AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
maanantai 10.11.2025 / 21:43
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > omituinen virushomma
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Omituinen virushomma
  Siirry:
 
Kirjoittaja Viesti
Jonec
Newbie
_ 		26. heinäkuuta 2006 @ 07:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Moi!

Keneeseen on jostain putkahtanut suhteellisen mukava virus. Ensin oikeassa alakulmassa vilkkui joku virus alert ja selitti SpywareQuakesta. Sain sen häipymään pois (jotain muutakin roskaa ilmeisesti samalla, laitoin full system scannit sekä Ad-Awarella että Ewidolla), mutta jatkuvasti pomppii esiin rasittavia pop-uppeja (siis ihan vaan Windowsissa. Tosin Firefoxissakin aukeaa uusia ikkunoita jatkuvasti)ja kone on ihan jumissa. Melkein yhtä rasittavaksi alkaa käydä Ewido joka ilmoittaa joka puolen sekunnin välein jostain troijalaisista ja muista (kaikista eniten jostain gebcd.dll:stä, joka ilmeisesti tulee uudestaan aina kun sen poistaa/laittaa karanteeniin, en tosin tiedä liittyvätkö kaikki tuohon yhteen ja samaan vai onko viruksia enemmänkin.

Joka tapauksessa, tässä on nyt HijackThisin logi.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:40, on 26.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Johannes\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt3.dll
O2 - BHO: (no name) - {E686E5F8-92A1-4D54-A4E3-0549C079E4A3} - C:\WINDOWS\system32\gebcd.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [envece25] RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56
O4 - HKLM\..\Run: [newname] C:\\nwnmef_7.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\mlctfp.dll (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\rBsser.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\Nfindeo.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\atptif.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\atptif.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9oYW5uZXMgS2FhcmFrYWluZW4\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


Toivottavasti tähän saadaan jotain selkoa :)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 08:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hyvä kokoelma vauhdissa :)

1. Lataa http://download.bleepingcomputer.com/sUBs/combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen

Lataa SmitfraudFix (c) S!Ri
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Lähetä:

- uusi HjT-loki
- combofixin loki
- smitfraudfixin loki
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Jonec
Newbie
_ 		26. heinäkuuta 2006 @ 08:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässäpä ovat nyt nämä logit:

Start Time= ke 26.07.2006 12:12:02,39
Running from: C:\Documents and Settings\Johannes\Ty?p?yt?

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{0A47F2A0-B664-43F9-8AB3-5AAB9694FE59}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0A47F2A0-B664-43F9-8AB3-5AAB9694FE59}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{0A47F2A0-B664-43F9-8AB3-5AAB9694FE59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0A47F2A0-B664-43F9-8AB3-5AAB9694FE59}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\hr0005dme.dll
C:\WINDOWS\SYSTEM32\mmjtes40.dll
C:\WINDOWS\SYSTEM32\mvcorier.dll
C:\WINDOWS\SYSTEM32\s2880cluefq80.dll


Granting sedebugprivilege to Järjestelmänvalvojat ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\drsmartload45a7h.exe
C:\dfndref_7.exe
C:\nwnmef_7.exe
C:\kybrdef_7.exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\67VKUP33\drsmartload46a[1].exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\67VKUP33\dfndref_7[1].exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\EDFO9SFQ\kybrdef_7[1].exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\L48NPTOL\drsmartload849a[1].exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\O52R6ZW9\drsmartload45a[1].exe
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\ORTN2E3X\nwnmef_7[1].exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\Documents and Settings\Johannes\Local Settings\Temporary Internet Files\Content.IE5\JR1L9DP6\MTE3NDI6ODoxNg[1].exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-26 11:31:52 29184 ( A.... ) "C:\WINDOWS\system32\ixt3.dll"
2006-07-26 10:59:08 29184 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-07-26 10:59:06 14336 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-07-26 10:58:10 234319 ( ..S.R ) "C:\WINDOWS\system32\jt4007hme.dll"
2006-07-26 10:58:04 234526 ( ..S.R ) "C:\WINDOWS\system32\j4n20e5oeh.dll"
2006-07-26 10:45:52 29696 ( A.... ) "C:\WINDOWS\system32\w00ae435.dll"
2006-07-26 10:45:46 234272 ( ..S.R ) "C:\WINDOWS\system32\atptif.dll"
2006-07-26 10:45:06 234272 ( ..S.R ) "C:\WINDOWS\system32\rBsser.dll"
2006-07-26 10:45:00 1064 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-26 10:45:00 1064 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-26 10:44:54 ( .D... ) "C:\Program Files\TheSearchAccelerator"
2006-07-26 10:44:38 517168 ( A.... ) "C:\ucmoreiex.exe"
2006-07-26 00:22:40 1063 ( A.... ) "C:\WINDOWS\system32\envece25.sys"
2006-07-26 00:22:40 1063 ( A.... ) "C:\WINDOWS\system32\envece25.sys"
2006-07-25 23:41:58 29184 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-07-25 23:22:48 61440 ( A.... ) "C:\WINDOWS\system32\envece25.dll"
2006-07-25 22:21:34 29184 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-07-25 21:55:44 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-25 21:37:02 573492 ( ..... ) "C:\WINDOWS\system32\gebcd.dll"
2006-07-25 21:30:28 ( .D... ) "C:\Program Files\TClock"
2006-07-25 21:30:22 ( .D... ) "C:\Program Files\InetGet2"
2006-07-25 21:29:46 43520 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-07-25 21:27:36 113680 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-07-25 21:27:34 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-25 21:27:34 ( .D... ) "C:\Program Files\Common Files\{987FA270-087B-1035-0819-030501030166}"
2006-07-25 21:27:22 15872 ( A.... ) "C:\WINDOWS\system32\winowl32.dll"
2006-07-25 20:58:54 ( .D... ) "C:\Program Files\QuickTime Alternative"
2006-07-25 20:50:02 ( .D... ) "C:\Program Files\QuickTime"
2006-07-16 01:35:20 47104 ( A.... ) "C:\WINDOWS\system32\KMVIDC32.DLL"
2006-07-08 13:06:34 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\Lavasoft"
2006-07-08 13:06:24 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-07 23:48:10 ( .D... ) "C:\Program Files\ZipCodec"
2006-07-07 23:42:24 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\Apple Computer"
2006-07-07 23:39:16 ( .D... ) "C:\Program Files\iPod"
2006-07-07 23:39:14 ( .D... ) "C:\Program Files\iTunes"
2006-07-07 23:20:42 ( .D... ) "C:\Program Files\Video Converter"
2006-06-24 15:50:54 ( .D... ) "C:\Program Files\Steam"
2006-06-23 16:44:46 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\ubi.com"
2006-06-23 16:44:42 ( .D... ) "C:\Program Files\Common Files\PocketSoft"
2006-06-23 16:44:40 ( .D... ) "C:\Program Files\ubi.com"
2006-06-23 14:32:14 ( .D... ) "C:\Program Files\DAEMON Tools"
2006-06-20 16:57:04 ( .D... ) "C:\Program Files\Ubi Soft"
2006-05-19 16:24:54 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 16:24:54 110592 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 16:24:54 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-04-27 17:49:30 288417 ( A.... ) "C:\WINDOWS\system32\SrchSTS.exe"
2006-02-06 19:46:40 1001 ( A.... ) "C:\Program Files\WS_FTP.LOG"
2005-10-21 20:19:40 629 ( A.... ) "C:\Program Files\F.E.A.R. MP Demo.lnk"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-26 11:31 29’184 C:\WINDOWS\system32\ixt3.dll
2006-07-26 10:58 234’526 C:\WINDOWS\system32\j4n20e5oeh.dll
2006-07-26 10:58 234’319 C:\WINDOWS\system32\jt4007hme.dll
2006-07-26 10:45 29’696 C:\WINDOWS\system32\w00ae435.dll
2006-07-26 10:45 234’272 C:\WINDOWS\system32\rBsser.dll
2006-07-26 10:45 234’272 C:\WINDOWS\system32\atptif.dll
2006-07-26 10:44 517’168 C:\ucmoreiex.exe
2006-07-26 10:44 1’064 C:\WINDOWS\system32\aaa00000.sys
2006-07-25 23:42 29’184 C:\WINDOWS\system32\ixt2.dll
2006-07-25 23:41 29’184 C:\WINDOWS\system32\ixt1.dll
2006-07-25 23:22 61’440 C:\WINDOWS\system32\envece25.dll
2006-07-25 21:36 573’492 C:\WINDOWS\system32\gebcd.dll
2006-07-25 21:29 43’520 C:\WINDOWS\system32\issearch.exe
2006-07-25 21:29 29’184 C:\WINDOWS\system32\ixt0.dll
2006-07-25 21:29 1’063 C:\WINDOWS\system32\envece25.sys
2006-07-25 21:27 15’872 C:\WINDOWS\system32\winowl32.dll
2006-07-25 21:27 14’336 C:\WINDOWS\system32\ismon.exe
2006-07-25 21:27 113’680 C:\WINDOWS\system32\ishost.exe
2006-07-15 21:46 47’104 C:\WINDOWS\system32\KMVIDC32.DLL
2006-07-08 18:10 53’248 C:\WINDOWS\system32\Process.exe
2006-07-08 18:10 42’496 C:\WINDOWS\system32\swreg.exe
2006-07-08 18:10 40’960 C:\WINDOWS\system32\swsc.exe
2006-07-08 18:10 288’417 C:\WINDOWS\system32\SrchSTS.exe
2006-07-07 23:20 877’568 C:\WINDOWS\system32\NCTAudioFile2.dll
2006-07-07 23:20 780’288 C:\WINDOWS\system32\NCTVideoCompress.dll
2006-07-07 23:20 778’240 C:\WINDOWS\system32\NCTAudioCompress2.dll
2006-07-07 23:20 764’416 C:\WINDOWS\system32\NCTRMFile.dll
2006-07-07 23:20 495’104 C:\WINDOWS\system32\NCTVideoCoreM.dll
2006-07-07 23:20 382’464 C:\WINDOWS\system32\NCTAVIFile.dll
2006-07-07 23:20 261’632 C:\WINDOWS\system32\mcdvd_32.dll
2006-07-07 23:20 249’856 C:\WINDOWS\system32\NCTQuickTimeFile.dll
2006-07-07 23:20 215’552 C:\WINDOWS\system32\NCTWMVFile.dll
2006-07-07 23:20 2’846’720 C:\WINDOWS\system32\NCTAudioCompress3.dll
2006-07-07 23:20 188’416 C:\WINDOWS\system32\NCTVideoFile.dll
2006-07-07 23:20 126’464 C:\WINDOWS\system32\lame_enc.dll
2006-06-23 16:44 185’344 C:\WINDOWS\patchw32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\Common\\SWTrayV4.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"MOD"="C:\\Program Files\\Microangelo\\muamgr.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"envece25"="RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"
"kernel32.dll"="C:\\WINDOWS\\system32\\isnotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{987FA270-087B-1035-0819-030501030166}"="\"C:\\Program Files\\Common Files\\{987FA270-087B-1035-0819-030501030166}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: ke 26.07.2006 12:19:09,31
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-26.121202.txt



SmitFraudFix v2.68b

Scan done at 12:23:06,64, ke 26.07.2006
Run from C:\Documents and Settings\Johannes\Ty?p?yt?\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\teller2.chk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johannes\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Johannes\Suosikit

C:\DOCUME~1\Johannes\Suosikit\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of HijackThis v1.99.1
Scan saved at 12:23:38, on 26.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Johannes\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt3.dll
O2 - BHO: (no name) - {F1E82967-871B-4743-A154-32245235FEA8} - C:\WINDOWS\system32\gebcd.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [envece25] RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Tulipa pitkä lista tietoa :o

Mitäs tämän jälkeen olisi viisainta tehdä?
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 08:42 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lähti jo osa :)

Poista ohjauspaneelista (lisää/poista sovellus):

ZipCodec
ToolBar888
TheSearchAccelerator

Hae uusi smitfraudfix ja poista vanha; uusin on 2.75. Pura se työpöydälle

Tämän jälkeen:

Lataa http://www.atribune.org/ccount/click.php?id=4 VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Rastita boksi Run VundoFix as a task.
[*]Saat viestin joka sanoo "Vundofix will close and re-open in a minute or less". Klikkaa OK.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\gebcd.dll
[*]C:\WINDOWS\system32\dcbeg.*
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Poista jos löytyy:

C:\ucmoreiex.exe
C:\WINDOWS\system32\winowl32.dll
C:\WINDOWS\system32\jt4007hme.dll
C:\WINDOWS\system32\j4n20e5oeh.dll
C:\WINDOWS\system32\w00ae435.dll
C:\WINDOWS\system32\atptif.dll
C:\WINDOWS\system32\rBsser.dll

Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Aja combofix uudestaan

Tarkista nämä:

C:\WINDOWS\system32\envece25.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\envece25.sys

täällä -> http://www.virustotal.com/flash/index_en.html ja lähetä tulokset

Lähetä:

- uusi HjT-loki
- C:\rapport.txt
- C:\vundofix.txt
- combofixin loki
- virustotalin tulokset


[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Jonec
Newbie
_ 		26. heinäkuuta 2006 @ 10:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Noniin, nyt on kaikista noista tulokset otettuna. Pahoittelen viivettä, tuli muutama muu kiireellinen asia väliin hoidettavaksi :/

------------------------------------------------------------------------------------------------------------------------------------------------

Start Time= ke 26.07.2006 14:05:34,39
Running from: C:\Documents and Settings\Johannes\Ty?p?yt?

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-26 10:45:00 1064 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-26 10:45:00 1064 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-26 10:44:38 517168 ( A.... ) "C:\ucmoreiex.exe"
2006-07-26 00:22:40 1063 ( A.... ) "C:\WINDOWS\system32\envece25.sys"
2006-07-26 00:22:40 1063 ( A.... ) "C:\WINDOWS\system32\envece25.sys"
2006-07-25 23:22:48 61440 ( A.... ) "C:\WINDOWS\system32\envece25.dll"
2006-07-25 21:55:44 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-25 21:37:02 573492 ( ..... ) "C:\WINDOWS\system32\gebcd.dll"
2006-07-25 21:30:28 ( .D... ) "C:\Program Files\TClock"
2006-07-25 21:30:22 ( .D... ) "C:\Program Files\InetGet2"
2006-07-25 21:27:34 ( .D... ) "C:\Program Files\Common Files\{987FA270-087B-1035-0819-030501030166}"
2006-07-25 20:58:54 ( .D... ) "C:\Program Files\QuickTime Alternative"
2006-07-25 20:50:02 ( .D... ) "C:\Program Files\QuickTime"
2006-07-16 01:35:20 47104 ( A.... ) "C:\WINDOWS\system32\KMVIDC32.DLL"
2006-07-08 13:06:34 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\Lavasoft"
2006-07-08 13:06:24 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-07 23:42:24 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\Apple Computer"
2006-07-07 23:39:16 ( .D... ) "C:\Program Files\iPod"
2006-07-07 23:39:14 ( .D... ) "C:\Program Files\iTunes"
2006-07-07 23:20:42 ( .D... ) "C:\Program Files\Video Converter"
2006-06-24 15:50:54 ( .D... ) "C:\Program Files\Steam"
2006-06-23 16:44:46 ( .D... ) "C:\Documents and Settings\Johannes\Application Data\ubi.com"
2006-06-23 16:44:42 ( .D... ) "C:\Program Files\Common Files\PocketSoft"
2006-06-23 16:44:40 ( .D... ) "C:\Program Files\ubi.com"
2006-06-23 14:32:14 ( .D... ) "C:\Program Files\DAEMON Tools"
2006-06-20 16:57:04 ( .D... ) "C:\Program Files\Ubi Soft"
2006-05-19 16:24:54 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 16:24:54 110592 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 16:24:54 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-04-27 17:49:30 288417 ( A.... ) "C:\WINDOWS\system32\SrchSTS.exe"
2006-02-06 19:46:40 1001 ( A.... ) "C:\Program Files\WS_FTP.LOG"
2005-10-21 20:19:40 629 ( A.... ) "C:\Program Files\F.E.A.R. MP Demo.lnk"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-26 10:44 517’168 C:\ucmoreiex.exe
2006-07-26 10:44 1’064 C:\WINDOWS\system32\aaa00000.sys
2006-07-25 23:22 61’440 C:\WINDOWS\system32\envece25.dll
2006-07-25 21:36 573’492 C:\WINDOWS\system32\gebcd.dll
2006-07-25 21:29 1’063 C:\WINDOWS\system32\envece25.sys
2006-07-15 21:46 47’104 C:\WINDOWS\system32\KMVIDC32.DLL
2006-07-08 18:10 53’248 C:\WINDOWS\system32\Process.exe
2006-07-08 18:10 42’496 C:\WINDOWS\system32\swreg.exe
2006-07-08 18:10 40’960 C:\WINDOWS\system32\swsc.exe
2006-07-08 18:10 288’417 C:\WINDOWS\system32\SrchSTS.exe
2006-07-07 23:20 877’568 C:\WINDOWS\system32\NCTAudioFile2.dll
2006-07-07 23:20 780’288 C:\WINDOWS\system32\NCTVideoCompress.dll
2006-07-07 23:20 778’240 C:\WINDOWS\system32\NCTAudioCompress2.dll
2006-07-07 23:20 764’416 C:\WINDOWS\system32\NCTRMFile.dll
2006-07-07 23:20 495’104 C:\WINDOWS\system32\NCTVideoCoreM.dll
2006-07-07 23:20 382’464 C:\WINDOWS\system32\NCTAVIFile.dll
2006-07-07 23:20 261’632 C:\WINDOWS\system32\mcdvd_32.dll
2006-07-07 23:20 249’856 C:\WINDOWS\system32\NCTQuickTimeFile.dll
2006-07-07 23:20 215’552 C:\WINDOWS\system32\NCTWMVFile.dll
2006-07-07 23:20 2’846’720 C:\WINDOWS\system32\NCTAudioCompress3.dll
2006-07-07 23:20 188’416 C:\WINDOWS\system32\NCTVideoFile.dll
2006-07-07 23:20 126’464 C:\WINDOWS\system32\lame_enc.dll
2006-06-23 16:44 185’344 C:\WINDOWS\patchw32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\Common\\SWTrayV4.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"MOD"="C:\\Program Files\\Microangelo\\muamgr.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"envece25"="RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{987FA270-087B-1035-0819-030501030166}"="\"C:\\Program Files\\Common Files\\{987FA270-087B-1035-0819-030501030166}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: ke 26.07.2006 14:05:51,00
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-26.121202.txt
ComboFix.2006-07-26.140534.txt

------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:04:38, on 26.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Johannes\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [envece25] RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


------------------------------------------------------------------------------------------------------------------------------------------------

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.4

Scan started at 13:08:02 26.7.2006

Listing files found while scanning....

C:\windows\system32\gebcd.dll
C:\windows\system32\dcbeg.ini

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\windows\system32\dcbeg.ini
C:\windows\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------------------------------------------------------------

SmitFraudFix v2.75b

Scan done at 13:58:02,07, ke 26.07.2006
Run from C:\Documents and Settings\Johannes\Ty?p?yt?\SmitfraudFix(2)\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\components\flx?.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------------------------------------------------------------------------------------------------

Complete scanning result of "envece25.dll", received in VirusTotal at 07.26.2006, 12:37:34 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.26.2006 TR/Agent.RL.1
Authentium 4.93.8 07.26.2006 no virus found
Avast 4.7.844.0 07.26.2006 Win32:Trojan-gen. {Other}
AVG 386 07.25.2006 no virus found
BitDefender 7.2 07.26.2006 Trojan.Agent.RL
CAT-QuickHeal 8.00 07.25.2006 no virus found
ClamAV devel-20060426 07.26.2006 no virus found
DrWeb 4.33 07.26.2006 Adware.IEHelper
eTrust-InoculateIT 23.72.78 07.25.2006 Win32/SillyDl.AIM!Trojan
eTrust-Vet 12.6.2309 07.26.2006 no virus found
Ewido 4.0 07.26.2006 Adware.IEHelper
Fortinet 2.77.0.0 07.26.2006 W32/Agent.CCR!tr
F-Prot 3.16f 07.26.2006 no virus found
F-Prot4 4.2.1.29 07.26.2006 no virus found
Ikarus 0.2.65.0 07.26.2006 no virus found
Kaspersky 4.0.2.24 07.26.2006 no virus found
McAfee 4814 07.25.2006 Downloader-AXF
Microsoft 1.1508 07.26.2006 no virus found
NOD32v2 1.1679 07.26.2006 no virus found
Norman 5.90.23 07.26.2006 no virus found
Panda 9.0.0.4 07.25.2006 Adware/DollarRevenue
Sophos 4.07.0 07.26.2006 Troj/Agent-CCR
Symantec 8.0 07.26.2006 Downloader
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.25.2006 no virus found
VBA32 3.11.0 07.26.2006 no virus found
VirusBuster 4.3.7:9 07.25.2006 no virus found

Aditional Information
File size: 61440 bytes
MD5: 314b9344b20094d308535e4ecba310bd
SHA1: a6efc861a8442b304772650d8f855ebb514227a8
packers: UPX

------------------------------------------------------------------------------------------------------------------------------------------------

Complete scanning result of "envece25.sys", received in VirusTotal at 07.26.2006, 12:40:34 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.26.2006 no virus found
Authentium 4.93.8 07.26.2006 no virus found
Avast 4.7.844.0 07.26.2006 no virus found
AVG 386 07.25.2006 no virus found
BitDefender 7.2 07.26.2006 no virus found
CAT-QuickHeal 8.00 07.25.2006 no virus found
ClamAV devel-20060426 07.26.2006 no virus found
DrWeb 4.33 07.26.2006 no virus found
eTrust-InoculateIT 23.72.78 07.25.2006 no virus found
eTrust-Vet 12.6.2309 07.26.2006 no virus found
Ewido 4.0 07.26.2006 no virus found
Fortinet 2.77.0.0 07.26.2006 no virus found
F-Prot 3.16f 07.26.2006 no virus found
F-Prot4 4.2.1.29 07.26.2006 no virus found
Ikarus 0.2.65.0 07.26.2006 no virus found
Kaspersky 4.0.2.24 07.26.2006 no virus found
McAfee 4814 07.25.2006 no virus found
Microsoft 1.1508 07.26.2006 no virus found
NOD32v2 1.1679 07.26.2006 no virus found
Norman 5.90.23 07.26.2006 no virus found
Panda 9.0.0.4 07.25.2006 no virus found
Sophos 4.07.0 07.26.2006 no virus found
Symantec 8.0 07.26.2006 no virus found
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.25.2006 no virus found
VBA32 3.11.0 07.26.2006 no virus found
VirusBuster 4.3.7:9 07.25.2006 no virus found

Aditional Information
File size: 1063 bytes
MD5: 952281d8260f00d414e1a2a96983c9f0
SHA1: 9d3516fabbb3123f6c2824d94f964eb4b9634c9e

------------------------------------------------------------------------------------------------------------------------------------------------

Complete scanning result of "aaa00000.sys", received in VirusTotal at 07.26.2006, 12:43:45 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.26.2006 no virus found
Authentium 4.93.8 07.26.2006 no virus found
Avast 4.7.844.0 07.26.2006 no virus found
AVG 386 07.25.2006 no virus found
BitDefender 7.2 07.26.2006 no virus found
CAT-QuickHeal 8.00 07.25.2006 no virus found
ClamAV devel-20060426 07.26.2006 no virus found
DrWeb 4.33 07.26.2006 no virus found
eTrust-InoculateIT 23.72.78 07.25.2006 no virus found
eTrust-Vet 12.6.2309 07.26.2006 no virus found
Ewido 4.0 07.26.2006 no virus found
Fortinet 2.77.0.0 07.26.2006 no virus found
F-Prot 3.16f 07.26.2006 no virus found
F-Prot4 4.2.1.29 07.26.2006 no virus found
Ikarus 0.2.65.0 07.26.2006 no virus found
Kaspersky 4.0.2.24 07.26.2006 no virus found
McAfee 4814 07.25.2006 no virus found
Microsoft 1.1508 07.26.2006 no virus found
NOD32v2 1.1679 07.26.2006 no virus found
Norman 5.90.23 07.26.2006 no virus found
Panda 9.0.0.4 07.25.2006 no virus found
Sophos 4.07.0 07.26.2006 no virus found
Symantec 8.0 07.26.2006 no virus found
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.25.2006 no virus found
VBA32 3.11.0 07.26.2006 no virus found
VirusBuster 4.3.7:9 07.25.2006 no virus found

Aditional Information
File size: 1064 bytes
MD5: 28eac01ca321c8c946de3e33864fc754
SHA1: 390a53b2154fb43d636670f11e2360056b85ac24


Tässä nyt on melkoinen lista tavaraa, toivottavasti muistin kaikki.. Ainakaan nyt ei ole pop-uppeja poksahdellut eikä epätavallisia juttuja näkynyt. Onkohan homma jo kunnossa vai vieläkö pöpöjä näkyy jossain päin? :)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 10:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Fixaa tämä rivi:

O4 - HKLM\..\Run: [envece25] RUNDLL32.EXE w061ed56.dll,n 001ece240000000a061ed56

1. Lataa
http://swandog46.geekstogo.com/avenger.zip The Avenger (c) työpöydällesi.
[*]Klikkaa Avenger.zip filua avataksesi sen.

2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:
Quote:
Files to delete:
C:\WINDOWS\system32\envece25.dll
C:\WINDOWS\system32\gebcd.dll

Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.[list]
[*]"Script file to execute" alapuolelta valitse "Input Script Manually".
[*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
[*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
[*] Klikkaa Done.
[*] Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
[*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.
[/list]
Avenger tekee automaattisesti seuraavat:
[*] Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa].)
[*] Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
[*] Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
[*] Avenger on myös tehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa, ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.

5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HjT lokin mukana.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Jonec
Newbie
_ 		26. heinäkuuta 2006 @ 11:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä nämä HjT ja Avenger logit:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ulkvopxk

*******************

Script file located at: \??\C:\ewkeipru.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\envece25.dll deleted successfully.
File C:\WINDOWS\system32\gebcd.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 15:15:19, on 26.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TClock\TClock.exe
C:\Documents and Settings\Johannes\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Vieläkö löytyy ongelmakohtia? :)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 11:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Loki on ok, mutta virusmäärän takia aja vielä tuo:

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Jonec
Newbie
_ 		26. heinäkuuta 2006 @ 14:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Haitallisia vai ei?

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, July 26, 2006 6:06:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 26/07/2006
Kaspersky Anti-Virus database records: 209996
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 117154
Number of viruses found: 35
Number of infected objects: 125
Number of suspicious objects: 0
Duration of the scan process: 02:25:55

Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/gebcd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\avenger\backup.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\lakefree.exe/setup.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\lakefree.exe/setup.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\lakefree.exe/setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\lakefree.exe ZIP: infected - 3 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\water.exe/WISE0023.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aq skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\water.exe/WISE0023.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aj skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\water.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.aj skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\water.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\waterfalls.zip/waterfallsetup.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\waterfalls.zip/waterfallsetup.exe Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\waterfalls.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\snowfree.exe/setup.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\snowfree.exe/setup.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\snowfree.exe/setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\snowfree.exe ZIP: infected - 3 skipped
C:\Documents and Settings\Johannes\Työpöytä\backups\backup-20060708-173353-865.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\Documents and Settings\Johannes\Työpöytä\backups\backup-20060708-173353-886.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3DTACTL.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3HISTSW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3RESTUB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3SCHMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3SHLLVW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\Program Files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\Program Files\MyWebSearch\bar\5.bin\M3IDLE.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\Program Files\MyWebSearch\bar\5.bin\M3OUTLCN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\5.bin\M3SKIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q skipped
C:\Program Files\MyWebSearch\bar\5.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP216\A0062222.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP221\A0065526.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP221\A0065527.dll Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0069991.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0069992.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0069995.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ce skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0070019.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0070404.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP224\A0070404.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071158.tlb Infected: Trojan-Downloader.Win32.Zlob.ya skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071191.exe/ACM.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ce skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071191.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071192.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071193.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP225\A0071194.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071207.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071208.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ce skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071550.tlb Infected: Trojan-Downloader.Win32.Zlob.ya skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071556.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071557.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071562.exe Infected: Trojan-Downloader.Win32.Zlob.xn skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071563.exe Infected: Trojan-Downloader.Win32.Zlob.ya skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071565.exe Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071566.tlb Infected: Trojan-Downloader.Win32.Zlob.ya skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071693.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071693.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071693.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071693.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071693.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071696.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071696.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071696.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\A0071696.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\snapshot\MFEX-1.DAT Infected: not-virus:Hoax.Win32.Renos.dw skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP226\snapshot\MFEX-9.DAT Infected: not-a-virus:AdWare.Win32.SaveNow.ce skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073420.dll Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073423.dll Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073425.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073425.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073425.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073425.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073425.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073426.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073428.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073429.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073443.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073444.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073466.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0073469.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075481.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075494.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075495.exe Infected: Trojan-Downloader.Win32.VB.aiv skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075496.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075497.exe Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075498.exe Infected: Trojan-Downloader.Win32.VB.air skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075519.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075520.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075521.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075522.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075569.dll Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075619.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075620.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075621.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075623.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075624.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075652.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped
C:\System Volume Information\_restore{9BE909D5-9D2C-4136-A8EB-5B39B12CC3A4}\RP233\A0075678.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\ucmoreiex.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\ucmoreiex.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\ucmoreiex.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\ucmoreiex.exe ZIP: infected - 3 skipped
C:\ucmoreiex.exe WiseSFX Dropper: infected - 3 skipped
C:\VundoFix Backups\gebcd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\WINDOWS\Sm9oYW5uZXMgS2FhcmFrYWluZW4\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\Sm9oYW5uZXMgS2FhcmFrYWluZW4\__delete_on_reboot__c_o_m_m_a_n_d_._e_x_e_ Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOWS\system32\__delete_on_reboot__m_j_e_x_c_l_4_0_._d_l_l_ Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\__delete_on_reboot__a_c_3___0_0_1_0_._e_x_e_ Infected: Trojan-Downloader.Win32.Small.cyh skipped

Scan process completed.
[ + lainaa]
Mainos
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 14:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Osa on, osa ei :)

Poista ohjauspaneelista(lisää/poista sovellus):

MyWebsearch tms.

Poista:

C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\lakefree.exe
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\water.exe
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\Old\waterfalls.zip
C:\Documents and Settings\Johannes\Omat tiedostot\Rombetta Janilta\ScreenSavers\snowfree.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\MyWebSearch
C:\ucmoreiex.exe
C:\WINDOWS\Sm9oYW5uZXMgS2FhcmFrYWluZW4
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\__delete_on_reboot__m_j_e_x_c_l_4_0_._d_l_l_
C:\__delete_on_reboot__a_c_3___0_0_1_0_._e_x_e_

Tyhjennä:

C:\VundoFix Backups

Tyhjennä järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Skannaa uudelleen kasperskyllä ja lähetä sen raportti.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > omituinen virushomma
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy