData\ATI
[08.09.2008|17:09] C:\ProgramData\CyberLink
[02.11.2006|15:02] C:\ProgramData\Desktop
[02.11.2006|15:02] C:\ProgramData\Documents
[05.11.2008|12:40] C:\ProgramData\DVD Shrink
[02.11.2006|15:02] C:\ProgramData\Favorites
[28.10.2008|00:54] C:\ProgramData\Flag First
[11.11.2008|15:41] C:\ProgramData\Grisoft
[08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
[07.12.2007|20:42] C:\ProgramData\HP
[07.12.2007|20:42] C:\ProgramData\hpzinstall.log
[08.09.2008|16:48] C:\ProgramData\K?ynnist?-valikko
[23.09.2008|18:29] C:\ProgramData\LightScribe
[08.09.2008|16:48] C:\ProgramData\Mallit
[10.11.2008|18:17] C:\ProgramData\Malwarebytes
[10.11.2008|11:27] C:\ProgramData\Microsoft
[07.12.2007|20:49] C:\ProgramData\muvee Technologies
[09.11.2008|18:10] C:\ProgramData\ntuser.pol
[07.12.2007|20:58] C:\ProgramData\PC-Doctor
[16.09.2008|13:39] C:\ProgramData\SlySoft
[10.11.2008|16:56] C:\ProgramData\Solt Lake Software
[02.11.2006|15:02] C:\ProgramData\Start Menu
[08.09.2008|16:48] C:\ProgramData\Suosikit
[09.11.2008|17:33] C:\ProgramData\Symantec
[02.11.2006|15:02] C:\ProgramData\Templates
[08.09.2008|16:48] C:\ProgramData\Tiedostot
[08.09.2008|16:48] C:\ProgramData\Ty?p?yt?
[28.10.2008|13:06] C:\ProgramData\WindowsSearch
[5|tiedosto(a)] C:\ProgramData\tavua
[31|kansio(ta)] C:\ProgramData\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[14.10.2008|12:46] C:\Program Files\7-Zip
[07.10.2008|22:12] C:\Program Files\Adobe
[11.11.2008|10:52] C:\Program Files\Alwil Software
[07.12.2007|20:32] C:\Program Files\ATI
[07.12.2007|20:33] C:\Program Files\ATI Technologies
[28.10.2008|17:39] C:\Program Files\BitComet
[20.10.2008|19:33] C:\Program Files\BitTorrent
[23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
[11.11.2008|15:31] C:\Program Files\CCleaner
[09.11.2008|17:31] C:\Program Files\Common Files
[07.12.2007|20:47] C:\Program Files\CyberLink
[10.09.2008|21:12] C:\Program Files\DivX
[09.11.2008|17:34] C:\Program Files\DNA
[16.09.2008|11:28] C:\Program Files\DVD Shrink
[14.10.2008|21:01] C:\Program Files\ffdshow
[11.11.2008|15:41] C:\Program Files\Grisoft
[07.12.2007|20:59] C:\Program Files\Hewlett-Packard
[10.11.2008|17:19] C:\Program Files\HP
[07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
[21.10.2008|18:37] C:\Program Files\Internet Explorer
[07.12.2007|20:51] C:\Program Files\Java
[07.12.2007|20:34] C:\Program Files\MainConcept
[10.11.2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[07.12.2007|20:53] C:\Program Files\Microsoft Office
[07.12.2007|20:53] C:\Program Files\Microsoft Works
[10.11.2008|17:19] C:\Program Files\Mobile Partner
[21.10.2008|18:37] C:\Program Files\Movie Maker
[02.11.2006|14:37] C:\Program Files\MSBuild
[07.12.2007|20:49] C:\Program Files\muvee Technologies
[07.12.2007|20:59] C:\Program Files\Online Services
[07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
[07.12.2007|20:35] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[14.10.2008|12:48] C:\Program Files\SlySoft
[09.11.2008|17:32] C:\Program Files\Symantec
[11.11.2008|16:51] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[24.09.2008|13:13] C:\Program Files\URUSoft
[23.09.2008|20:09] C:\Program Files\Webteh
[10.10.2008|11:27] C:\Program Files\Winamp
[21.10.2008|18:37] C:\Program Files\Windows Calendar
[21.10.2008|18:37] C:\Program Files\Windows Collaboration
[21.10.2008|18:37] C:\Program Files\Windows Defender
[21.10.2008|18:37] C:\Program Files\Windows Journal
[21.10.2008|18:37] C:\Program Files\Windows Mail
[21.10.2008|18:37] C:\Program Files\Windows Media Player
[08.09.2008|16:48] C:\Program Files\Windows NT
[21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
[21.10.2008|18:37] C:\Program Files\Windows Sidebar
[28.10.2008|12:19] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[53|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[07.10.2008|22:12] C:\Program Files\Common Files\Adobe
[07.12.2007|20:42] C:\Program Files\Common Files\HP
[07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
[07.12.2007|20:51] C:\Program Files\Common Files\Java
[07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
[07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
[07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
[07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
[10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
[21.10.2008|18:37] C:\Program Files\Common Files\System
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 26 Processes )
iexplore.exe ~ [PID:1212]
