Hacktool:Hacktool/HideItX

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:05, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Mam2Pan] Mam2Pan.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

--
End of file - 6603 bytes

 

jep se oli ok,joko sait järjestelmä palautuksen tyhjennetty

 

Joo sain palautuksen tyhjennettyä. Suuret kiitokset ja kumarrukset Tomatolle jelpistä. Skannasin kuitenkin varmuuden vuoksi uudelleen ja edelleen f-secure löytää samoja viruksia. Lisäsin koneeseen aseman D: jolta löytyi jotain, mutta myös edelleen samoja vanhoja? Laitan seuraavaan viestiin skannaus raportin.

 

Scanning Report
Thursday, November 15, 2007 03:36:01 - 11:49:34

Computer name: ANNEN-N90GXNI2T
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ H:\ L:\ M:\
Result: 17 malware found
Ehijda.A (virus)

* C:\Documents and Settings\J�rjestelm�nvalvoja\Ty�p�yt�\vst\KX_Modulad.zip\KX_Modulad\KX-MODULAD-setup.exe

Harnig.gen1 (virus)

* D:\ceelt�\ohjelmat2\BSplayer.Pro.v1.20.815.Incl.Keygen-TSZ\tszbsp12.zip\keygen.exe
* D:\ceelt�\ohjelmat2\BSplayer.Pro.v1.20.815.Incl.Keygen-TSZ\tszbsp12\keygen.exe (Submitted)
* L:\ceelt�\vst\Progress Audio ShapeShifter v1.0\Keygen.exe (Submitted)
* L:\poltto\vst\Progress.Audio.ShapeShifter.VST.v1.0.inc.Key-dAz 11.22.05 original\Progress Audio ShapeShifter v1.0.rar\Progress Audio ShapeShifter v1.0\Keygen.exe
* L:\poltto\vst\Progress.Audio.ShapeShifter.VST.v1.0.inc.Key-dAz 11.22.05 original\Progress Audio ShapeShifter v1.0\Keygen.exe (Submitted)

SDBot.gen8 (virus)

* L:\System Volume Information\_restore{D542C3A4-090C-4E20-BC5C-09D4AC7566DE}\RP222\A0028133.exe (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System

W32/Malware.XZZ (virus)

* L:\torrent downloads\Replay Media Catcher 2.10 + Crack\crack\foff_patch.exe (Submitted)

Statistics
Scanned:

* Files: 500230
* System: 4236
* Not scanned: 679

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 15
* Submitted: 5

Files not scanned:

* 8d
x
�AGEFILE.SYS C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\FIDBOX.DAT
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{03341252-8F5B-42F0-92B6-F57DFAAA3148}.BIN
* C:\PROGRAM FILES\VST\INSTRUT\BASS SYNTHS & 303 CLONES\TRI2KTABLESM.DAT
* C:\PROGRAM FILES\IMAGE-LINE\FL STUDIO 7\PLUGINS\FRUITY\GENERATORS\DIRECTWAVE\DIRECTWAVE.CFG
* C:\PROGRAM FILES\CYCLING '74\PLUGGO\DEVELOPMENT MATERIALS\P2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\MATRIXDEFAULTBKGND.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\MATRIXDEFAULTCELL.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\SLIDERDEFAULTBKGND.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\SLIDERDEFAULTKNOB.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\ARROWS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BANDPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BLACK2X2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BLACKSQUARE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\DRAW.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\GRAY SQUARE 2X2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\HIPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\HISHELF.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\KNOB.BLACK2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LFO.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LFO2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LOPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LOSHELF.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\NOTCH.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SAWDOWN.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SAWUP.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SINE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SQUARE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SWIRL.PICT
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R00
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R01
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R02
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R03
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R04
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R05
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R06
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R07
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R08
* C:\DOWNLOA(
�
OS

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-14
* F-Secure AVP: 7.0.171, 2007-11-15
* F-Secure Orion: 1.2.37, 2007-11-14
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0602-150-72
* F-Secure Pegasus: 1.19.0, 2007-10-12

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

:O
en näe tässä mitään järkeä,sen mukaan mitä saa poistettua viruksia niin
sinä lataat niitä lisää koneelle
Eli aika turhaa tää......

