Tietyt osoitteet blokattu, hidastelee, HJT-loki

Britz · 13.02.2009

Ok. Näytti f-secure löytävän ite 5 noista nyt kun se sai vihdoinkin päivitettyä. Poistan loput ite. KIITOS!

AfterDawn

Hujo · 13.02.2009

Britz

Malwarebytes' Anti-Malware ajo
sdfix ajo
ccleaner ajo

Britz · 13.02.2009

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1756
Windows 5.1.2600 Service Pack 3

13.2.2009 10:33:30
mbam-log-2009-02-13 (10-33-30).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 187962
Kulunut aika: 1 hour(s), 13 minute(s), 45 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 5

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{BC62E95B-B43E-48CE-B409-A1B0F862EEBA}\RP35\A0008000.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BC62E95B-B43E-48CE-B409-A1B0F862EEBA}\RP35\A0008001.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BC62E95B-B43E-48CE-B409-A1B0F862EEBA}\RP35\A0008002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BC62E95B-B43E-48CE-B409-A1B0F862EEBA}\RP35\A0008003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BC62E95B-B43E-48CE-B409-A1B0F862EEBA}\RP35\A0008004.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

sdfix RunThis.bat: Vilauttaa "määritettyä tiedostoa ei löydy" tai jotain.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 11:16:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9c,93,b4,6a,9e,c6,53,0f,15,fb,ac,5f,ed,02,88,78,c0,f0,c3,f4,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,60,e3,b1,73,13,dd,11,56,c2,55,41,fa,d6,39,54,2c,..
"khjeh"=hex:5f,bf,7a,6f,10,b2,4e,61,86,46,00,06,60,58,47,fe,ac,9a,e6,8a,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:08,24,33,b9,5d,1c,17,68,c8,f0,15,4c,a0,74,9a,b5,08,20,85,3e,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,4e,6b,3a,6a,19,59,dd,26,a7,24,2d,f1,36,c9,b0,c1,b4,2b,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqn.dll"
"tdssservers"="\systemroot\system32\TDSSorvd.dat"
"tdssmain"="\systemroot\system32\TDSShrsr.dll"
"tdsslog"="\systemroot\system32\TDSSrtqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhyp.log"
"TDSSproc"="\systemroot\system32\TDSSkkbi.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9c,93,b4,6a,9e,c6,53,0f,15,fb,ac,5f,ed,02,88,78,c0,f0,c3,f4,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,60,e3,b1,73,13,dd,11,56,c2,55,41,fa,d6,39,54,2c,..
"khjeh"=hex:5f,bf,7a,6f,10,b2,4e,61,86,46,00,06,60,58,47,fe,ac,9a,e6,8a,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:08,24,33,b9,5d,1c,17,68,c8,f0,15,4c,a0,74,9a,b5,08,20,85,3e,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,4e,6b,3a,6a,19,59,dd,26,a7,24,2d,f1,36,c9,b0,c1,b4,2b,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSmqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSmqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqn.dll"
"tdssservers"="\systemroot\system32\TDSSorvd.dat"
"tdssmain"="\systemroot\system32\TDSShrsr.dll"
"tdsslog"="\systemroot\system32\TDSSrtqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhyp.log"
"TDSSproc"="\systemroot\system32\TDSSkkbi.log"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

ccleaner ajo: tehty

BLAAH! Vieläkö ne siellä hiippailee?

Hujo · 13.02.2009

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Britz · 14.02.2009

ComboFix 09-02-12.03 - Vieras2 2009-02-14 6:52:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.3007.2480 [GMT 2:00]
Sijainti: c:\documents and settings\Vieras2\Työpöytä\ComboFix.exe
AV: F-Secure Anti-Virus Client Security 6.02 *On-access scanning disabled* (Updated)
FW: F-Secure Anti-Virus Client Security 6.02 *disabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\qmdispatch.dll
c:\windows\system32\TDSSorvd.dat

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-14 to 2009-02-14 )))))))))))))))))
.