--------------------\\ Etsii S_Lopilla
C:\ProgramData\64 Pop Pop.zkgtj0
C:\ProgramData\64 Pop Pop.3uz0m4x
C:\ProgramData\FLAGFI~1
C:\ProgramData\FLAGFI~1\Mp3Drive.exe
C:\ProgramData\FLAGFI~1\otgnexha.exe
--------------------\\ Etsii Lopin tiedostoja ja kansioita
C:\ProgramData\Admin Inter 1 Mags
C:\Users\HULLUJ~1\AppData\Local\Temp\nst15B3.tmp
C:\Users\HULLUJ~1\AppData\Local\Temp\nst935.tmp
--------------------\\ Etsii rekisterikohteita
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mpeg Admin Dvd]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\FLAGFI~1\\Mp3Drive.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Save Size"="\"C:\\ProgramData\\64 Pop Pop.3uz0m4x\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:24:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Tarkistaa muita infektioita
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
--------------------\\ Cracks & Keygens ..
C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe
[F:48][D:9]-> C:\Users\HULLUJ~1\AppData\Local\Temp
[F:31][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:421][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:3][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]
--------------------\\ Tarkistus valmistui 17:24:44
[ UAC => 1 ]
|
Senior Member
4 tuotearviota
|
11. marraskuuta 2008 @ 17:54 |
Linkki tähän viestiin
|
Jeps loppi ja TDSS siellä on.
Käynnistä Lop S&D
Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
|
|
hartsa82
Member
|
11. marraskuuta 2008 @ 18:16 |
Linkki tähän viestiin
|
Malwarebytesin päivitys ei onnistunut. Tässä lopR- ja Hjt-lokit.
lopR-loki:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista? Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : hullu j ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( ti 11.11.2008|17:57 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa
Poistettu! - C:\Users\HULLUJ~1\AppData\Local\Temp\nst15B3.tmp
Poistettu! - C:\Users\HULLUJ~1\AppData\Local\Temp\nst935.tmp
Poistettu! - C:\ProgramData\64 Pop Pop.zkgtj0
Poistettu! - C:\ProgramData\64 Pop Pop.3uz0m4x
Poistettu! - C:\ProgramData\FLAGFI~1\Mp3Drive.exe
Poistettu! - C:\ProgramData\FLAGFI~1\otgnexha.exe
Poistettu! - C:\ProgramData\Admin Inter 1 Mags
Poistettu! - C:\ProgramData\FLAGFI~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listaa hakemistoja sijainnissa Local
[19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
[08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
[10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
[10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
[11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
[08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
[15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
[11.11.2008|17:57] C:\Users\HULLUJ~1\AppData\Local\Temp
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
[13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
[3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
[12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks
[11.11.2008 16:49][--ah-----] C:\Windows\tasks\SA.DAT
[11.11.2008 16:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData
[11.11.2008|16:49] C:\ProgramData\.zreglib
[07.10.2008|22:12] C:\ProgramData\Adobe
[02.11.2006|15:02] C:\ProgramData\Application Data
[07.12.2007|20:37] C:\ProgramData\ATI
[08.09.2008|17:09] C:\ProgramData\CyberLink
[02.11.2006|15:02] C:\ProgramData\Desktop
[02.11.2006|15:02] C:\ProgramData\Documents
[05.11.2008|12:40] C:\ProgramData\DVD Shrink
[02.11.2006|15:02] C:\ProgramData\Favorites
[11.11.2008|15:41] C:\ProgramData\Grisoft
[08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
[07.12.2007|20:42] C:\ProgramData\HP
[07.12.2007|20:42] C:\ProgramData\hpzinstall.log
[08.09.2008|16:48] C:\ProgramData\K?ynnist?-valikko
[23.09.2008|18:29] C:\ProgramData\LightScribe
[08.09.2008|16:48] C:\ProgramData\Mallit
[10.11.2008|18:17] C:\ProgramData\Malwarebytes
[10.11.2008|11:27] C:\ProgramData\Microsoft
[07.12.2007|20:49] C:\ProgramData\muvee Technologies
[09.11.2008|18:10] C:\ProgramData\ntuser.pol
[07.12.2007|20:58] C:\ProgramData\PC-Doctor
[16.09.2008|13:39] C:\ProgramData\SlySoft
[10.11.2008|16:56] C:\ProgramData\Solt Lake Software
[02.11.2006|15:02] C:\ProgramData\Start Menu
[08.09.2008|16:48] C:\ProgramData\Suosikit
[09.11.2008|17:33] C:\ProgramData\Symantec
[02.11.2006|15:02] C:\ProgramData\Templates
[08.09.2008|16:48] C:\ProgramData\Tiedostot
[08.09.2008|16:48] C:\ProgramData\Ty?p?yt?
[28.10.2008|13:06] C:\ProgramData\WindowsSearch
[3|tiedosto(a)] C:\ProgramData\tavua
[29|kansio(ta)] C:\ProgramData\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[14.10.2008|12:46] C:\Program Files\7-Zip
[07.10.2008|22:12] C:\Program Files\Adobe
[11.11.2008|10:52] C:\Program Files\Alwil Software
[07.12.2007|20:32] C:\Program Files\ATI
[07.12.2007|20:33] C:\Program Files\ATI Technologies
[28.10.2008|17:39] C:\Program Files\BitComet
[20.10.2008|19:33] C:\Program Files\BitTorrent
[23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
[11.11.2008|15:31] C:\Program Files\CCleaner
[09.11.2008|17:31] C:\Program Files\Common Files
[07.12.2007|20:47] C:\Program Files\CyberLink
[10.09.2008|21:12] C:\Program Files\DivX
[09.11.2008|17:34] C:\Program Files\DNA
[16.09.2008|11:28] C:\Program Files\DVD Shrink
[14.10.2008|21:01] C:\Program Files\ffdshow
[11.11.2008|15:41] C:\Program Files\Grisoft
[07.12.2007|20:59] C:\Program Files\Hewlett-Packard
[10.11.2008|17:19] C:\Program Files\HP
[07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
[21.10.2008|18:37] C:\Program Files\Internet Explorer
[07.12.2007|20:51] C:\Program Files\Java
[07.12.2007|20:34] C:\Program Files\MainConcept
[10.11.2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[07.12.2007|20:53] C:\Program Files\Microsoft Office
[07.12.2007|20:53] C:\Program Files\Microsoft Works
[10.11.2008|17:19] C:\Program Files\Mobile Partner
[21.10.2008|18:37] C:\Program Files\Movie Maker
[02.11.2006|14:37] C:\Program Files\MSBuild
[07.12.2007|20:49] C:\Program Files\muvee Technologies
[07.12.2007|20:59] C:\Program Files\Online Services
[07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
[07.12.2007|20:35] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[14.10.2008|12:48] C:\Program Files\SlySoft
[09.11.2008|17:32] C:\Program Files\Symantec
[11.11.2008|16:51] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[24.09.2008|13:13] C:\Program Files\URUSoft
[23.09.2008|20:09] C:\Program Files\Webteh
[10.10.2008|11:27] C:\Program Files\Winamp
[21.10.2008|18:37] C:\Program Files\Windows Calendar
[21.10.2008|18:37] C:\Program Files\Windows Collaboration
[21.10.2008|18:37] C:\Program Files\Windows Defender
[21.10.2008|18:37] C:\Program Files\Windows Journal
[21.10.2008|18:37] C:\Program Files\Windows Mail
[21.10.2008|18:37] C:\Program Files\Windows Media Player
[08.09.2008|16:48] C:\Program Files\Windows NT
[21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
[21.10.2008|18:37] C:\Program Files\Windows Sidebar
[28.10.2008|12:19] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[53|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[07.10.2008|22:12] C:\Program Files\Common Files\Adobe
[07.12.2007|20:42] C:\Program Files\Common Files\HP
[07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
[07.12.2007|20:51] C:\Program Files\Common Files\Java
[07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
[07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
[07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
[07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
[10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
[21.10.2008|18:37] C:\Program Files\Common Files\System
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 25 Processes )
... OK !
--------------------\\ Etsii S_Lopilla
Lopin kansioita ei löytynyt !
--------------------\\ Etsii Lopin tiedostoja ja kansioita
Lopin kansioita ei löytynyt !
--------------------\\ Etsii rekisterikohteita
..... OK !
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:57:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Tarkistaa muita infektioita
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
--------------------\\ Cracks & Keygens ..
C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe
[F:45][D:7]-> C:\Users\HULLUJ~1\AppData\Local\Temp
[F:35][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:925][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:3][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ti 11.11.2008|17:58 - Option : [3]
--------------------\\ Tarkistus valmistui 17:58:12
[ UAC => 1 ]
Hjt-loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:32, on 11.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
--
End of file - 4570 bytes
|
Senior Member
4 tuotearviota
|
11. marraskuuta 2008 @ 18:24 |
Linkki tähän viestiin
|
|
|
|
hartsa82
Member
|
12. marraskuuta 2008 @ 19:39 |
Linkki tähän viestiin
|
Malwarebytesin asennus ei onnistu. Tässä viimeisimmät lokit.
lopR-loki:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista? Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : hullu j ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( ke 12.11.2008|19:35 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listaa hakemistoja sijainnissa Local
[19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
[08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
[10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
[10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
[11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
[08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
[15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
[12.11.2008|19:35] C:\Users\HULLUJ~1\AppData\Local\Temp
[08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
[13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
[3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
[12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks
[12.11.2008 19:16][--ah-----] C:\Windows\tasks\SA.DAT
[11.11.2008 18:29][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData
[12.11.2008|19:16] C:\ProgramData\.zreglib
[07.10.2008|22:12] C:\ProgramData\Adobe
[02.11.2006|15:02] C:\ProgramData\Application Data
[07.12.2007|20:37] C:\ProgramData\ATI
[08.09.2008|17:09] C:\ProgramData\CyberLink
[02.11.2006|15:02] C:\ProgramData\Desktop
[02.11.2006|15:02] C:\ProgramData\Documents
[05.11.2008|12:40] C:\ProgramData\DVD Shrink
[02.11.2006|15:02] C:\ProgramData\Favorites
[11.11.2008|15:41] C:\ProgramData\Grisoft
[08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
[07.12.2007|20:42] C:\ProgramData\HP
[07.12.2007|20:42] C:\ProgramData\hpzinstall.log
[08.09.2008|16:48] C:\ProgramData\K?ynnist?-valikko
[23.09.2008|18:29] C:\ProgramData\LightScribe
[08.09.2008|16:48] C:\ProgramData\Mallit
[10.11.2008|18:17] C:\ProgramData\Malwarebytes
[10.11.2008|11:27] C:\ProgramData\Microsoft
[07.12.2007|20:49] C:\ProgramData\muvee Technologies
[09.11.2008|18:10] C:\ProgramData\ntuser.pol
[07.12.2007|20:58] C:\ProgramData\PC-Doctor
[16.09.2008|13:39] C:\ProgramData\SlySoft
[10.11.2008|16:56] C:\ProgramData\Solt Lake Software
[02.11.2006|15:02] C:\ProgramData\Start Menu
[08.09.2008|16:48] C:\ProgramData\Suosikit
[09.11.2008|17:33] C:\ProgramData\Symantec
[02.11.2006|15:02] C:\ProgramData\Templates
[08.09.2008|16:48] C:\ProgramData\Tiedostot
[08.09.2008|16:48] C:\ProgramData\Ty?p?yt?
[28.10.2008|13:06] C:\ProgramData\WindowsSearch
[3|tiedosto(a)] C:\ProgramData\tavua
[29|kansio(ta)] C:\ProgramData\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[14.10.2008|12:46] C:\Program Files\7-Zip
[07.10.2008|22:12] C:\Program Files\Adobe
[11.11.2008|10:52] C:\Program Files\Alwil Software
[07.12.2007|20:32] C:\Program Files\ATI
[07.12.2007|20:33] C:\Program Files\ATI Technologies
[28.10.2008|17:39] C:\Program Files\BitComet
[20.10.2008|19:33] C:\Program Files\BitTorrent
[23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
[11.11.2008|15:31] C:\Program Files\CCleaner
[09.11.2008|17:31] C:\Program Files\Common Files
[07.12.2007|20:47] C:\Program Files\CyberLink
[10.09.2008|21:12] C:\Program Files\DivX
[09.11.2008|17:34] C:\Program Files\DNA
[16.09.2008|11:28] C:\Program Files\DVD Shrink
[14.10.2008|21:01] C:\Program Files\ffdshow
[11.11.2008|15:41] C:\Program Files\Grisoft
[07.12.2007|20:59] C:\Program Files\Hewlett-Packard
[10.11.2008|17:19] C:\Program Files\HP
[07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
[21.10.2008|18:37] C:\Program Files\Internet Explorer
[07.12.2007|20:51] C:\Program Files\Java
[07.12.2007|20:34] C:\Program Files\MainConcept
[11.11.2008|18:44] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[07.12.2007|20:53] C:\Program Files\Microsoft Office
[07.12.2007|20:53] C:\Program Files\Microsoft Works
[10.11.2008|17:19] C:\Program Files\Mobile Partner
[21.10.2008|18:37] C:\Program Files\Movie Maker
[02.11.2006|14:37] C:\Program Files\MSBuild
[07.12.2007|20:49] C:\Program Files\muvee Technologies
[07.12.2007|20:59] C:\Program Files\Online Services
[07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
[07.12.2007|20:35] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[14.10.2008|12:48] C:\Program Files\SlySoft
[09.11.2008|17:32] C:\Program Files\Symantec
[11.11.2008|16:51] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[24.09.2008|13:13] C:\Program Files\URUSoft
[23.09.2008|20:09] C:\Program Files\Webteh
[10.10.2008|11:27] C:\Program Files\Winamp
[21.10.2008|18:37] C:\Program Files\Windows Calendar
[21.10.2008|18:37] C:\Program Files\Windows Collaboration
[21.10.2008|18:37] C:\Program Files\Windows Defender
[21.10.2008|18:37] C:\Program Files\Windows Journal
[21.10.2008|18:37] C:\Program Files\Windows Mail
[21.10.2008|18:37] C:\Program Files\Windows Media Player
[08.09.2008|16:48] C:\Program Files\Windows NT
[21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
[21.10.2008|18:37] C:\Program Files\Windows Sidebar
[28.10.2008|12:19] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[53|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[07.10.2008|22:12] C:\Program Files\Common Files\Adobe
[07.12.2007|20:42] C:\Program Files\Common Files\HP
[07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
[07.12.2007|20:51] C:\Program Files\Common Files\Java
[07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
[07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
[07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
[07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
[10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
[21.10.2008|18:37] C:\Program Files\Common Files\System
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 26 Processes )
... OK !
--------------------\\ Etsii S_Lopilla
Lopin kansioita ei löytynyt !
--------------------\\ Etsii Lopin tiedostoja ja kansioita
Lopin kansioita ei löytynyt !
--------------------\\ Etsii rekisterikohteita
..... OK !
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
--------------------\\ Tarkistaa muita infektioita
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
--------------------\\ Cracks & Keygens ..
C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe
[F:14][D:2]-> C:\Users\HULLUJ~1\AppData\Local\Temp
[F:20][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:298][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:8][D:5]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ti 11.11.2008|17:58 - Option : [3]
3 - "C:\Lop SD\LopR_3.txt" - ke 12.11.2008|19:35 - Option : [3]
--------------------\\ Tarkistus valmistui 19:35:36
[ UAC => 1 ]
Hjt-loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:43, on 12.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
--
End of file - 4583 bytes
|
Senior Member
4 tuotearviota
|
12. marraskuuta 2008 @ 20:24 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
hartsa82
Member
|
12. marraskuuta 2008 @ 20:44 |
Linkki tähän viestiin
|
|
Ei onnistu compofixinkaan ajaminen, ilmoittaa vain että windows on havainnut ongelman ja sovellus suljetaan. Mitenhän onnistuisi?
|
Senior Member
4 tuotearviota
|
12. marraskuuta 2008 @ 21:08 |
Linkki tähän viestiin
|
|
|
|
hartsa82
Member
|
12. marraskuuta 2008 @ 21:19 |
Linkki tähän viestiin
|
|
Ei onnistu vikasietotilassakaan.
|
|
hartsa82
Member
|
13. marraskuuta 2008 @ 15:47 |
Linkki tähän viestiin
|
|
Asennettiin koko winukka uusiksi kaverin koneeseen, ku oli niin jynkässä.
|
|
Mainos
|
|
|
Senior Member
4 tuotearviota
|
13. marraskuuta 2008 @ 16:54 |
Linkki tähän viestiin
|
|
Nooh oltaisiin tuo kyllä saatu puhtaaksi mutta parempi näin ainakin pääsi 100% kaikesta eroon :D
|
