HJT + muut logit - n.100 troja loytoa - windows lisenssi havisi??

Hei,

Tallasen murheen sain kasiin...

Koneelta loytyi ekassa scannauksessa noin 100 trojan saastuttamaa filea. Malewabyte logi ohessa. Nyt ei enaan skannerit loyda mitaan... olen skannanut safemode ja normaalisti.

Muuten kone nayttaa toimivan ihan suht ok mut Windows vaittaa seuraavaa...

You may be a victim of software counterfeiting. This copy of windows did not pass genuine Windows validation.

Koneen mukana on tullut Windows mutta mitaan Cd ei ole tai muutakaan tietoa asiasta.

Siis onko mitaan tehtavissa.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/22/2009 5:49:01 PM
mbam-log-2009-08-22 (17-49-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143772
Time elapsed: 15 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 41

Memory Processes Infected:
C:\Documents and Settings\Saurabh\winlogon.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\jfxibvc.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36e69ce1-91aa-479e-aa9e-fe58f78771ca} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vfkkhjuo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{36e69ce1-91aa-479e-aa9e-fe58f78771ca} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{18b0e5c2-99cb-11cf-ayx5-00401c648513} (Generic.Bot.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pzcesaku (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pzcesaku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pzcesaku (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36e69ce1-91aa-479e-aa9e-fe58f78771ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netcard (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\jfxibvc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe (Generic.Bot.H) -> Delete on reboot.
C:\jnvcbaox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\yaewfl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\d56tdrf2z44.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saurabh\Local Settings\Temp\749.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\239.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0561137935-6806760125-378334292-6565\wnzip32.exe (Trojan.Dropper) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2518538986-1433761309-669742937-9525\wnzip32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\com.run (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\scvhost.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\scvhost.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Administrator\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saurabh\winlogon.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\User\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netcard.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dp1.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\internet.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.dll (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.EDT (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spec.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ul.dll (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\lyusoqm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saurabh\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\User\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:55 PM, on 8/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\WgaTray.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\Network-IPv6\network.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
c:\windows\astry.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, scvhost.exe
F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe,scvhost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\windows\system32\msxm192z.dll,w
O4 - HKCU\..\Run: [Network IPv6] C:\windows\Network-IPv6\network.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Saurabh\winlogon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1233345715640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233382484453
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\windows\

--
End of file - 7333 bytes

KIITOS

 

Ei tämä nyt puhdas näy olevan !!!

VGA on ollut jo pidemmänaikaa pois = Windows Genuine Advantake

Mene microsoftin sivuille ja suorita siellä aitoustesti.

Asenna sitten XP:n PS3 paketti ja uutta logia.
.

 

Heips,

Koitin netissa vahvistaa Windowsin mutta herjaa minulle että product Key ei tunnisteta ja että on laiton versio.

Kun läppäri on hankittu niin siinnä oli XP valmiina niin ei luulisi että on laiton versio. Kone on kyllä aika apuri Lenovo mutta kumminkin luulisi siinä olevan aito XP sisällä.

Mitä konsteja minulla voisi olla nyt. Minulla ei ole itsellä kuin Vista orginal Windows.

Ja tästä että kone olisi puhdan... niin juu eipä ole =) Vaikka sain kerran puhtaat raportit niin ajattelin scannata varmuudeksi ja löydöksiä oli tietenkin. Koitin myös mennä nettiin ajamaan online Kaspe... mutta ei suostu rullaamaan läpi. Hakee päivitykset melkein loppuu ja sitten herjaa että ei voida hakea enempää ja siihen koko homma sen osalta tyssäsi.

Eli mitkä on mahdollisuudet nyt =S KIITOS!

Wolf

 

XP:n asennus levyt.
Tai jos kovalevyllä on backup

Luukuta koneen myynyttä kauppaa.

Maahantuojan sivuillakin kannattaa käydä.

SRI
.