2009-02-14 05:53 . 2009-02-14 05:54 <KANSIO> d-------- C:\32788R22FWJFW.0.tmp
2009-02-13 12:17 . 2009-02-13 12:17 <KANSIO> d-------- c:\documents and settings\Vieras2\Contacts
2009-02-13 06:47 . 2009-02-13 06:47 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 06:47 . 2009-02-13 06:47 <KANSIO> d-------- c:\documents and settings\Vieras2\Application Data\Malwarebytes
2009-02-13 06:47 . 2009-02-13 06:47 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 06:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 06:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 06:17 . 2009-02-13 06:17 <KANSIO> d--h----- c:\windows\system32\NtmsData
2009-02-13 04:23 . 2009-02-13 04:23 <KANSIO> d-------- c:\documents and settings\Vieras2\Application Data\GRETECH
2009-02-13 04:21 . 2009-02-13 07:21 <KANSIO> d-------- C:\Kaspersky
2009-02-13 04:21 . 2009-02-13 07:21 <KANSIO> d-------- C:\Downloads
2009-02-13 04:21 . 2009-02-13 07:20 <KANSIO> d-------- C:\Bases
2009-02-13 03:20 . 2009-02-13 03:20 <KANSIO> d-------- c:\program files\CCleaner
2009-02-12 18:21 . 2009-02-12 18:21 <KANSIO> d-------- c:\documents and settings\Heidi\Application Data\Grisoft
2009-02-12 04:18 . 2009-01-18 23:35 15,688 --ah----- c:\windows\system32\lsdelete.exe
2009-02-12 04:13 . 2009-02-12 04:13 <KANSIO> d-------- c:\documents and settings\LocalService\Työpöytä
2009-02-12 04:12 . 2009-01-18 23:30 64,160 --ah----- c:\windows\system32\drivers\Lbd.sys
2009-02-12 04:11 . 2009-02-12 04:11 <KANSIO> d-------- c:\program files\Lavasoft
2009-02-12 04:11 . 2009-02-12 04:12 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-12 04:11 . 2009-02-12 04:11 <KANSIO> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 04:00 . 2009-02-12 04:00 <KANSIO> d-------- c:\documents and settings\Vieras2\Application Data\Grisoft
2009-02-12 04:00 . 2009-02-12 04:00 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-02-12 04:00 . 2007-05-30 14:10 10,872 --ah----- c:\windows\system32\drivers\AvgAsCln.sys
2009-02-12 03:42 . 2009-02-13 05:54 <KANSIO> d-------- c:\documents and settings\Vieras2\Application Data\F-Secure
2009-02-12 03:39 . 2009-01-03 20:39 <KANSIO> d--h----- c:\documents and settings\Vieras2\Verkkoympäristö
2009-02-12 03:39 . 2009-02-13 17:25 <KANSIO> d-------- c:\documents and settings\Vieras2\Työpöytä
2009-02-12 03:39 . 2009-01-03 20:39 <KANSIO> d--h----- c:\documents and settings\Vieras2\Tulostinympäristö
2009-02-12 03:39 . 2009-02-12 03:40 <KANSIO> dr------- c:\documents and settings\Vieras2\Suosikit
2009-02-12 03:39 . 2009-02-13 12:18 <KANSIO> dr------- c:\documents and settings\Vieras2\Omat tiedostot
2009-02-12 03:39 . 2009-01-03 18:44 <KANSIO> d--h----- c:\documents and settings\Vieras2\Mallit
2009-02-12 03:39 . 2009-01-03 20:39 <KANSIO> dr------- c:\documents and settings\Vieras2\Käynnistä-valikko
2009-02-12 03:39 . 2009-02-13 12:17 <KANSIO> d-------- c:\documents and settings\Vieras2
2009-02-12 03:39 . 2008-04-15 14:00 221,184 --ah----- c:\windows\system32\wmpns.dll
2009-02-05 07:14 . 2009-02-05 07:14 <KANSIO> d--h----- c:\windows\Sun
2009-02-05 07:10 . 2009-02-05 07:10 <KANSIO> d-------- c:\program files\Java
2009-02-05 07:10 . 2009-02-05 07:10 410,984 --ah----- c:\windows\system32\deploytk.dll
2009-02-05 07:10 . 2009-02-05 07:10 73,728 --ah----- c:\windows\system32\javacpl.cpl
2009-01-29 23:36 . 2009-01-29 23:36 <KANSIO> d-------- c:\program files\Common Files\INCA Shared
2009-01-29 23:35 . 2003-07-21 05:17 5,174 --ah----- c:\windows\system32\nppt9x.vxd
2009-01-29 23:35 . 2005-01-04 20:43 4,682 --ah----- c:\windows\system32\npptNT2.sys
2009-01-29 21:51 . 2009-01-29 21:51 <KANSIO> d-------- c:\program files\Games-Masters.com
2009-01-25 03:54 . 2009-02-12 01:01 <KANSIO> d-------- c:\program files\Cheat Engine
2009-01-25 03:54 . 2007-12-26 17:30 1,970,176 --ah----- c:\windows\system32\d3dx9.dll
2009-01-25 03:54 . 2007-12-26 17:30 679,936 --ah----- c:\windows\system32\D3DX81ab.dll
2009-01-22 00:18 . 2009-01-29 21:45 <KANSIO> d---s---- c:\program files\Xfire
2009-01-22 00:18 . 2009-01-29 21:45 <KANSIO> d-------- c:\documents and settings\Heidi\Application Data\Xfire
2009-01-22 00:15 . 2009-01-22 00:15 <KANSIO> d-------- C:\AeriaGames
2009-01-21 21:39 . 2002-09-20 15:15 472,396 --ah----- c:\windows\system32\drivers\lvcm.sys
2009-01-21 21:39 . 2002-09-20 15:17 172,032 --ah----- c:\windows\system32\lvcodec2.dll
2009-01-21 21:39 . 2002-09-20 15:18 114,688 --ah----- c:\windows\system32\LVUI2.dll
2009-01-21 21:39 . 2002-09-20 15:16 90,112 --ah----- c:\windows\system32\LVComS.exe
2009-01-21 21:39 . 2002-09-20 15:18 81,920 --ah----- c:\windows\system32\LVUI2RC.dll
2009-01-21 21:39 . 2002-09-20 15:20 69,632 --ah----- c:\windows\system32\lvcoinst.dll
2009-01-21 21:39 . 2002-09-20 15:16 57,344 --ah----- c:\windows\system32\LVComC.dll
2009-01-21 21:39 . 2002-09-20 15:14 12,112 --ah----- c:\windows\system32\drivers\LVUSBSta.sys
2009-01-21 21:39 . 2002-09-20 15:06 10,628 --ah----- c:\windows\system32\lvcoinst.ini
2009-01-21 21:39 . 2009-02-12 04:24 241 --ah----- c:\windows\QSync.INI
2009-01-21 21:38 . 2009-01-21 23:30 <KANSIO> d--h----- c:\windows\msdownld.tmp
2009-01-21 21:38 . 2009-01-21 21:38 <KANSIO> d-------- c:\program files\Windows Media Components
2009-01-21 21:38 . 2009-01-21 21:39 <KANSIO> d-------- c:\program files\Common Files\Logitech
2009-01-21 21:38 . 1998-10-29 16:45 306,688 --ah----- c:\windows\IsUninst.exe
2009-01-21 21:38 . 2009-01-21 21:39 780 --ah----- c:\windows\_delis32.ini
2009-01-21 21:37 . 2009-01-21 21:37 81,920 -r-h----- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-01-21 21:36 . 2009-01-21 21:38 <KANSIO> d-------- c:\program files\Logitech
2009-01-19 22:53 . 2009-02-12 09:40 <KANSIO> d-------- c:\program files\Quick Memory Editor

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 03:48 --------- d-----w c:\program files\LastChaosMal
2009-02-13 00:58 --------- d-----w c:\documents and settings\Heidi\Application Data\F-Secure
2009-02-12 01:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 22:48 --------- d-----w c:\program files\QMacro
2009-01-21 22:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 19:37 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-11 13:45 --------- d-----w c:\program files\Sims2Pack Clean Installer
2009-01-11 13:25 --------- d-----w c:\program files\Reference Assemblies
2009-01-11 13:25 --------- d-----w c:\program files\MSBuild
2009-01-11 11:13 --------- d-----w c:\documents and settings\Heidi\Application Data\DAEMON Tools Lite
2009-01-11 11:11 --------- d-----w c:\documents and settings\Heidi\Application Data\DAEMON Tools Pro
2009-01-11 11:11 --------- d-----w c:\documents and settings\Heidi\Application Data\DAEMON Tools
2009-01-11 11:10 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-11 11:10 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-11 11:10 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-11 11:04 717,296 ---ha-w c:\windows\system32\drivers\sptd.sys
2009-01-10 06:01 --------- d-----w c:\documents and settings\Heidi\Application Data\Ahead
2009-01-07 03:15 --------- d-----w c:\program files\BitLord
2009-01-05 20:51 --------- d-----w c:\program files\AutoIt3
2009-01-05 11:35 --------- d-----w c:\program files\MSXML 4.0
2009-01-03 21:42 --------- d-----w c:\program files\Microsoft Works
2009-01-03 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-01-03 20:50 --------- d-----w c:\program files\ToniArts
2009-01-03 20:47 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-03 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-03 20:44 --------- d-----w c:\program files\Common Files\Ahead
2009-01-03 20:42 --------- d-----w c:\program files\Nero
2009-01-03 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-03 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-01-03 20:15 --------- d-----w c:\program files\GRETECH
2009-01-03 20:15 --------- d-----w c:\documents and settings\Heidi\Application Data\GRETECH
2009-01-03 20:13 --------- d-----w c:\program files\Common Files\Adobe
2009-01-03 18:39 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-03 18:39 --------- d-----w c:\program files\Windows Live
2009-01-03 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-03 17:14 --------- d-----w c:\program files\Analog Devices
2009-01-03 16:58 --------- d-----w c:\program files\Intel
2009-01-03 16:57 --------- d-----w c:\program files\Marvell
2009-01-03 16:53 118,842 ---h--r c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-01-03 16:53 --------- d-----w c:\program files\F-Secure
2009-01-03 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2009-01-03 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2009-01-03 16:47 --------- d-----w c:\program files\microsoft frontpage
2008-12-20 22:47 826,368 ---ha-w c:\windows\system32\wininet.dll
2006-06-23 12:48 32,768 ---ha-w c:\windows\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-13 509784]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Heidi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2006-12-16 2337360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-03 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-01-21 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-01-03 70896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-12 64160]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [2009-01-03 48816]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [2009-01-03 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [2009-01-03 16720]
S0 jscvbw;jscvbw;c:\windows\system32\drivers\mtfg.sys --> c:\windows\system32\drivers\mtfg.sys [?]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2009-01-03 32807]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 06:45]

2009-02-14 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2005-05-24 16:42]
.
.
------- Täydentävä tarkistus -------
.
IE: &Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Vieras2\Application Data\Mozilla\Firefox\Profiles\6jarximq.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 06:56:37
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'lsass.exe'(776)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\fsgk32.exe
c:\program files\F-Secure\common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure\common\FSLAUNCH.EXE
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-14 6:59:32 - kone käynnistettiin uudelleen [Vieras2]
ComboFix-quarantined-files.txt 2009-02-14 04:59:30

Ennen ajoa: 132 930 703 360 tavua vapaana
Ajon jälkeen: 134,007,717,888 tavua vapaana

245 --- E O F --- 2009-02-12 01:02:19

Hujo · 14.02.2009

Tees tuo restooren tyhjennys

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

===========

Lataa GMER ja tallenna se työpöydällesi:

" Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
" Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
" Älä rastita "Show All" boksia skannauksen aikana!
" Kun skannaus on valmis, klikkaa Copy.
" Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
" Liitä loki sitten viestiketjuusi

Britz · 14.02.2009

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-14 08:56:59
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcess [0xBA92A67C]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcessEx [0xBA92A710]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateSection [0xBA92A0C0]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateThread [0xBA929F76]
SSDT spug.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spug.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spug.sys ZwOpenKey [0xBA6A80C0]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xBAF068AC]
SSDT spug.sys ZwQueryKey [0xBA6C7108]
SSDT spug.sys ZwQueryValueKey [0xBA6C6F88]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918C10]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xBAF06812]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwWriteVirtualMemory [0xBA929FF6]

INT 0x73 ? 8A26CBF8
INT 0x73 ? 8A26CBF8
INT 0x73 ? 8A0D8F00
INT 0x73 ? 8A26CBF8
INT 0x83 ? 8A0D8F00
INT 0x84 ? 8A0D8F00
INT 0xA4 ? 8A0D8F00
INT 0xB4 ? 8A26CBF8
INT 0xB4 ? 8A26CBF8
INT 0xB4 ? 8A26CBF8
INT 0xB4 ? 8A26CBF8
INT 0xB4 ? 8A0D8F00
INT 0xB4 ? 8A26CBF8

Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!IoCreateDevice 805758EE 5 Bytes JMP BA928FD0 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
? spug.sys Määritettyä tiedostoa ei löydy. !
PAGENPNP NDIS.SYS!NdisRegisterProtocol BA51E17F 5 Bytes JMP BA928C49 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter BA51E399 5 Bytes JMP BA928EB4 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter BA528642 5 Bytes JMP BA928EE4 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol BA528821 5 Bytes JMP BA928CB0 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets BA52B810 5 Bytes JMP BA92D13A \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest BA52B97B 5 Bytes JMP BA92B578 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend BA52E986 5 Bytes JMP BA92D3FE \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets BA52E9A3 5 Bytes JMP BA92D4D0 \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData BA52E9BE 5 Bytes JMP BA92D25C \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
.text USBPORT.SYS!DllUnload B9E928AC 5 Bytes JMP 8A0D84E0
.text a14l5yeb.SYS B9D1C386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a14l5yeb.SYS B9D1C3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a14l5yeb.SYS B9D1C3C4 3 Bytes [ 00, 70, 02 ]
.text a14l5yeb.SYS B9D1C3C9 1 Byte [ 2E ]
.text a14l5yeb.SYS B9D1C3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spug.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spug.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spug.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spug.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spug.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spug.sys
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a14l5yeb.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A26B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs FSfilter.sys

Device \FileSystem\Fastfat \FatCdrom 89B39500
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\PCI_PNP0956 \Device\00000042 spug.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A192500
Device \Driver\sptd \Device\3135370956 spug.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A192500
Device \Driver\usbehci \Device\USBPDO-2 8A191500
Device \Driver\usbuhci \Device\USBPDO-3 8A192500
Device \Driver\usbuhci \Device\USBPDO-4 8A192500
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-5 8A192500
Device \Driver\usbehci \Device\USBPDO-6 8A191500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A2DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A2DC1F8
Device \Driver\Cdrom \Device\CdRom0 8A0761F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A2DC1F8
Device \Driver\Cdrom \Device\CdRom1 8A0761F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A2DC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{E5A59357-5F70-4330-9CC7-22DF4957115F} 89F6F500
Device \Driver\NetBT \Device\NetbiosSmb 89F6F500
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8A192500
Device \Driver\usbuhci \Device\USBFDO-1 8A192500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B691F8
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbehci \Device\USBFDO-2 8A191500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B691F8
Device \Driver\usbuhci \Device\USBFDO-3 8A192500
Device \Driver\usbuhci \Device\USBFDO-4 8A192500
Device \Driver\Ftdisk \Device\FtControl 8A2DC1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A192500
Device \Driver\usbehci \Device\USBFDO-6 8A191500
Device \Driver\NetBT \Device\NetBT_Tcpip_{6EDD2C49-6D22-428C-ADBC-5059D2AFA76C} 89F6F500
Device \Driver\a14l5yeb \Device\Scsi\a14l5yeb1Port6Path0Target0Lun0 8A072500
Device \Driver\a14l5yeb \Device\Scsi\a14l5yeb1 8A072500
Device \FileSystem\Fastfat \Fat 89B39500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat FSrec.sys

Device \FileSystem\Cdfs \Cdfs 89B38500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x93 0xB4 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0xBF 0x7A 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0x24 0x33 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFB 0x4E 0x6B 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x93 0xB4 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0xBF 0x7A 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0x24 0x33 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFB 0x4E 0x6B 0x3A ...

---- EOF - GMER 1.0.14 ----

Hujo · 14.02.2009

katotaas vielä tuolla kapenskyllä

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

Kirjaudu tai liity jäseneksi

Tietyt osoitteet blokattu, hidastelee, HJT-loki

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Tietyt osoitteet blokattu, hidastelee, HJT-loki

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Britz Member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja