HJT-logi tässäkin - apuva!

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by pogoboy, Jul 18, 2008.

  1. pogoboy

    pogoboy Member

    Joined:
    May 22, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Tässä logi (josta en ymmärrä sitten niin yhtään mitään)... CID-popuppeja pukkaa ja kone on hidas kuin hämäläinen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:10:45, on 18.7.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\SURFFI~1\backweb\1575007\Program\SERVIC~1.EXE
    C:\Program Files\SurffiNet Tietoturva\backweb\1575007\Program\fspex.exe
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\SurffiNet Tietoturva\backweb\1575007\program\fsbwsys.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FSMA32.EXE
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FSMB32.EXE
    C:\Program Files\SurffiNet Tietoturva\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SurffiNet Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\SurffiNet Tietoturva\FSGUI\fsguiexe.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SurffiNet Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SurffiNet Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\SurffiNet Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S16A.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series(2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S186.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [roam slow curb balm] C:\Documents and Settings\All Users\Application Data\Bait cake roam slow\AIM WAY.exe
    O4 - HKLM\..\Run: [BM3bfb54f1] Rundll32.exe "C:\WINDOWS\system32\jasbsvvq.dll",s
    O4 - HKLM\..\Run: [38c8676d] rundll32.exe "C:\WINDOWS\system32\hdeudble.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GPL PROGRAM] C:\DOCUME~1\Antti\APPLIC~1\TONSBA~1\Warn Wave Close.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: orumnet.orum.fi
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://orumnet.orum.fi/webspeed100B/orum/msrdp.cab
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: SurffiNet Tietoturva (BackWeb Plug-in - 1575007) - Unknown owner - C:\PROGRA~1\SURFFI~1\backweb\1575007\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\SurffiNet Tietoturva\backweb\1575007\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SurffiNet Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SurffiNet Tietoturva\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 6980 bytes
     
    pogoboy, Jul 18, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

    1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
    Combofix.exe
    Combofix.exe

    Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    *
     
    yaht, Jul 18, 2008
    #2
  3. pogoboy

    pogoboy Member

    Joined:
    May 22, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:11:37, on 21.7.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SURFFI~1\backweb\1575007\Program\SERVIC~1.EXE
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\SurffiNet Tietoturva\backweb\1575007\program\fsbwsys.exe
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\SurffiNet Tietoturva\Common\FSMA32.EXE
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\SurffiNet Tietoturva\backweb\1575007\Program\fspex.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FSMB32.EXE
    C:\Program Files\SurffiNet Tietoturva\Common\FCH32.EXE
    C:\Program Files\SurffiNet Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\SurffiNet Tietoturva\FWES\Program\fsdfwd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\SurffiNet Tietoturva\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsav32.exe
    C:\Program Files\SurffiNet Tietoturva\FSGUI\fsguiexe.exe
    C:\WINDOWS\system32\verclsid.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SurffiNet Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SurffiNet Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\SurffiNet Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [roam slow curb balm] C:\Documents and Settings\All Users\Application Data\Bait cake roam slow\Build online.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GPL PROGRAM] C:\DOCUME~1\Antti\APPLIC~1\TONSBA~1\Warn Wave Close.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: orumnet.orum.fi
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://orumnet.orum.fi/webspeed100B/orum/msrdp.cab
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: SurffiNet Tietoturva (BackWeb Plug-in - 1575007) - Unknown owner - C:\PROGRA~1\SURFFI~1\backweb\1575007\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\SurffiNet Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\SurffiNet Tietoturva\backweb\1575007\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SurffiNet Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SurffiNet Tietoturva\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7195 bytes




    -----------------------------------------


    Malwarebytes' Anti-Malware 1.22
    Tietokantaversio: 972
    Windows 5.1.2600 Service Pack 2

    14:37:23 21.7.2008
    mbam-log-7-21-2008 (14-37-23).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
    Tarkistetut kohteet: 57894
    Kulunut aika: 29 minute(s), 35 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 5
    Saastuneita rekisteriavaimia: 15
    Saastuneita rekisteriarvoja: 4
    Saastuneita rekisterikohteita: 2
    Saastuneita hakemistoja: 2
    Saastuneita tiedostoja: 34

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\kyfkchwm.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\xxyxXOGY.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\mzowai.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\byXNeFwt.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\vtUmLdeE.dll (Trojan.vundo) -> Unloaded module successfully.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7dd1be7a-9ce5-4abd-b31f-4c25cc805f4e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7dd1be7a-9ce5-4abd-b31f-4c25cc805f4e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e20f3e29-19c0-4121-9592-0f406bb1c6c6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{e20f3e29-19c0-4121-9592-0f406bb1c6c6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.BHO) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.BHO) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtumldee (Trojan.vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38c8676d (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3bfb54f1 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c738f3d2-1891-449d-ae67-d1969094f1df} (Trojan.vundo) -> Delete on reboot.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxxogy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxxogy -> Delete on reboot.

    Saastuneita hakemistoja:
    C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\mzowai.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\xxyxXOGY.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\YGOXxyxx.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\YGOXxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hdeudble.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\elbduedh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kyfkchwm.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\mwhckfyk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mgygmwvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qvwmgygm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rbfpomsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hsmopfbr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUmLdeE.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Antti\Local Settings\Temporary Internet Files\Content.IE5\2P34TKNI\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\Antti\Local Settings\Temporary Internet Files\Content.IE5\2P34TKNI\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Antti\Local Settings\Temporary Internet Files\Content.IE5\GBNZUSHD\kb767887[1] (Trojan.Vundo) -> Delete on reboot.
    C:\Program Files\Common Files\TurvaPC\stm.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{990AE712-7D30-4055-AFB8-4E509D79AA38}\RP249\A0008442.exe (Rogue.PCPrivacyTool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{990AE712-7D30-4055-AFB8-4E509D79AA38}\RP289\A0011350.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{990AE712-7D30-4055-AFB8-4E509D79AA38}\RP290\A0011785.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{990AE712-7D30-4055-AFB8-4E509D79AA38}\RP290\A0011786.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{990AE712-7D30-4055-AFB8-4E509D79AA38}\RP290\A0011792.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\igpurtls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ybqgqipm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdveysdl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\qoMeBssq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkkKbbX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcYrSlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXNeFwt.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\urqNEWqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM3bfb54f1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM3bfb54f1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
     
    pogoboy, Jul 21, 2008
    #3

Share This Page