 

Oisko mitään ideaa? Virustorjunnan & palomuurin vaihto? Viimeisenä vaihtoehtona taitaa olla levyjen alustus ja winukan uusiksi asennus mikä ei nyt nappaa kauheasti. En kyllä käsitä mistä virukset latautuvat uudestaan. Mahdollisesti joku asennettu ohjelma koneessa?

 

Voisiko mahdollisesti syynä olla tuo pandan löytämä Hacktool/HideItX jota f-secure ei tunnu löytävän?

 

kokeilaan vähän tehokkaampi scanneri...

* Lataa Dr.Web Cureit työpöydällesi: Dr.Web

• Tupla klikkaa drweb-cureit.exe ja anna ohjelman tehdä *muistin- /koneen pikatarkistus.
  (tämä on vain lyhyt tarkistus)
• Kun tarkistus on valmis, pistä ruksi kohtaan *Complete scan*.
• Klikkaa vihreää nuolta Dr.Web:in logon alta ,jotta tarkistus käynnistyy.
• Kun tarkistus on loppu. Paina *select all*-nappia. Sen jälkeen paina *move*-nappia.
• Kohteet siirtyvät karanteeniin seuraavaan %userprofile%\DoctorWeb\quarantine-hakemistoon.
• Avaa Dr.Webin työkalurivistä *file* ja paina *Save report list*
• Tallenna raportti työpöydälle.Tallenna se nimellä *DrWeb*.
• Sulje Dr.web.
• Käynnistä kone uudelleen !!Jotta valitut tiedostot poistetaan/siirretään käynnistyksen yhteydessä, karanteeniin.
• Kun olet uudelleen käynnistänyt tietokoneesesi, liitä Dr.Web-lokin, sisältö seuraavaan vastaukseesi.

 

Process.exe;C:\RECYCLER\S-1-5-21-57989841-287218729-839522115-500\Dc5\SDFix\apps;Tool.Prockill;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0023129.msi;M:\System Volume Information\_restore{D542C3A4-090C-4E20-BC5C-09D4AC7566DE}\RP199;Program.Folding;Moved.;

 

moi
ilmeisesti tuo tohtori poisti sen sieltä palautuksesta
tee uusi skannaus pandalla ja lähetä loki

 

Taitaa olla ihan turhaa koko homma. F-secure löytää edelleen 8 virusta.

 

Sähkökatkos hävitti skannaus raportin, mutta eiköhän ne samat pöpöt löydy uudella skannaus kerrallakin.

 

niin varmaan löytää,ne on ne keyge.exe tiedostot mutta ne ei ole aktiivisia jos et mene klikkaa niitä
ja sitten f-secure uudestaan ja raportti tänne

poista kansiot:
J:\CEELT?\VST\PROGRESS AUDIO SHAPESHIFTER V1.0
D:\ceelt?\ohjelmat2\BSplayer.Pro.v1.20.815.Incl.Keygen-TSZ
L:\torrent downloads\Replay Media Catcher 2.10 + Crack

 

Scanning Report
Saturday, November 17, 2007 06:08:40 - 13:52:16

Computer name: ANNEN-N90GXNI2T
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ H:\ L:\ M:\
Result: 9 malware found
Harnig.gen1 (virus)

* L:\poltto\vst\Progress.Audio.ShapeShifter.VST.v1.0.inc.Key-dAz 11.22.05 original\Progress Audio ShapeShifter v1.0.rar\Progress Audio ShapeShifter v1.0\Keygen.exe
* L:\poltto\vst\Progress.Audio.ShapeShifter.VST.v1.0.inc.Key-dAz 11.22.05 original\Progress Audio ShapeShifter v1.0\Keygen.exe (Submitted)
* L:\Recycled\Dl2.0\Keygen.exe (Submitted)

SDBot.gen8 (virus)

* L:\System Volume Information\_restore{D542C3A4-090C-4E20-BC5C-09D4AC7566DE}\RP222\A0028133.exe (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System

W32/Malware.XZZ (virus)

* L:\System Volume Information\_restore{C30F9B8B-4746-40AA-B601-7CFD7750E4B5}\RP4\A0002463.exe (Submitted)

Statistics
Scanned:

* Files: 503501
* System: 4250
* Not scanned: 678

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 8
* Submitted: 4

Files not scanned:

H

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-15
* F-Secure AVP: 7.0.171, 2007-11-16
* F-Secure Orion: 1.2.37, 2007-11-16
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-10-30
* F-Secure Pegasus: 1.19.0, 2007-10-15

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

keygen tiedostot näyttää olevan pop,älä ihmettele miksi sun kone on täynnä örkkejä XD

Poista:
L:\poltto\vst\Progress.Audio.ShapeShifter.VST.v1.0.inc.Key-dAz 11.22.05 original


Tyhjennä roskakori

puhdista järjestelmän palautus

 

Juu täytyy välttää noita keygen tiedostoja. Yhtä örkkiä en meinaa saada millään tapettua. Ilmeisestikin se on siellä järjestelmän palautuksessa. Muita ei sitten f-secure enää löydäkään. Elikkäs scan report.

 

Scanning Report
Wednesday, November 21, 2007 03:52:03 - 10:37:45

Computer name: ANNEN-N90GXNI2T
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ H:\ L:\ M:\
Result: 3 malware found
SDBot.gen8 (virus)

* L:\System Volume Information\_restore{D542C3A4-090C-4E20-BC5C-09D4AC7566DE}\RP222\A0028133.exe (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 553921
* System: 4194
* Not scanned: 678

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 1

Files not scanned:

* ??v
`qx
AGEFILE.SYS C:\WINDOWS\TEMP\CCH~3FEBED1F7DE4.HTP
* C:\WINDOWS\TEMP\CCH~3FEBF0ADA899.HTP
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\FIDBOX.DAT
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\PROGRAM FILES\VST\INSTRUT\BASS SYNTHS & 303 CLONES\TRI2KTABLESM.DAT
* C:\PROGRAM FILES\IMAGE-LINE\FL STUDIO 7\PLUGINS\FRUITY\GENERATORS\DIRECTWAVE\DIRECTWAVE.CFG
* C:\PROGRAM FILES\CYCLING '74\PLUGGO\DEVELOPMENT MATERIALS\P2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\MATRIXDEFAULTBKGND.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\MATRIXDEFAULTCELL.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\SLIDERDEFAULTBKGND.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\SLIDERDEFAULTKNOB.PCT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\ARROWS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BANDPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BLACK2X2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\BLACKSQUARE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\DRAW.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\GRAY SQUARE 2X2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\HIPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\HISHELF.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\KNOB.BLACK2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LFO.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LFO2.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LOPASS.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\LOSHELF.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\NOTCH.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SAWDOWN.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SAWUP.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SINE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SQUARE.PICT
* C:\PROGRAM FILES\COMMON FILES\CYCLING '74\PLUGGO SUPPORT\PLUGGO SUPPORTING FILES\JHNO-SUPPORT\SWIRL.PICT
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R00
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R01
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R02
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R03
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R04
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R05
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R06
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R07
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R08
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R09
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R10
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R11
* C:\DOWNLOADS\WAVES.MERCURY.BUNDLE.VST.DX.RTAS.V5.0-AIR\A-WMB50.R1zl

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-19
* F-Secure AVP: 7.0.171, 2007-11-21
* F-Secure Orion: 1.2.37, 2007-11-20
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-10-30
* F-Secure Pegasus: 1.19.0, 2007-10-19

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your

 

Putsaa järjestelmän palautus:
1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone Vikasietotilaan!!!
8. Skanaa kone omalla virustorjuntaohjelmalla
9. Käynnistä kone uudelleen
10.Palauta asetukset takaisin

 

Millaista virustorjunta/palomuuri yhdistelmää suosittelet? Tuntuu että Kaspersky (kuukauden ilmainen trial) ei löydä koneestani mitään pöpöjä.

 

testien mukaan antivir on paras ja palomuuri zonealarm tai comodo