HJT logi, VnrBlock, ppcbooster ja p2pmax jotain vielä vikana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:59, on 9.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
G:\DC++\DCPlusPlus.exe
C:\Documents and Settings\Disassembler\Käynnistä-valikko\Ohjelmat\Käynnistys\userinit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\1E6.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8885 bytes


Käynnistykset ja tiedostot kyseisistä tai sitten vain osa niistä poistettu kyseisistä VnrBlock, ppcbooster ja p2pmax mutta jotain vielä jäänyt. Ajettu kone läpi Norton Antiviruksella, F-Secure Online Scannerilla ja AVG 8:lla. SDfixiä en saanut asennettua. Viaksi jäi samantyylinen kuin VnrBlock21:n vika että googlen antamat linkin avaus ei onnistu ja selain ei pääse kaikille sivuille. Myöskin koneen käynnistys ei toimi normaalisti, joutuu käynnistämään "Viimeinen toimiva kokoonpano" jotta winukka käynnistyisi.

PS. Ei onnistu asentaa Combofixiä, koska linkit eivät avaudu eikä saa ladattua muualtakaan mitä yrittänyt. Ja Malwarebytes' Anti-Malware:n asennus ei onnistu, linkki ei toimi tässäkään mutta sain haettua muualta mutta ei suostu asentamaan ja olen lukenut: keskustelu.afterdawn.com/thread_view.cfm/726882

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

===============

että sitä peliä

===============

scannaa hjt:llä merkkaa paina Fix checked

Running processes:
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Disassembler\svchost.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Disassembler\svchost.exe
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)

 

Tuota riviä ei enää löytynyt: "O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll". Ja sitten pitäisiköhän toi C:\WINDOWS\system32\ntos.exe poistaa manuaalisesti? Esim Unlocker:illa?


SDFix: Version 1.230
Run by Disassembler on ti 09.12.2008 at 22:19

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Disassembler\Ty”p”yt„\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Schedule Service Path

Rebooting


Checking Files :

No Trojan Files Found

C:\-18776~1 - Deleted
C:\Documents and Settings\Disassembler\svchost.exe - Deleted
C:\Documents and Settings\LocalService\svchost.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\Disassembler\Local Settings\Temp\utt22.tmp.exe - Deleted
C:\Documents and Settings\Disassembler\Local Settings\Temp\utt5C3.tmp.exe - Deleted
C:\Documents and Settings\Disassembler\svchost.exe - Deleted
C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\userinit.exe - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\drivers\services.exe - Deleted


Could Not Remove C:\WINDOWS\system32\ntos.exe

Folder C:\Documents and Settings\LocalService\Application Data\wsnpoem - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\wsnpoem - Removed


Removing Temp Files

ADS Check :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:44, on 9.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
G:\DC++\DCPlusPlus.exe
C:\Documents and Settings\Disassembler\Käynnistä-valikko\Ohjelmat\Käynnistys\userinit.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\DISASS~1\TYPYT~1\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7734 bytes

 

Mietin tässä että toi " O4 - Startup: userinit.exe " voisi olla joku joka aiheuttaa ongelmia? On koko ajan kytkeytymässä mitä ihmeellisimmille palvelimille....

 

Vedä se fixsaten

O4 - Startup: userinit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Koitas nyt tuota saada tehtyä

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

En tiedä miksei käynnisty kunnolla toi Malwarebytes' Anti-Malware mutta siis tuolla Winukan tehtävien hallinnassa se näkyy prosessit välilehdellä (mbam.exe) muuta ei sitten tapahdukkaan

 

Otetaas sitten

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

================

Niitaas toi pois koneelta

Sunbelt Personal Firewall

C:\Program Files\Sunbelt Personal Firewall

 

Ähh sama homma tälläkin kertaa. Näkyy tuolla tehtävien hallinnassa prosesseissa. Huomasin yhtäläisyyden kuitenkin muistin käytössä, käyttävät saman verran muistia (2212kt)

Mitäs palomuuriksi tuon Sunbeltin poiston jälkeen?

 

Pistä toi vintoosan oma päälle.

==============================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

siintä alimaisesta luukusta ne virukset vain

 

Virus Log Information

File C:\WINDOWS\system32\drivers\services.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\DOCUME~1\DISASS~1\svchost.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\DOCUME~1\DISASS~1\KYNNIS~1\Ohjelmat\KYNNIS~1\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\c20232.exe infected by "P2P-Worm.Win32.Small.au" Virus. Action Taken: File Deleted.
File C:\WINDOWS\gbg033414.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\gncyq5.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\gu58826.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\hw5305.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\nohh06760.exe infected by "Trojan.Win32.Agent.asjk" Virus. Action Taken: File Deleted.
File C:\WINDOWS\vtj708346.exe infected by "Trojan-Downloader.Win32.Agent.aswp" Virus. Action Taken: File Deleted.
File C:\WINDOWS\wuan364443.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\ykgee3362.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSbrsr.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSofxo.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\TDSSqynh.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Tiedostot\Counter-Strike KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\DivX 5.0 Pro KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\FTP Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\IP Nuker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Keylogger.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\L0pht 4.0 Windows Password Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual Basic KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual C++ KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Microsoft Visual Studio KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Norton Anti-Virus 2005 Enterprise Crack.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Password Cracker.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\sdbot with NetBIOS Spread.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\Sub7 2.3 Private.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Tiedostot\UT 2003 KeyGen.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Disassembler\Local Settings\Temporary Internet Files\Content.IE5\W6JEOO7C\wssl712fro[1].exe infected by "Backdoor.Win32.KeyStart.k" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Disassembler\Työpöytä\catchme.zip infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Disassembler\Työpöytä\SDFix\backups\backups.zip infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\svchost.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\gnhfi.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\HijackThis\backups\backup-20081209-235601-802-userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\HijackThis\backups\backup-20081209-235616-450-userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031641.sys infected by "Backdoor.Win32.TDSS.bkw" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031711.dll infected by "Trojan.Win32.Agent.arvz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031712.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031713.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031714.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031775.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031777.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031778.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031796.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031802.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031803.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031804.exe infected by "P2P-Worm.Win32.Small.au" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031805.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031806.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031807.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031808.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031809.exe infected by "Trojan.Win32.Agent.asjk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031810.exe infected by "Trojan-Downloader.Win32.Agent.aswp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031811.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031812.exe infected by "Trojan-Downloader.Win32.VB.iqv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031813.dll infected by "Backdoor.Win32.TDSS.asz" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031814.dll infected by "Backdoor.Win32.TDSS.blh" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031815.dll infected by "Backdoor.Win32.TDSS.atb" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031816.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031817.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031818.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031819.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031820.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031821.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031822.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031823.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031824.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{24F90CB0-576A-4EB5-9DBD-EAD75246F253}\RP127\A0031825.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSc0bb.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSc771.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSScc24.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSd339.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Temp\TDSSd992.tmp infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.
File G:\RegCleaner\Backups\userinit.exe infected by "P2P-Worm.Win32.Agent.hj" Virus. Action Taken: File Deleted.
File H:\CD-Keys\Keymaker for Norton Antivirus 2005\tmg-nav2k5.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\01.Brak Pradu - Rah & Mini (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\03.Spisz Juz - Siv-Kakaroto (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\10.Nieme Kimo - Sliwka Tuitam (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\14.Gdzie Robie Blad - Evah (FCS Records).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\15.Obluda - O.S.T.R. (Tabasko).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\16.Póltora - Bit-Bak (EBS).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\17.Sciezka Dzwiekowa - Haem (PFK Kompany).mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\Borixon - A mialo byc tak pieknie.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\HaKa (Onar, Borixon) - krec Dupa.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Musiikki\Bartos\Sweet Noise & Peja - Jeden taki dzien.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File H:\Ohjelmia\setup regclean 2008.exe tagged as not-a-virus:FraudTool.Win32.SpywareStop.fl. No Action Taken.

 

ajas nyt toi Malwarebytes' Anti-Malware päivitä ensin
lähteekö pelaan

 

Lähti toimimaan. Mitäs seuraavaksi?

Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1482
Windows 5.1.2600 Service Pack 3

10.12.2008 22:05:29
mbam-log-2008-12-10 (22-05-22).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|H:\|)
Tarkistetut kohteet: 163652
Kulunut aika: 1 hour(s), 41 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.

Saastuneita tiedostoja:
C:\Documents and Settings\Disassembler\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxar.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\TDSSb6a8.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbade.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbc17.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSStktu.log (Trojan.TDSS) -> No action taken.

 

5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected

mahtokohan poistaa

=================

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Raportti poistojen jälkeen:


Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1482
Windows 5.1.2600 Service Pack 3

10.12.2008 22:39:38
mbam-log-2008-12-10 (22-39-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|H:\|)
Tarkistetut kohteet: 163652
Kulunut aika: 1 hour(s), 41 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Documents and Settings\Disassembler\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSb6a8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbade.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Disassembler\Local Settings\Temp\TDSSbc17.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStktu.log (Trojan.TDSS) -> Quarantined and deleted successfully.


ComboFix 08-12-09.03 - Disassembler 2008-12-10 22:42:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.87 [GMT 2:00]
Running from: c:\documents and settings\Disassembler\Omat tiedostot\Mozilla lautaukset\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\TDSSmmvj.dat
c:\windows\system32\UCddMUtv.ini
c:\windows\system32\UCddMUtv.ini2
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 22:40 . 2008-12-10 22:40 <KANSIO> d-------- C:\32788R22FWJFW
2008-12-10 20:17 . 2008-12-10 20:17 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Malwarebytes
2008-12-10 20:17 . 2008-12-10 20:17 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 20:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 20:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 18:01 . 2008-12-10 18:01 0 --a------ C:\23990098.$$$
2008-12-10 11:10 . 2008-12-10 11:13 <KANSIO> d-------- C:\Downloads
2008-12-10 11:10 . 2008-12-10 11:13 <KANSIO> d-------- C:\Bases
2008-12-10 01:43 . 2008-12-10 18:08 <KANSIO> d-------- C:\Kaspersky
2008-12-10 01:32 . 2008-12-10 02:29 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-10 01:32 . 2008-12-10 02:29 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 01:06 . 2008-12-10 01:06 116,736 --a------ c:\windows\system32\nvsvc32.dll
2008-12-10 00:57 . 2008-04-14 18:12 1,034,240 --a--c--- c:\windows\system32\dllcache\explorer.exe
2008-12-10 00:57 . 2008-12-10 00:57 116,736 --a------ c:\windows\system32\ntos.dll
2008-12-09 22:16 . 2008-12-09 22:16 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 22:06 . 2008-12-09 22:07 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 17:48 . 2008-12-09 17:48 <KANSIO> dr------- c:\documents and settings\NetworkService\Suosikit
2008-12-09 16:58 . 2008-12-09 17:36 16 --a------ c:\windows\system32\coh.cache
2008-12-09 16:46 . 2008-12-10 02:29 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-09 16:46 . 2008-12-10 02:29 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-09 16:45 . 2008-12-10 02:29 <KANSIO> d-------- c:\program files\Symantec
2008-12-09 16:44 . 2008-12-10 02:32 <KANSIO> d-------- c:\program files\Common Files\Symantec Shared
2008-12-09 16:44 . 2008-12-10 02:28 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-09 16:39 . 2008-12-09 16:39 89,088 --a------ c:\windows\system32\atl71.dll
2008-12-09 15:22 . 2008-12-10 22:39 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Desktopicon
2008-12-09 15:18 . 2008-12-09 15:18 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 15:15 . 2008-12-09 15:15 <KANSIO> d-------- c:\program files\Trend Micro
2008-12-08 22:50 . 2008-12-09 02:19 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-12-08 22:43 . 2008-12-09 15:25 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:35 . 2008-12-08 20:35 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-11-27 16:02 . 2008-11-27 16:15 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\vlc
2008-11-25 19:16 . 2008-11-25 19:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-21 13:00 . 2008-11-21 13:00 <KANSIO> d-------- c:\documents and settings\Disassembler\Application Data\Microsoft Games
2008-11-21 12:43 . 2008-11-21 12:43 32 --a------ c:\windows\CD_Start.INI
2008-11-12 06:08 . 2008-09-04 19:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 06:08 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 23:08 --------- d-----w c:\documents and settings\Disassembler\Application Data\BitTorrent
2008-12-09 22:57 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-12-09 22:33 --------- d-----w c:\program files\Sunbelt Personal Firewall
2008-12-09 20:01 52,825 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-12-09 14:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 13:27 --------- d-----w c:\program files\PeerGuardian2
2008-12-08 23:57 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-08 19:43 --------- d-----w c:\program files\DNA
2008-12-08 19:43 --------- d-----w c:\documents and settings\Disassembler\Application Data\DNA
2008-12-08 17:06 --------- d-----w c:\program files\Windows Desktop Search
2008-12-08 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\eboostr
2008-12-07 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-07 20:29 --------- d-----w c:\documents and settings\Disassembler\Application Data\dvdcss
2008-12-03 22:14 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 14:15 --------- d-----w c:\documents and settings\Disassembler\Application Data\vlc
2008-11-25 17:16 --------- d-----w c:\program files\Java
2008-11-11 22:20 --------- d-----w c:\documents and settings\Disassembler\Application Data\Microgaming
2008-11-01 02:42 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-01 02:42 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-27 20:02 --------- d-----w c:\program files\yodm3D
2008-10-27 11:18 --------- d-----w c:\program files\Mplayer
2008-10-26 18:01 --------- d-----w c:\documents and settings\Disassembler\Application Data\mIRC
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:26 --------- d-----w c:\program files\MSXML 4.0
2008-10-21 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-10-21 19:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-08 06:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Yodm3D"="c:\program files\yodm3D\Yodm3D.exe" [2007-04-21 2343936]
"PeerGuardian"="g:\security\Muita\PeerGuardian2\pg2.exe" [2005-09-18 1382400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-09 84640]
"osCheck"="g:\security\Isot ohjelmat\Norton Antivirus\osCheck.exe" [2008-12-09 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RivaTuner"="g:\rivatuner v2.20\RivaTuner.exe" [2008-11-19 2727936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"g:\\Games\\AoE3\\age3.exe"=
"g:\\Games\\Settlers III\\Settlers3\\s3.exe"=
"g:\\DC++\\DCPlusPlus.exe"=
"g:\\Games\\Quake III Arena\\quake3.exe"=
"g:\\Namo WebEditor 2006\\bin\\WebEditor.exe"=
"g:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"=
"g:\\Lancraft\\lancraft.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32251:TCP"= 32251:TCP:BT1
"32251:UDP"= 32251:UDP:BT2
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{147a4870-9ef4-11dd-904f-00138f0cc8da}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192aee-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192aef-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7192af2-962b-11dd-9048-00138f0cc8da}]
\Shell\AutoRun\command - I:\AutoRun.exe

*Newly Created Service* - ERASERSVC10824
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Disassembler.job
- g:\security\ISOTOH~1\NORTON~1\Navw32.exe [2008-12-09 16:12]

2008-12-08 c:\windows\Tasks\RegClean Scheduled Scan.job
- g:\regclean\RegClean.exe []

2008-12-08 c:\windows\Tasks\RegClean Scheduled Scan.job
- G:\RegClean []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
HKU-Default-Run-winlogon - c:\documents and settings\LocalService\svchost.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000
TCP: {AB645E0A-1A85-4ED2-BE71-3F06E79D9824} = 192.168.0.254

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\fscax.dll - O16 -: {9522589E-57B9-46C5-9A77-1F1C1CCBE550}
file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
FireFox -: Profile - c:\documents and settings\Disassembler\Application Data\Mozilla\Firefox\Profiles\x6fci580.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.trukz.com/login.asp
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - g:\mozilla firefox\plugins\np32dsw.dll
FF -: plugin - g:\mozilla firefox\plugins\npbittorrent.dll
FF -: plugin - g:\mozilla firefox\plugins\npdeploytk.dll
FF -: plugin - g:\mozilla firefox\plugins\npnul32.dll
FF -: plugin - g:\videolan vlc\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:48:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-12-10 23:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 21:00:44

Pre-Run: 11ÿ685ÿ638ÿ144 tavua vapaana
Post-Run: 11,661,959,168 tavua vapaana

225 --- E O F --- 2008-11-12 06:07:38

 

Ota uudestaan tuo sdfix ajo

 

SDFix: Version 1.230
Run by Disassembler on ke 10.12.2008 at 23:35

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Disassembler\Ty”p”yt„\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 23:50:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSkqlg.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSkqlg.sys"
"TDSSl"="\systemroot\system32\TDSSofxo.dll"
"tdssservers"="\systemroot\system32\TDSSmmvj.dat"
"tdssmain"="\systemroot\system32\TDSSbrsr.dll"
"tdsslog"="\systemroot\system32\TDSSqynh.dll"
"tdssadw"="\systemroot\system32\TDSSxfic.dll"
"tdssinit"="\systemroot\system32\TDSSlxar.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSmphc.dll"
"tdsserrors"="\systemroot\system32\TDSSohxm.log"
"TDSSproc"="\systemroot\system32\TDSStktu.log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2871CFB-4094-7869-04E0-29E9F1D21B99}]
"abolcpchnpiefmiegklghaphknjdnpajbj"=hex:61,61,00,00
"bbolcpchnpiefmiegkggllfnpgfgedcjjoao"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"G:\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"G:\\BitTorrent\\bittorrent.exe"="G:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"G:\\Games\\AoE3\\age3.exe"="G:\\Games\\AoE3\\age3.exe:*:Enabled:Age of Empires 3"
"G:\\Games\\Settlers III\\Settlers3\\s3.exe"="G:\\Games\\Settlers III\\Settlers3\\s3.exe:*:Enabled:Siedler3"
"G:\\DC++\\DCPlusPlus.exe"="G:\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"G:\\Games\\Quake III Arena\\quake3.exe"="G:\\Games\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"G:\\Namo WebEditor 2006\\bin\\WebEditor.exe"="G:\\Namo WebEditor 2006\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 2006"
"G:\\Games\\Wolfenstein - Enemy Territory\\ET.exe"="G:\\Games\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"G:\\Lancraft\\lancraft.exe"="G:\\Lancraft\\lancraft.exe:*:Enabled:lancraft"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 18 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 21 Nov 2008 3,415,049 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\185eef7943a91504d68ff066bb71d0d4\BIT20F1.tmp"
Fri 14 Nov 2008 612,208 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\2766600936dfbf9e803279c3aa191b90\BIT20F0.tmp"
Fri 14 Nov 2008 246,351 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c49813f8f29dd0bae08c912ee93f282\BIT20EF.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f48480c3bff7fa275c02353aba158bb\BIT20F7.tmp"
Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BITB.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\541a242ef5b0244099b5f8fe5f67e56d\BIT20F5.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7510764a379c454f8a63fd524057d801\BIT20F6.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84a238717dc2465f6fd0051d97281ba0\BIT20F4.tmp"
Fri 21 Nov 2008 2,131,121 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\916bfa969481cdaef14e1805a5f36838\BIT20EE.tmp"
Wed 10 Dec 2008 6,484,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a230a05628551da48a4372a7fdd80354\BIT20F2.tmp"
Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BITA.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cfda6a5f0253f13aa506464213273105\BIT20F3.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT3.tmp"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:02:07, on 11.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\RivaTuner v2.20\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RivaTuner] "G:\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6973 bytes

 

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

 

Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\ H:\
Result: 3 malware found
TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

Vundo.FBW (virus)

* C:\WINDOWS\SYSTEM32\KINKSXET.INI (Submitted)

Statistics
Scanned:

* Files: 44755
* System: 3481
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

 

ei olut F-Securen online skannerin säädöt niinkuin alla


* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

 

Scanning Report


Thursday, December 11, 2008 09:13:34 - 15:32:28

Computer name: HOMETUS
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\ H:\

------------------------------------------------------------------------


Result: 2 malware found

TrackingCookie.Atdmt
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.Atdmt&orig='disk'>
(spyware)

* System

Vundo.FBW
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Vundo.FBW&orig='disk'>
(virus)

* C:\WINDOWS\system32\kinksxet.ini (Submitted)

------------------------------------------------------------------------


Statistics

Scanned:

* Files: 260540
* System: 3474
* Not scanned: 60

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 1

Files not scanned:

&#65533;-&#65533;

------------------------------------------------------------------------


Options

Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Blacklight: 2.4.1093
* F-Secure Hydra: 2.8.8110, 2008-12-11
* F-Secure Pegasus: 1.20.0, 2008-11-10
* F-Secure AVP: 7.0.171, 2008-12-11

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

------------------------------------------------------------------------