AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 13.3.2025 / 14:17
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > apua kaivataan,vieläkö on viruksia jäljellä
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
apua kaivataan,vieläkö on viruksia jäljellä
  Siirry:
 
Kirjoittaja Viesti
Heppo
Junior Member
_ 		24. elokuuta 2008 @ 14:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Sain koneelle jotain örkkejä, näyttöön tuli kirjautumisvaiheessa sininen ruutu missä teksti "warning your computer.." yms. ajoin seuraavat ohjelmat: Antimalware, sdfix, smitfraud sekä combofix ohjelmat. Netti ei toiminut kun jokin esti sen mutta nyt toimii Ok. Antimalware poisti useita viruksia. Nyt kuitenkin on ongelmana näyttö. Sisäänkirjautumisessa on edelleen sininen tausta(liian kirkas sininen) eikä näytön ajurien asennus onnistu, tai asentaa Nvidian ajurit mutta asetuksissa on MSI valikot, vieläkö jotain kummittelee taustalla.

Ps. Antimalware ei löytänyt mitään uudelleentarkistuksessa.
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		24. elokuuta 2008 @ 14:59 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lähetä noiden käyttämiesi ohjelmien lokit tähän viesti ketjuun.

Combofixin loki löytyy C:/Combofix.txt
SDfix loki löytyy SDfix kansiosta nimeltä Report.txt
Smitfraudin loki löytyy C:\rapport.txt
Antimalwaren loki löytyy kun avaat ohjelman ja menet Lokit kohtaan ja etsi se loki missä se löysi niitä mörkkejä.
[ + lainaa]
Heppo
Junior Member
_ 		24. elokuuta 2008 @ 17:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä lokeja:

ComboFix 08-08-21.02 - juki 2008-08-24 10:12:35.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.743 [GMT 3:00]
Running from: K:\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Omistaja\Cookies\omistaja@metrics.adobe[2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Help\chscxdyv.fy
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvrsul32.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-24 to 2008-08-24 )))))))))))))))))
.

