|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
TR/Vundo.Gen ja TR/Dldr.ConHook.Gen poisto?
|
|
|
succa
Junior Member
|
16. syyskuuta 2008 @ 07:40 |
Linkki tähän viestiin
|
Elikkä tuommoiset virukset/troijalaiset pitäis saada pois koneelta ja joku porno/netti virus on kanssa, kun parilla sivulla fontit ovat perseellään ja Google vie aina PornTubeen....mutta siis hjt-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:08, on 16.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rewlsup/WinInstaller
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [\YUR6D.exe] C:\Windows\system32\YUR6D.exe
O4 - HKLM\..\Run: [\YUR6E.exe] C:\Windows\system32\YUR6E.exe
O4 - HKLM\..\Run: [\YUR6F.exe] C:\Windows\system32\YUR6F.exe
O4 - HKLM\..\Run: [\YUR70.exe] C:\Windows\system32\YUR70.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\YUR6D.exe] C:\Windows\system32\YUR6D.exe
O4 - HKCU\..\Run: [\YUR6E.exe] C:\Windows\system32\YUR6E.exe
O4 - HKCU\..\Run: [\YUR6F.exe] C:\Windows\system32\YUR6F.exe
O4 - HKCU\..\Run: [\YUR70.exe] C:\Windows\system32\YUR70.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 4944 bytes
Muut ohjelmat kuten Spybot, Anvira AntiVir ja Ad-Aware löysivät nuo, ja niitä olen koittanut poistella, mikään avuksi nuolle vundo ja troijan hevoselle ja kaikki viruksen torjunta ohjelmat ovat sanoneet että "poistettu" ja bootin jälkeen jo uusi scannaus ja samat tulokset!!
Joo ei!
|
Senior Member
4 tuotearviota
|
16. syyskuuta 2008 @ 13:16 |
Linkki tähän viestiin
|
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
succa
Junior Member
|
16. syyskuuta 2008 @ 15:20 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1160
Windows 5.1.2600 Service Pack 2
16.9.2008 15:18:15
mbam-log-2008-09-16 (15-18-15).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 68803
Kulunut aika: 10 minute(s), 40 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 2
Saastuneita rekisteriavaimia: 9
Saastuneita rekisteriarvoja: 9
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 15
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\WINDOWS\system32\xxyywvSk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcBsTJD.dll (Trojan.Vundo) -> Delete on reboot.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149f11bc-d5bf-4491-b94e-c72fb081f35d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcbstjd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{149f11bc-d5bf-4491-b94e-c72fb081f35d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acf1b8b7-14b7-4006-b7c9-c9a25772285f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{acf1b8b7-14b7-4006-b7c9-c9a25772285f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{149f11bc-d5bf-4491-b94e-c72fb081f35d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur70.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur70.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyywvsk.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyywvsk.dll -> Delete on reboot.
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\efcBsTJD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyywvSk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kSvwyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kSvwyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\heikki\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mIRC\keygen.exe (Backdoor.GF) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\heikki\Local Settings\Temp\s1408.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Joo ei!
|
|
succa
Junior Member
|
16. syyskuuta 2008 @ 15:35 |
Linkki tähän viestiin
|
ComboFix 08-09-15.02 - heikki 2008-09-16 15:26:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.253 [GMT 3:00]
Running from: C:\Documents and Settings\heikki\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\adLVycfe.ini
C:\WINDOWS\system32\adLVycfe.ini2
C:\WINDOWS\system32\VxELlUtv.ini
C:\WINDOWS\system32\VxELlUtv.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 15:05 . 2008-09-16 15:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 15:05 . 2008-09-16 15:05 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\Malwarebytes
2008-09-16 15:05 . 2008-09-16 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 15:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 15:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 08:53 . 2008-09-16 08:53 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2008-09-16 07:28 . 2008-09-16 07:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-15 18:14 . 2008-09-15 21:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 18:14 . 2008-09-15 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:46 . 2008-09-15 18:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-15 17:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 17:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 17:45 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 17:45 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-15 17:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-15 17:45 . 2008-09-14 18:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 17:45 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-15 17:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-15 17:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-15 17:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-14 20:06 . 2008-09-14 20:06 <DIR> d-------- C:\Program Files\Opera
2008-09-14 19:59 . 2008-09-14 19:59 <DIR> d-------- C:\Program Files\CCleaner
2008-09-14 19:08 . 2008-09-14 19:08 65 --a------ C:\WINDOWS\system32\206e5826
2008-09-13 21:29 . 2008-09-15 09:12 <DIR> d-------- C:\Program Files\mIRC
2008-09-13 17:45 . 2008-09-13 17:50 <DIR> d-------- C:\Program Files\Magic MP3 Tagger
2008-09-13 14:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-13 14:34 . 2008-09-13 14:34 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-13 14:33 . 2008-09-13 14:33 <DIR> d-------- C:\Program Files\MSBuild
2008-09-13 14:30 . 2008-09-13 14:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-13 14:29 . 2008-09-15 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-13 14:28 . 2008-09-13 14:28 <DIR> dr-h----- C:\MSOCache
2008-09-12 17:59 . 2008-09-12 17:59 <DIR> d-------- C:\Program Files\Canon
2008-09-12 17:59 . 2008-09-12 18:00 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\Canon
2008-09-12 17:44 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-12 17:44 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 17:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-12 17:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-12 17:40 . 2008-09-12 17:40 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-09-12 17:39 . 2008-09-12 17:39 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-12 17:39 . 2008-09-12 17:39 <DIR> d--h----- C:\Program Files\CanonBJ
2008-09-12 17:39 . 2007-03-23 16:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL
2008-09-12 17:39 . 2008-02-06 05:00 216,064 --a------ C:\WINDOWS\system32\CNMLM8S.DLL
2008-09-12 17:39 . 2007-03-19 10:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL
2008-09-12 17:39 . 2007-03-15 14:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL
2008-09-12 17:39 . 2007-03-23 16:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL
2008-09-12 14:48 . 2008-09-12 14:48 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-08 17:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-08 17:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-08 17:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 19:26 . 2008-09-08 07:49 <DIR> d-------- C:\Documents and Settings\heikki\Contacts
2008-09-07 19:23 . 2008-09-07 19:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-07 19:17 . 2008-09-07 19:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-07 19:16 . 2008-09-07 19:22 <DIR> d-------- C:\Program Files\Windows Live
2008-09-07 19:16 . 2008-09-07 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 13:36 . 2008-09-07 13:42 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-09-07 13:32 . 2008-09-07 13:32 <DIR> d-------- C:\Program Files\Fraps
2008-09-07 13:32 . 2008-09-15 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 13:29 . 2008-09-07 13:30 <DIR> d-------- C:\Program Files\Wow Model Viewer
2008-09-07 13:26 . 2008-09-07 19:15 <DIR> d-------- C:\Program Files\Unlocker
2008-09-07 13:26 . 2008-09-07 13:26 <DIR> d-------- C:\Program Files\ATI Technologies
2008-09-07 13:26 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-07 13:25 . 2008-09-07 13:25 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\vlc
2008-09-07 13:25 . 2008-09-07 13:25 <DIR> d-------- C:\ATI
2008-09-07 11:56 . 2008-09-07 11:56 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-07 11:47 . 2008-09-07 11:47 <DIR> d---s---- C:\Documents and Settings\heikki\UserData
2008-09-07 11:28 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-07 10:33 . 2008-09-13 18:34 <DIR> d-------- C:\Heikki
2008-09-07 10:18 . 2008-09-07 13:43 <DIR> d-------- C:\Pelit
2008-09-07 09:52 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-07 09:52 . 2008-06-13 16:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-07 09:49 . 2008-09-11 16:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-06 23:35 . 2008-09-16 15:30 <DIR> d-------- C:\Program Files\Steam
2008-09-06 23:35 . 2008-09-06 23:35 <DIR> d-------- C:\Program Files\DNA
2008-09-06 23:35 . 2008-09-06 23:35 <DIR> d-------- C:\Program Files\BitTorrent
2008-09-06 23:35 . 2008-09-06 23:43 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\DNA
2008-09-06 23:35 . 2008-09-14 18:38 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\BitTorrent
2008-09-06 23:34 . 2008-09-06 23:34 <DIR> d-------- C:\Program Files\Avatar Sizer
2008-09-06 23:34 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-09-06 23:34 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-09-06 23:32 . 2008-09-06 23:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-06 23:32 . 2004-08-04 07:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-06 23:31 . 2008-09-15 16:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-06 23:31 . 2008-09-06 23:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-06 23:31 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-06 23:29 . 2008-09-06 23:29 <DIR> d-------- C:\Program Files\VLC
2008-09-06 23:28 . 2008-09-06 23:28 <DIR> d-------- C:\Program Files\PowerISO
2008-09-06 23:28 . 2008-09-15 09:12 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\mIRC
2008-09-06 23:27 . 2008-09-06 23:27 <DIR> d-------- C:\Program Files\Java
2008-09-06 23:27 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-06 23:25 . 2008-09-06 23:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-06 23:21 . 2008-09-06 23:21 <DIR> d-------- C:\Program Files\foobar2000
2008-09-06 23:21 . 2008-09-16 15:28 <DIR> d-------- C:\Documents and Settings\heikki\Application Data\foobar2000
2008-09-06 23:19 . 2008-09-06 23:19 <DIR> d-------- C:\Program Files\Avira
2008-09-06 23:19 . 2008-09-06 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-06 23:18 . 2008-09-14 18:47 <DIR> d-------- C:\Program Files\Ad-Aware
2008-09-06 23:18 . 2008-09-06 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 23:17 . 2008-09-06 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-06 23:17 . 2008-09-06 23:17 <DIR> d-------- C:\Program Files\7-Zip
2008-09-06 22:41 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-09-06 22:40 . 2008-09-06 22:40 <DIR> d-------- C:\Documents and Settings\heikki\WINDOWS
2008-09-06 22:40 . 2003-06-18 16:48 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-06 22:39 . 2008-09-06 22:39 <DIR> d-------- C:\Program Files\VIA Technologies, Inc
2008-09-06 22:39 . 2002-10-24 14:25 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-09-06 22:39 . 2002-11-13 17:34 10,496 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-09-06 22:39 . 2002-10-24 16:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-09-06 22:38 . 1998-11-13 13:05 306,688 --a------ C:\WINDOWS\IsUn040b.exe
2008-09-06 22:37 . 2008-09-06 22:37 <DIR> d-------- C:\Program Files\VIA
2008-09-06 22:31 . 2008-09-07 13:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-06 22:31 . 2008-09-06 22:31 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-09-06 22:30 . 2008-09-07 13:25 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-06 22:22 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-06 22:22 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-06 22:22 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-06 22:22 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-09-06 22:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-06 22:21 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:25 --------- d-----w C:\Documents and Settings\heikki\Application Data\vlc
2008-09-06 18:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2001-11-23 09:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-09-06 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-06-20 18:53 1056768 C:\Program Files\VIA\RAID\raid_tool.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Pelit\\World of Warcraft\\Launcher.exe"=
"C:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Pelit\\Paintball2\\paintball2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\pussuca\\counter-strike\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
- - - - ORPHANS REMOVED - - - -
BHO-{1031BE1D-1B78-4BB1-919D-792AA0E9EC0D} - (no file)
BHO-{149F11BC-D5BF-4491-B94E-C72FB081F35D} - (no file)
BHO-{4D6CFF98-02C1-44B5-8DA6-130727C413B2} - (no file)
BHO-{500E2E9B-5F03-4EBA-AD41-EE7551EF59BB} - (no file)
BHO-{CE9DE3DE-725E-4059-9DB9-14D4E4F13190} - C:\WINDOWS\system32\vtUlLExV.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-efcBsTJD - (no file)
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://g.live.com/1rewlsup/WinInstaller
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 15:29:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-16 15:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 12:32:01
Pre-Run: 97,650,024,448 bytes free
Post-Run: 97,635,397,632 bytes free
224 --- E O F --- 2008-09-15 06:09:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:52, on 16.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rewlsup/WinInstaller
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 4984 bytes
Joo ei!
|
|
succa
Junior Member
|
16. syyskuuta 2008 @ 15:56 |
Linkki tähän viestiin
|
|
Tossako oli? Ainakaan mikää virus scanneri mitää valittanut, jo oli niin sä oot jumala sano mun sanoneen, kun kerran mikää maksullinen ohjelmakaan pystynyt noita poistamaan!!
Joo ei!
|
Senior Member
4 tuotearviota
|
16. syyskuuta 2008 @ 18:56 |
Linkki tähän viestiin
|
|
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************
Tuo viellä sitten on ok :D
|
|
succa
Junior Member
|
16. syyskuuta 2008 @ 22:35 |
Linkki tähän viestiin
|
|
Kiitos todella paljon...virukset lähtivät ja ei enää muuta p*skaa koneellani! Ja tuo sama juttu ajaa myös kaikentapaiset viirukset madot, troijalaiset sun muut? Mutta kiitos vielä avustasi nyt ei ole viiruksia ja netti selain kunnossa ja kaikki virus scannerit sanovat ettei ole huolta ja eipä noita TR/Vundo.Gen ja TR/Dldr.ConHook.Gen enään löydy...kiitos vielä kerran :D
Joo ei!
|
|
Mainos
|
|
|
|
resseri
Newbie
|
25. marraskuuta 2008 @ 12:25 |
Linkki tähän viestiin
|
|
Mahtava mies tuo yaht !
Muitakin poisto ohjelmia/ohjeita oli mutta tämä oli paras .
Kiitos ja kumarrus!
|
|