2008-08-24 09:34 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-24 09:28 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-24 08:30 . 2008-08-24 08:30 268 --ah----- C:\sqmdata04.sqm
2008-08-24 08:30 . 2008-08-24 08:30 244 --ah----- C:\sqmnoopt04.sqm
2008-08-23 16:48 . 2008-08-23 16:48 268 --ah----- C:\sqmdata03.sqm
2008-08-23 16:48 . 2008-08-23 16:48 244 --ah----- C:\sqmnoopt03.sqm
2008-08-23 16:39 . 2008-08-23 16:39 268 --ah----- C:\sqmdata02.sqm
2008-08-23 16:39 . 2008-08-23 16:39 244 --ah----- C:\sqmnoopt02.sqm
2008-08-23 16:13 . 2008-08-24 09:21 <KANSIO> d-------- C:\Program Files\SpyNoMore
2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Documents and Settings\juki\Application Data\Malwarebytes
2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-23 16:13 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-23 16:13 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 16:13 . 2008-08-23 16:13 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-08-23 15:12 . 2008-08-24 08:53 14,336 --a------ C:\WINDOWS\system32\OLD3.tmp
2008-08-23 14:20 . 2008-08-23 14:20 268 --ah----- C:\sqmdata01.sqm
2008-08-23 14:20 . 2008-08-23 14:20 244 --ah----- C:\sqmnoopt01.sqm
2008-08-23 13:16 . 2008-08-23 15:36 16,896 --a------ C:\WINDOWS\system32\OLD6.tmp
2008-08-22 17:54 . 2008-08-23 15:53 <KANSIO> d-------- C:\SDFix
2008-08-22 16:51 . 2008-08-22 16:51 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-22 16:47 . 2008-08-22 16:47 268 --ah----- C:\sqmdata00.sqm
2008-08-22 16:47 . 2008-08-22 16:47 244 --ah----- C:\sqmnoopt00.sqm
2008-08-22 15:17 . 2008-08-24 10:08 5,504 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-22 15:13 . 2008-08-24 10:10 <KANSIO> d-------- C:\SmitfraudFix
2008-08-22 15:01 . 2008-08-22 15:01 <KANSIO> d-------- C:\WINDOWS\erunt
2008-08-22 14:06 . 2008-08-22 14:06 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-08-22 14:00 . 2008-08-22 14:00 <KANSIO> d-------- C:\Program Files\Bonjour
2008-08-22 13:45 . 2008-08-22 13:45 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-22 13:45 . 2008-08-22 13:46 334,825 --a------ C:\khadjb.exe
2008-08-22 13:45 . 2008-08-22 13:45 129,024 --a------ C:\oitkxr.exe
2008-08-22 13:45 . 2008-08-22 13:45 98,816 --a------ C:\WINDOWS\system32\das.an
2008-08-22 13:45 . 2008-08-22 13:45 64,000 --a------ C:\WINDOWS\system32\svgm.ck
2008-08-22 13:45 . 2008-08-22 13:45 21,504 --a------ C:\WINDOWS\system32\fmdc.rl
2008-08-13 20:47 . 2008-08-13 20:47 <KANSIO> d-------- C:\Documents and Settings\juki\Application Data\Grisoft
2008-08-13 20:47 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-13 19:28 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 19:27 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 10:04 . 2008-08-23 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-10 10:04 . 2008-08-10 10:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-05 20:05 . 2005-05-14 14:56 176,128 --a------ C:\WINDOWS\system32\nvuide.exe
2008-08-03 17:10 . 2008-08-22 16:16 16 --a------ C:\WINDOWS\system32\coh.cache
2008-08-03 16:06 . 2008-08-03 16:08 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-03 16:06 . 2008-08-03 16:08 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-03 16:06 . 2008-08-03 16:08 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-03 16:06 . 2008-08-03 16:08 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 06:34 --------- d-----w C:\Program Files\Java
2008-08-24 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-24 06:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-22 11:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 10:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-22 10:45 --------- d-----w C:\Program Files\Opera
2008-08-21 10:29 --------- d-----w C:\Program Files\RevConnect
2008-08-19 08:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-08-19 08:41 --------- d-----w C:\Program Files\Ulead Systems
2008-08-19 08:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 19:44 --------- d-----w C:\Program Files\Passware
2008-08-04 20:12 --------- d-----w C:\Program Files\NoAdware5.0
2008-08-03 13:45 --------- d-----w C:\Program Files\WinAce
2008-08-03 13:08 --------- d-----w C:\Program Files\Symantec
2008-08-03 13:07 --------- d-----w C:\Program Files\Norton 360
2008-07-21 19:32 --------- d-----w C:\Program Files\NoteWorthy Composer
2008-07-18 15:16 --------- d-----w C:\Program Files\Nokia
2008-07-18 15:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-07-18 15:14 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-03 10:13 --------- d-----w C:\Program Files\Briggs and Stratton
2008-06-30 19:24 --------- d-----w C:\Program Files\ElcomSoft
2008-06-30 19:16 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2008-06-25 18:29 --------- d-----w C:\Program Files\Diagnose-BK
2008-06-25 17:53 --------- d-----w C:\Program Files\elsawin
2008-06-24 12:00 --------- d-----w C:\Documents and Settings\juki\Application Data\GARMIN
2008-06-01 20:37 852,225,588 ----a-w C:\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys.zip
2006-12-15 15:32 5,120 --sha-w C:\Program Files\Thumbs.db
2006-05-30 10:25 8,795,990 ----a-w C:\Program Files\Ocad8Nimetön.bmp
2005-03-20 19:24 88 ----a-w C:\Documents and Settings\Omistaja\PATCHINFO.BIN
2003-11-24 13:33 12,810 ----a-w C:\Program Files\uninstal.log
2001-10-09 11:00 520,192 ----a-w C:\Program Files\wmplayer.exe
2000-07-28 08:51 8,103 ----a-w C:\Program Files\MD-82_EFHK_LFPG.pln
1998-02-10 15:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
2006-03-10 13:52 90 --sh--w C:\WINDOWS\cnerolf.dat
2006-03-31 18:28 8 --sha-r C:\WINDOWS\system32\14E971F081.sys
2006-05-21 14:11 56 --sh--r C:\WINDOWS\system32\E1517534C7.sys
2008-03-28 16:56 23 --sha-w C:\WINDOWS\system32\febaafb_z.dll
2008-05-15 19:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051520080516\index.dat
.
[color=blue]Infected C:\WINDOWS\system32\user32.dll hex repaired[/color]


(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"Data Secure"="C:\APPS\DataSecure\PBBckupUI.exe" [2005-04-26 12:51 2257408]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 11:42 202088]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-27 17:16 1743808]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 04:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 15:56 405504]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 16:15 189768]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-09 19:40 87336]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 11:19 62760]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 22:21 57344]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-07-20 03:04 118784]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-08-14 22:23 6731312]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-08-23 16:14 1064400]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPX"= PICVideo MJPEG Codec
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.uldx"= C:\PROGRA~1\ULEADS~1\ULEADD~3\ULEADD~1\DivX_UL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 16:12]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 15:21]
R0 Pnp680;SiI 680 ATA Controller;C:\WINDOWS\system32\DRIVERS\pnp680.sys [2007-11-13 23:48]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R1 TSKNF602.SYS;TSKNF602.SYS;C:\WINDOWS\system32\Drivers\TSKNF602.SYS [2006-01-07 22:41]
R1 TSKNF700.SYS;TSKNF700.SYS;C:\WINDOWS\system32\Drivers\TSKNF700.SYS [2006-10-24 16:29]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2008-05-07 16:51]
R2 LcSvrAdm;ELSA Administration Service;d:\elsa\bin\LcSvrAdm.exe [2004-02-17 10:52]
R2 LcSvrDba;ELSA DBA Server;d:\elsa\bin\LcSvrDba.exe [2004-02-17 10:35]
R2 LcSvrHis;ELSA Historie Server;d:\elsa\bin\LcSvrHis.exe [2004-02-17 10:48]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsa\bin\LcSvrKdS.exe [2004-02-17 10:35]
R2 LcSvrPAS;ELSA PASS Server;d:\elsa\bin\LcSvrPas.exe [2004-02-17 10:36]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsa\bin\LcSvrAuf.exe [2004-02-17 10:42]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S1 28cce2b;28cce2b;C:\WINDOWS\system32\drivers\28cce2b.sys []
S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-31 12:49]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3065c6f6-be83-11db-8ae0-00138f4e7632}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{363b26af-0afb-11dc-8b40-00138f4e7632}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f05f-3aef-11dd-852b-00138f4e7632}]
\Shell\AutoRun\command - Navicore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f061-3aef-11dd-852b-00138f4e7632}]
\Shell\AutoRun\command - Navicore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f066-3aef-11dd-852b-00138f4e7632}]
\Shell\AutoRun\command - Navicore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f068-3aef-11dd-852b-00138f4e7632}]
\Shell\AutoRun\command - Navicore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad08b64e-0af8-11dc-8b3f-00138f4e7632}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e17d5c65-a32c-11dc-aea4-00138f4e7632}]
\Shell\AutoRun\command - InstallTomTomHOME.exe

*Newly Created Service* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NVIDIA nTune - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKCU-Run-nmapi32.exe - C:\WINDOWS\system32\system.exe
HKCU-Run-RemoteCenter - (no file)
HKLM-RunOnce-SymLnch - C:\Documents and Settings\juki\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070903\Support\SymLnch\SymLnch.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\juki\Application Data\Mozilla\Firefox\Profiles\sjknrume.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://elisa.net/|http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fi:official|http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fi:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 10:27:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\OLD6.tmp:exe.exe 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\elsa\bin\VSGate.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\saab\Toolbar\EPSIBar.exe
C:\WINDOWS\system32\GRVSA.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-08-24 10:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 07:58:33

Pre-Run: 61,784,555,520 tavua vapaana
Post-Run: 61,179,547,648 tavua vapaana

287 --- E O F --- 2008-08-13 16:44:16




SDFix: Version 1.218
Run by juki on la 23.08.2008 at 14:34

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

Checking Services :


Infected user32.dll Found!

user32.dll File Locations:

"C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll" 577536 02.03.2005 21:20
"C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll" 578560 08.03.2007 18:50
"C:\WINDOWS\$NtServicePackUninstall$\user32.dll" 578048 08.03.2007 18:38
"C:\WINDOWS\$NtUninstallKB890859$\user32.dll" 577536 14.09.2004 17:12
"C:\WINDOWS\$NtUninstallKB925902$\user32.dll" 577536 02.03.2005 21:18
"C:\WINDOWS\ServicePackFiles\i386\user32.dll" 579072 14.04.2008 19:11
"C:\WINDOWS\system32\user32.DLL" 579072 22.08.2008 13:45
"C:\WINDOWS\system32\dllcache\user32.dll" 579072 22.08.2008 13:45

[C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll] 409647243875A2F91BAE81CBEF248CB6
[C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll] 90F1D04938BAE133E2F4D8F7F0FA4FA0
[C:\WINDOWS\$NtServicePackUninstall$\user32.dll] C198EAC972598BE7E61364F7DB3B663D
[C:\WINDOWS\$NtUninstallKB890859$\user32.dll] 44C02BC54D56ED3A685302E91396720A
[C:\WINDOWS\$NtUninstallKB925902$\user32.dll] AEEFA9D983C986E7A8D6D80CA165B93F
[C:\WINDOWS\ServicePackFiles\i386\user32.dll] 9D0A78E87972B880C254241262108232
[C:\WINDOWS\system32\user32.DLL] 180246B7F42E8E954B76CA9DEFB582CD
[C:\WINDOWS\system32\dllcache\user32.dll] 180246B7F42E8E954B76CA9DEFB582CD


[C:\WINDOWS\System32\zngpzcv] 9D0A78E87972B880C254241262108232


Note: SDFix does not repair this file!



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 15:34:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:1f,97,9d,a5,60,bd,92,44,89,81,24,18,3f,a0,d5,f5,d0,87,d8,4c,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\28cce2b]
"ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\28cce2b]
"ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:00c7ee6f
"s2"=dword:fffd2367
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\28cce2b]
"ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\MRxDAV\EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001]
"a0"=hex:20,01,00,00,01,1c,02,41,f7,95,5d,06,a1,89,09,c7,5f,4c,4d,f3,47,..
"ujdew"=hex:05,20,8a,31,fc,5a,26,55,bb,97,45,00,6e,73,fe,9b,00,45,87,d8,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40]
"ujdew"=hex:7b,0c,47,c5,4b,1c,a7,1a,d7,66,44,96,dc,b6,04,35,32,85,2c,72,8e,..

[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41]
"ujdew"=hex:f4,b0,f7,c6,c7,f8,ee,02,15,c0,7d,3c,64,eb,dd,95,09,b3,c5,ff,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"DisableSR"=dword:00000000
"qhpInit_Dlls"="nvrsul32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40F5096-4409-395C-2A89-DD1073EBAFED}]
"iapodgajhifnkcimpa"=hex:69,61,67,61,65,69,66,6b,63,6b,62,6d,6e,62,65,69,6c,67,00,00
"habpjhablnkcmlip"=hex:69,61,67,61,65,69,66,6b,63,6b,62,6d,6e,62,65,69,6c,67,00,00
"ialclgiioileafmkdh"=hex:64,61,61,61,6c,67,69,64,00,e0

scanning hidden files ...

C:\WINDOWS\system32\OLD6.tmp:exe.exe 25088 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Thu 17 May 2007 211 A.SHR --- "C:\BOOT.BAK"
Sun 11 May 2008 168 ..SH. --- "C:\WINDOWS\SCAB61C4B.tmp"
Mon 13 Mar 2006 25 A..H. --- "C:\WINDOWS\sysmf4.dll"
Sun 24 Dec 2006 0 A.SH. --- "C:\Documents and Settings\Cache\Indiv01.tmp"
Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT23.tmp"
Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT28.tmp"
Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT35.tmp"
Sun 15 Jun 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 31 Mar 2006 8 A.SHR --- "C:\WINDOWS\system32\14E971F081.sys"
Sun 21 May 2006 56 ..SHR --- "C:\WINDOWS\system32\E1517534C7.sys"
Fri 28 Mar 2008 23 A.SH. --- "C:\WINDOWS\system32\febaafb_z.dll"
Mon 16 Jun 2008 1,108 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 12 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Cache\Indiv01.tmp"
Thu 14 Apr 2005 76,056 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 14 Apr 2005 5,632 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Tue 28 Sep 1999 794,112 A..H. --- "C:\Program Files\eGames\Nebula Fighter Special Edition\WCSUP.DLL"
Fri 17 Sep 1999 334,848 A..H. --- "C:\Program Files\eGames\Oxide Special Edition\WCDEMO.EXE"
Wed 28 May 2008 28,035 ...H. --- "C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars"
Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv03.tmp"
Thu 1 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02a4f2fd7d9c575c80786d5284ddaf44\BIT4.tmp"
Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39d992caaf2653d2541623883d4da968\BIT2.tmp"
Wed 11 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa5e263db3d19c7c32aedc2969cc4743\BIT36D.tmp"
Wed 20 Apr 2005 832 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Wed 14 Aug 2002 65,088 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\E.EXE"
Wed 14 Aug 2002 64,425 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MODE.COM"
Wed 14 Aug 2002 37,681 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\Net.exe"
Wed 14 Aug 2002 8,513 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\Paralink.com"
Wed 14 Aug 2002 13,770 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 17,043 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 17,791 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 11,491 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 11,786 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 9,190 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 13,360 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 12,567 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 44,640 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 9,692 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 48,641 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 52,225 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 48,223 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 49,015 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 50,175 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 50,405 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom PE3-10Bx\Pe3ndis.exe"
Sun 7 Sep 2003 0 ...H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 14 Aug 2002 53,786 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\IBMDOS.COM"

Finished!


SmitFraudFix v2.339

Scan done at 10:08:50,29, su 24.08.2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juki


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juki\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\juki\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="c:\\windows\\system32\\userinit.exe"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1078
Windows 5.1.2600 Service Pack 3

16:38:53 23.8.2008
mbam-log-08-23-2008 (16-38-53).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 74980
Kulunut aika: 12 minute(s), 11 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 6

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\WINDOWS\system32\hgGvvVlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Virantix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\28cce2b.sys (Rootkit.Agent) -> Delete on reboot.
C:\accq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcpp4j0ee51.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
[ + lainaa]
Mainos
_ 		__
 
_
Heppo
Junior Member
_ 		27. elokuuta 2008 @ 22:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Olen nyt kahden päivän aikana ajanut erilaisia tarkistusohjelmia lävitse nyt kaikki tuntuu toimivan Ok, mutta kirjautumisvaiheessa loginruudun väri on jotenkin liian kirkkaan sininen. Tarkistusohjelma eivät löytäneet uusia tartuntoja. Virus oli kopioinut neljälle kiintolevylle jonkin kansion sekä autorun.exe tiedoston. Nämä on poistettu. Tuota HJT lokia en ole ehtinyt tutkia olisiko siinä vielä jotain. Jännä juttu on tuo win Xp:n hidas käynnistyminen, suoritinteho ei ole kuin 25% luokkaa mutta kiintolevy raksuttaa tiheästi ja käynnistyminen tuntuu kestävän noin 3 min. Taustalla on norton 360, mikä kyllä syö tehoja koneesta.
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > apua kaivataan,vieläkö on viruksia jäljellä
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy