Moi, Tää vittumainen virus/troija on jotenkin ihmeellisesti päässyt mun koneelleni ja sotkee siinä netin. Kirjotan tänne viestiä nyt vanhalta koneelta, koska pääsen saastuneella koneellani vain muutamille sivuille. Eli en pääse afterdawniin, en googleen jne. Kaikkee mahdollista oon jo yrittänyt siinä. Ensin vedin nortonilla full system scannin ja se löys jotain paskaa, mutta ei sitä infostealer.gampassia, josta se aina välillä vinee. Ad-awaree on käyttänyt ja sekin löys jotain paskaa ja poisti ne, mutta eipä löytänyt tätä infostealeria. Sitten spy-bottia koitin äsken ja se löys kans jotain uusia viruksia, jotain trojanvundo.dll, tjsp. No poistin ne mut eipä auttanut. HJT:n vedin läpi ja logi tarkastettiin mutta ei siinä mitään ollu. No jo on perkele virus *******! Millee tän sais pysyvästi pois?
Hahaa, nyt kun käynnistin koneen uudelleen niin spybot scannas koneen vielä uudelleen ja poisti jotain. Nyt pääsen taas kaikille sivuille, mutta ilmoittelen jos tulee ongelmia.
Virtumonde... se on vaivannut kokoajan. Sen pystyy poistamaan tolla spybotilla, mutta uusiutuu aina. Nyt on ilmenny semmosia ongelmia, et esim. automaattiset päivitykset toimi. http://keskustelu.suomi24.fi/show.f...ce=4500000000000628&posting=22000000035734997 ^melkein samanlainen ongelma kun minulla. Noudatan nyt ton Fix.Fix:in ohjeita, joilla toi sai sen poistettua. Tartten kuitenkin teiän apua noitten logien tunnistamiseen, kun ei pakosti oo aivan sama virus kun linkin henkilöllä. Combofix logi: ComboFix 08-08-23.03 - Yhteinen 2008-08-24 5:23:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.2437 [GMT 3:00] Running from: H:\Documents and Settings\Yhteinen\Työpöytä\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . H:\WINDOWS\BM972c7a6f.txt H:\WINDOWS\BM972c7a6f.xml H:\WINDOWS\cookies.ini H:\WINDOWS\system32\abhuvugr.dll H:\WINDOWS\system32\actskn43.ocx H:\WINDOWS\system32\ajrcimev.exe H:\WINDOWS\system32\aovhlsol.ini H:\WINDOWS\system32\axgamwyj.exe H:\WINDOWS\system32\beoxvnmu.dll H:\WINDOWS\system32\bkjveuym.ini H:\WINDOWS\system32\bqyrcp.dll H:\WINDOWS\system32\btgrkxqk.exe H:\WINDOWS\system32\cfawpgcx.dll H:\WINDOWS\system32\cowitujk.dll H:\WINDOWS\system32\csysyahu.exe H:\WINDOWS\system32\cvphanwh.dll H:\WINDOWS\system32\dbjgjtsw.dll H:\WINDOWS\system32\drvufv.dll H:\WINDOWS\system32\ecuvpejx.exe H:\WINDOWS\system32\EgNmmnmp.ini H:\WINDOWS\system32\EgNmmnmp.ini2 H:\WINDOWS\system32\epfaifna.dll H:\WINDOWS\system32\etswgavw.dll H:\WINDOWS\system32\fbwfrinl.dll H:\WINDOWS\system32\fkfunydr.dll H:\WINDOWS\system32\fonpeagj.exe H:\WINDOWS\system32\frbpkhkk.exe H:\WINDOWS\system32\gqgiapda.ini H:\WINDOWS\system32\gtvopwio.ini H:\WINDOWS\system32\hkxlibpo.dll H:\WINDOWS\system32\hnyotwct.ini H:\WINDOWS\system32\hricaf.dll H:\WINDOWS\system32\idivljir.exe H:\WINDOWS\system32\ikealxwp.dll H:\WINDOWS\system32\inuxnolm.exe H:\WINDOWS\system32\kfnbcxoo.ini H:\WINDOWS\system32\kjxqfe.dll H:\WINDOWS\system32\kwjgecfu.dll H:\WINDOWS\system32\kwpjwfwg.ini H:\WINDOWS\system32\kvqqhqxc.dll H:\WINDOWS\system32\kvxnhw.dll H:\WINDOWS\system32\lgsvqbiv.ini H:\WINDOWS\system32\mcrh.tmp H:\WINDOWS\system32\myuevjkb.dll H:\WINDOWS\system32\nhpxyx.dll H:\WINDOWS\system32\nlmhnetr.dll H:\WINDOWS\system32\nopuopuc.exe H:\WINDOWS\system32\nwoqbwmv.dll H:\WINDOWS\system32\ooxcbnfk.dll H:\WINDOWS\system32\pfvqrrrn.dll H:\WINDOWS\system32\pmnmmNgE.dll H:\WINDOWS\system32\ppodxq.dll H:\WINDOWS\system32\pwtkyltr.dll H:\WINDOWS\system32\qnbatftm.exe H:\WINDOWS\system32\rdynufkf.ini H:\WINDOWS\system32\rgixflgv.exe H:\WINDOWS\system32\rlovtweo.exe H:\WINDOWS\system32\sprlht.dll H:\WINDOWS\system32\sqsnvjwx.dll H:\WINDOWS\system32\tcwtoynh.dll H:\WINDOWS\system32\tfboigfa.exe H:\WINDOWS\system32\tuvuSIBT.dll H:\WINDOWS\system32\tuxekkci.dll H:\WINDOWS\system32\udqaopuw.ini H:\WINDOWS\system32\ugrcpame.dll H:\WINDOWS\system32\ukcltovq.exe H:\WINDOWS\system32\umnvxoeb.ini H:\WINDOWS\system32\wahjwafb.ini H:\WINDOWS\system32\vblobbfd.exe H:\WINDOWS\system32\vhnnba.dll H:\WINDOWS\system32\vibqvsgl.dll H:\WINDOWS\system32\vmwbqown.ini H:\WINDOWS\system32\wsskujsb.dll H:\WINDOWS\system32\wstjgjbd.ini H:\WINDOWS\system32\wupoaqdu.dll H:\WINDOWS\system32\wvagwste.ini H:\WINDOWS\system32\wvvlqo.dll H:\WINDOWS\system32\vyoknh.dll H:\WINDOWS\system32\xcgpwafc.ini H:\WINDOWS\system32\xhqmzn.dll H:\WINDOWS\system32\xoereqqr.dll H:\WINDOWS\system32\yijvxgli.dll H:\WINDOWS\system32\ykgexj.dll H:\WINDOWS\system32\zlxlqz.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-24 to 2008-08-24 ))))))))))))))))) . 2008-08-24 05:23 . 2008-08-24 05:23 6,736 --a------ H:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-08-24 04:46 . 2008-08-24 04:46 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-08-24 04:33 . 2008-08-24 12:32 60,416 --a------ H:\WINDOWS\system32\antiwpa.dll 2008-08-24 01:15 . 2008-08-24 04:06 <KANSIO> d-------- H:\Documents and Settings\J„rjestelm„nvalvoja 2008-08-23 22:39 . 2008-08-23 23:53 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\dvdcss 2008-08-23 14:16 . 2008-08-23 14:16 <KANSIO> d-------- H:\WINDOWS\system32\Futuremark 2008-08-23 14:16 . 2004-10-25 20:02 21,664 --a------ H:\WINDOWS\system32\drivers\Entech.sys 2008-08-23 14:16 . 1999-11-02 10:01 6,173 --a------ H:\WINDOWS\system32\drivers\Entech.vxd 2008-08-23 14:16 . 2004-06-22 15:44 5,632 --a------ H:\WINDOWS\system32\drivers\Entech64.sys 2008-08-23 14:16 . 2001-11-19 19:05 3,972 --a------ H:\WINDOWS\system32\drivers\PciBus.sys 2008-08-23 14:15 . 2008-08-23 14:15 <KANSIO> d-------- H:\Program Files\Futuremark 2008-08-16 17:45 . 2008-08-17 17:54 <KANSIO> d-------- H:\Program Files\sXe Injected 2008-08-16 17:38 . 2008-08-17 19:36 <KANSIO> d-------- H:\Program Files\Counter-Strike 1.6 V31 2008-08-16 10:47 . 2008-08-16 10:47 2,560 --a------ H:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-08-15 23:47 . 2008-08-15 23:47 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\atitray 2008-08-15 23:46 . 2008-08-15 23:46 <KANSIO> d-------- H:\Program Files\Ray Adams 2008-08-15 23:39 . 2008-08-15 23:39 <KANSIO> d-------- H:\Program Files\RivaTuner v2.09 2008-08-15 23:11 . 2004-03-09 00:00 212,240 --a------ H:\WINDOWS\system32\richtx32.OCX 2008-08-15 23:11 . 2004-03-09 00:00 124,688 --a------ H:\WINDOWS\system32\MSWINSCK.ocx 2008-08-13 21:58 . 2008-08-13 21:58 111 --a------ H:\WINDOWS\AISmooth.INI 2008-08-13 19:52 . 2008-08-13 19:52 <KANSIO> d-------- H:\Program Files\FS Water Configurator 2008-08-13 19:16 . 2008-08-13 19:16 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\Symantec 2008-08-13 19:13 . 2008-08-13 19:13 <KANSIO> d-------- H:\Program Files\Windows Sidebar 2008-08-13 19:12 . 2008-08-13 19:14 <KANSIO> d-------- H:\Program Files\Norton Internet Security 2008-08-13 19:10 . 2008-08-13 19:27 123,952 --a------ H:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-13 19:10 . 2008-08-13 19:27 60,800 --a------ H:\WINDOWS\system32\S32EVNT1.DLL 2008-08-13 18:50 . 2008-08-13 18:50 <KANSIO> d-------- H:\Documents and Settings\All Users\Symantec Temporary Files 2008-08-13 18:49 . 2008-08-13 18:49 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\AOPSettings 2008-08-11 21:09 . 2008-08-11 21:09 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\Ventrilo 2008-08-11 21:08 . 2008-08-11 21:12 <KANSIO> d-------- H:\Program Files\VentSrv 2008-08-11 21:07 . 2008-08-11 21:07 <KANSIO> d-------- H:\Program Files\Ventrilo 2008-08-11 15:30 . 2008-08-11 15:43 <KANSIO> d-------- H:\Program Files\HiFiUninstaller 2008-08-11 15:30 . 2008-08-11 15:40 <KANSIO> d-------- H:\Program Files\HiFi 2008-08-11 15:30 . 2008-08-11 15:40 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\HiFi 2008-08-10 23:50 . 2008-08-10 23:50 <KANSIO> d-------- H:\Program Files\FSAutoStart 2008-08-10 23:50 . 2008-08-10 23:52 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\FSAutoStart 2008-08-10 13:30 . 2008-08-22 23:39 931 --a------ H:\WINDOWS\wininit.ini 2008-08-10 13:13 . 2008-08-10 13:13 <KANSIO> d-------- H:\Program Files\Spybot - Search & Destroy 2008-08-10 13:13 . 2008-08-10 14:53 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-09 23:59 . 2008-08-09 23:59 <KANSIO> d-------- H:\Program Files\LanHelper 2008-08-09 23:59 . 2008-07-28 11:00 97,792 --a------ H:\WINDOWS\msspr.exe 2008-08-09 18:33 . 2006-09-11 11:56 526,184 --a------ H:\WINDOWS\system32\XceedCry.dll 2008-08-09 18:33 . 2006-12-21 15:18 497,496 --a------ H:\WINDOWS\system32\XceedZip.dll 2008-08-09 18:03 . 2008-08-17 13:07 <KANSIO> d-------- H:\Program Files\Enigma Software Group 2008-08-09 12:33 . 2008-08-09 12:33 <KANSIO> d-------- H:\Program Files\Trend Micro 2008-08-08 23:43 . 2008-08-08 23:43 <KANSIO> d-------- H:\Program Files\Lavasoft 2008-08-08 23:43 . 2008-08-11 21:08 <KANSIO> d-------- H:\Program Files\Common Files\Wise Installation Wizard 2008-08-08 23:43 . 2008-08-08 23:44 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-07 16:34 . 2008-08-24 05:21 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\foobar2000 2008-08-07 01:37 . 2008-08-07 01:37 <KANSIO> d-------- H:\Program Files\TrueCrypt 2008-08-07 01:37 . 2008-08-07 01:47 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\TrueCrypt 2008-08-07 01:37 . 2008-08-07 01:37 235,840 --a------ H:\WINDOWS\system32\drivers\truecrypt.sys 2008-08-07 01:04 . 2008-08-21 17:59 <KANSIO> d-------- H:\Program Files\mIRC 2008-08-07 01:04 . 2008-08-21 18:20 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\mIRC 2008-08-06 18:26 . 2008-08-06 18:26 8,646,494 --a------ H:\Documents and Settings\Yhteinenvlc-0.8.6e-win32.7z 2008-08-06 18:25 . 2008-08-06 18:28 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\vlc 2008-08-06 18:24 . 2008-08-06 18:24 <KANSIO> d-------- H:\Program Files\VideoLAN 2008-08-06 18:17 . 2008-08-06 18:18 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\Media Player Classic 2008-08-06 18:05 . 2008-08-06 18:05 <KANSIO> d-------- H:\Program Files\Haali 2008-08-06 03:26 . 2008-08-06 03:26 42,320 --a------ H:\WINDOWS\system32\xfcodec.dll 2008-08-06 01:08 . 2008-08-06 01:08 <KANSIO> d-------- H:\Program Files\AC3Filter 2008-08-06 01:08 . 2008-07-09 11:05 421,888 --a------ H:\WINDOWS\system32\ac3filter.acm 2008-08-05 15:28 . 2008-08-05 15:28 <KANSIO> d-------- H:\Program Files\EIZO 2008-08-05 15:27 . 2008-08-05 15:27 <KANSIO> d-------- H:\Documents and Settings\NetworkService\Application Data\Xfire 2008-08-05 01:15 . 2008-08-05 01:15 <KANSIO> d-------- H:\Program Files\OpenAL 2008-08-05 01:15 . 2006-12-14 21:47 782,336 -ra------ H:\WINDOWS\system32\tmp1CF.tmp 2008-08-05 01:15 . 2008-08-05 01:15 409,600 --a------ H:\WINDOWS\system32\wrap_oal.dll 2008-08-05 01:15 . 2008-08-23 14:17 86,016 --a------ H:\WINDOWS\system32\OpenAL32.dll 2008-08-05 01:11 . 2008-08-05 01:11 <KANSIO> d-------- H:\Program Files\Bohemia Interactive 2008-08-03 21:28 . 2008-08-03 21:38 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\COWON 2008-08-03 20:57 . 2008-08-07 18:30 <KANSIO> d-------- H:\Program Files\foobar2000 2008-08-02 23:11 . 2008-08-21 03:56 <KANSIO> d-------- H:\Program Files\Xfire 2008-08-02 23:11 . 2008-08-13 19:08 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\Xfire 2008-08-01 15:56 . 2008-08-01 15:56 <KANSIO> d-------- H:\Program Files\DVD Decrypter 2008-07-31 01:40 . 2008-07-31 01:56 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\gtk-2.0 2008-07-31 01:39 . 2008-07-31 01:39 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\.thumbnails 2008-07-31 01:38 . 2008-07-31 01:38 <KANSIO> d-------- H:\Program Files\GIMP-2.0 2008-07-31 01:38 . 2008-07-31 01:56 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\.gimp-2.4 2008-07-31 01:35 . 2008-07-31 01:35 <KANSIO> d-------- H:\Program Files\IrfanView 2008-07-31 01:35 . 2008-07-31 01:36 <KANSIO> d-------- H:\Program Files\Google 2008-07-30 22:42 . 2004-09-14 16:11 159,232 --a------ H:\WINDOWS\system32\ptpusd.dll 2008-07-30 22:42 . 2004-08-03 22:58 15,104 --a------ H:\WINDOWS\system32\drivers\usbscan.sys 2008-07-30 22:42 . 2004-08-03 22:58 15,104 --a--c--- H:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-30 22:42 . 2001-10-05 16:31 5,632 --a------ H:\WINDOWS\system32\ptpusb.dll 2008-07-27 00:28 . 2008-07-27 00:28 319 --a------ H:\WINDOWS\game.ini 2008-07-27 00:23 . 2008-07-27 00:23 <KANSIO> d-------- H:\Program Files\Activision 2008-07-27 00:21 . 2008-07-27 00:21 <KANSIO> d--hs---- H:\WINDOWS\ftpcache 2008-07-26 22:45 . 2008-07-26 22:46 <KANSIO> d-------- H:\Flight One Software 2008-07-26 22:35 . 2008-08-02 11:36 2,048 --a------ H:\WINDOWS\lvld67.lic 2008-07-26 11:12 . 2008-08-16 16:53 69 --a------ H:\WINDOWS\NeroDigital.ini 2008-07-26 01:39 . 2008-07-26 01:39 <KANSIO> dr-h----- H:\Documents and Settings\Yhteinen\Application Data\SecuROM 2008-07-26 01:39 . 2008-07-26 01:39 107,888 --a------ H:\WINDOWS\system32\CmdLineExt.dll 2008-07-26 01:37 . 2008-07-26 01:37 <KANSIO> d-------- H:\WINDOWS\system32\URTTEMP 2008-07-26 01:32 . 2008-08-05 14:46 136,888 --a------ H:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-26 01:32 . 2008-07-27 00:28 22,328 --a------ H:\Documents and Settings\Yhteinen\Application Data\PnkBstrK.sys 2008-07-26 01:25 . 2008-07-26 01:25 <KANSIO> d-------- H:\Program Files\Electronic Arts 2008-07-26 00:18 . 2008-07-26 00:18 <KANSIO> d--h----- H:\WINDOWS\PIF 2008-07-25 15:34 . 2007-07-30 19:19 271,224 --a------ H:\WINDOWS\system32\mucltui.dll 2008-07-25 15:34 . 2007-07-30 19:18 30,072 --a------ H:\WINDOWS\system32\mucltui.dll.mui 2008-07-25 14:26 . 2008-08-09 12:37 <KANSIO> d-------- H:\Program Files\FileSubmit 2008-07-25 14:26 . 2008-07-25 14:26 <KANSIO> d-------- H:\Program Files\Duhiki 2008-07-25 13:00 . 2008-07-25 13:00 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\Ulead Systems 2008-07-25 11:32 . 2008-07-25 11:32 61 ---hs---- H:\WINDOWS\cnerolf.dat 2008-07-25 10:45 . 2008-07-25 10:45 <KANSIO> d-------- H:\Program Files\Common Files\Adobe AIR 2008-07-25 10:45 . 2008-07-25 10:45 <KANSIO> d-------- H:\Program Files\Common Files\Adobe 2008-07-25 10:07 . 2008-07-25 10:07 <KANSIO> d-------- H:\Program Files\Windows Media Components 2008-07-25 10:07 . 2008-07-25 10:07 <KANSIO> d-------- H:\Program Files\Common Files\InterVideo 2008-07-25 10:07 . 2008-07-25 10:07 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\InterVideo 2008-07-25 10:07 . 2007-03-06 11:58 210,456 --a------ H:\WINDOWS\system32\IVIresizeW7.dll 2008-07-25 10:07 . 2007-03-06 11:58 206,360 --a------ H:\WINDOWS\system32\IVIresizeA6.dll 2008-07-25 10:07 . 2007-03-06 11:58 198,168 --a------ H:\WINDOWS\system32\IVIresizeP6.dll 2008-07-25 10:07 . 2007-03-06 11:58 198,168 --a------ H:\WINDOWS\system32\IVIresizeM6.dll 2008-07-25 10:07 . 2007-03-06 11:58 194,072 --a------ H:\WINDOWS\system32\IVIresizePX.dll 2008-07-25 10:07 . 2007-03-06 11:58 26,136 --a------ H:\WINDOWS\system32\IVIresize.dll 2008-07-25 10:06 . 2008-07-25 10:07 <KANSIO> d-------- H:\Program Files\Common Files\Ulead Systems 2008-07-25 10:06 . 2008-07-25 13:00 <KANSIO> d-------- H:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-07-25 10:05 . 2008-07-25 10:06 <KANSIO> d-------- H:\Program Files\Ulead Systems 2008-07-25 02:56 . 2008-07-25 02:56 <KANSIO> d-------- H:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-25 02:55 . 2008-07-25 02:55 <KANSIO> d-------- H:\Program Files\MSXML 4.0 2008-07-25 02:38 . 2008-07-25 02:38 <KANSIO> d-------- H:\Program Files\Lavalys 2008-07-25 02:22 . 2008-07-28 00:09 <KANSIO> d-------- H:\Program Files\Microsoft Games 2008-07-25 02:21 . 2008-07-25 02:21 <KANSIO> d-------- H:\Program Files\DAEMON Tools Toolbar 2008-07-25 02:21 . 2008-07-25 09:23 <KANSIO> d-------- H:\Program Files\DAEMON Tools Lite 2008-07-25 02:18 . 2008-07-25 02:18 <KANSIO> d-------- H:\Documents and Settings\Yhteinen\Application Data\DAEMON Tools 2008-07-25 02:18 . 2008-07-25 02:18 717,296 --a------ H:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 11:15 --------- d--h--w H:\Program Files\InstallShield Installation Information 2008-07-30 14:42 23,888 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 14:28 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 14:28 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-26 21:28 737,280 ----a-w H:\WINDOWS\iun6002.exe 2008-07-25 08:29 12,400 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys 2008-07-24 18:14 --------- d-----w H:\Program Files\Common Files\InstallShield 2008-07-24 13:52 --------- d-----w H:\Program Files\ASUS 2008-07-24 13:50 315,392 ----a-w H:\WINDOWS\HideWin.exe 2008-07-24 13:50 --------- d-----w H:\Program Files\Realtek 2008-07-24 13:40 --------- d-----w H:\Program Files\Intel 2008-07-24 13:33 --------- d-----w H:\Program Files\microsoft frontpage . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360] "LightScribe Control Panel"="H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136] "Steam"="h:\progra~1\valve\steam\steam.exe" [2008-07-24 23:57 1271032] "DAEMON Tools Lite"="H:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 18:02 490952] "MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-09-14 16:20 1667584] "swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-09 11:17 68856] "AtiTrayTools"="H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 12:04 521128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="H:\Program Files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 18:42 5958656] "StartCCC"="H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "Sunkist2k"="H:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49 139264] "Lycosa"="H:\Program Files\Razer\Lycosa\razerhid.exe" [2007-11-20 16:53 147456] "DeathAdder"="H:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744] "UVS11 Preload"="H:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488] "Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "ScreenManager Pro for LCD"="H:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2007-08-30 05:47 10937640] "ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048] "osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 01:49 718704] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 19:14 16859136 H:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] 2008-08-24 12:32 60416 H:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= H:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= H:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= H:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.XFR1"= xfcodec.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "H:\\Program Files\\uTorrent\\uTorrent.exe"= "H:\\WINDOWS\\system32\\dpnsvr.exe"= "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "H:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "H:\\WINDOWS\\system32\\PnkBstrA.exe"= "H:\\WINDOWS\\system32\\PnkBstrB.exe"= "H:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "H:\\Program Files\\Xfire\\xfire.exe"= R0 mv61xx;mv61xx;H:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-05-19 10:46] R1 atitray;atitray;H:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 12:04] R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2008-02-09 19:06] R2 LiveUpdate Notice;LiveUpdate Notice;H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 20:47] R3 AtiHdmiService;ATI Function Driver for HDMI Service;H:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 02:53] R3 DAdderFltr;DeathAdder Mouse;H:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 06:46] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;H:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 18:54] R3 LycoFltr;Lycosa Keyboard;H:\WINDOWS\system32\Drivers\Lycosa.sys [2008-01-18 14:43] S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] S3 ddsxeiservice;ddsxeiservice2;H:\Program Files\sXe Injected\ddsxei.sys [2007-11-25 02:39] *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "H:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . 'Ajoitetut teht„v„t'-kansion sis„lt” . - - - - ORPHANS REMOVED - - - - BHO-{C9CEEF1B-E2FC-479A-8D78-1469C0EF9AA5} - H:\Documents and Settings\Yhteinen\Local Settings\Temporary Internet Files\Content.IE5\0JW34BU7\3077htsbdjyf[1].dll HKLM-Run-b8ab7a0b - H:\WINDOWS\system32\bfawjhaw.dll HKLM-Run-000000af - H:\WINDOWS\system32\gwfwjpwk.dll HKLM-Run-BM972c7a6f - H:\WINDOWS\system32\lgtaawta.dll Notify-WgaLogon - (no file) MSConfigStartUp-000000af - H:\WINDOWS\system32\gwfwjpwk.dll MSConfigStartUp-b8ab7a0b - H:\WINDOWS\system32\etswgavw.dll MSConfigStartUp-BM972c7a6f - H:\WINDOWS\system32\pwtkyltr.dll . ------- Supplementary Scan ------- . FireFox -: Profile - H:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\wultfvz0.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.fsnordic.net . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 05:31:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... H:\Program Files\Common Files\Symantec Shared\SPBBC\2008-08-24-49d2.kc scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . H:\WINDOWS\system32\ati2evxx.exe H:\WINDOWS\system32\ati2evxx.exe H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe H:\Program Files\Common Files\LightScribe\LSSrvc.exe H:\WINDOWS\system32\PnkBstrA.exe H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe H:\WINDOWS\system32\wdfmgr.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe H:\Program Files\Razer\DeathAdder\razertra.exe H:\Program Files\Razer\DeathAdder\razerofa.exe H:\Program Files\Razer\Lycosa\razertra.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\Program Files\Xfire\xfire.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2008-08-24 5:36:59 - machine was rebooted [Yhteinen] ComboFix-quarantined-files.txt 2008-08-24 02:36:56 Pre-Run: 102,000,848,896 tavua vapaana Post-Run: 101,979,402,240 tavua vapaana 361 --- E O F --- 2008-07-28 08:41:26 HJT-logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:27, on 24.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe H:\Program Files\Common Files\LightScribe\LSSrvc.exe H:\WINDOWS\system32\PnkBstrA.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe H:\WINDOWS\RTHDCPL.EXE H:\Program Files\ASUS\Six Engine\SixEngine.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe H:\Program Files\Multimedia Card Reader\shwicon2k.exe H:\Program Files\Razer\Lycosa\razerhid.exe H:\Program Files\Razer\DeathAdder\razerhid.exe H:\Program Files\Razer\DeathAdder\razertra.exe H:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe H:\Program Files\Razer\DeathAdder\razerofa.exe H:\Program Files\Razer\Lycosa\razertra.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe H:\Program Files\DAEMON Tools Lite\daemon.exe H:\Program Files\Messenger\msmsgs.exe H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\Program Files\Xfire\xfire.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe H:\WINDOWS\explorer.exe H:\WINDOWS\system32\notepad.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Program Files\Windows Live\Messenger\msnmsgr.exe H:\Program Files\Windows Live\Messenger\usnsvc.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe H:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fsnordic.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Lycosa] "H:\Program Files\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [DeathAdder] H:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [UVS11 Preload] H:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ScreenManager Pro for LCD] H:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Steam] "h:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216927050703 O20 - Winlogon Notify: Antiwpa - H:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9974 bytes Joten mitenkäs tästä etiäppäi?
Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. Ajata tuon jälkeen combofix.exe uudelleen ja lähetä sen loki kanssa.
Malwarebytes' Anti-Malware 1.25 Tietokantaversio: 1087 Windows 5.1.2600 Service Pack 3 15:01:18 26.8.2008 mbam-log-08-26-2008 (15-01-18).txt Tarkistustyyppi: Täysi tarkistus (C:\|H:\|) Tarkistetut kohteet: 293661 Kulunut aika: 1 hour(s), 16 minute(s), 15 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 1 Saastuneita rekisteriavaimia: 2 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 130 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: H:\WINDOWS\system32\antiwpa.dll (Malware.Tool) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Malware.Tool) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: H:\QooBox\Quarantine\H\WINDOWS\system32\abhuvugr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ajrcimev.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\axgamwyj.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\beoxvnmu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\bqyrcp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\btgrkxqk.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\cfawpgcx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\cowitujk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\csysyahu.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\cvphanwh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\drvufv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ecuvpejx.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\epfaifna.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\etswgavw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\fbwfrinl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\fkfunydr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\fonpeagj.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\frbpkhkk.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\hkxlibpo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\hricaf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\idivljir.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ikealxwp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\inuxnolm.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\kjxqfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\kvxnhw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\kwjgecfu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\nhpxyx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\nlmhnetr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\nopuopuc.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\nwoqbwmv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ooxcbnfk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\pfvqrrrn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\pmnmmNgE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ppodxq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\pwtkyltr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\qnbatftm.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\rgixflgv.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\rlovtweo.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\sprlht.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\sqsnvjwx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\tcwtoynh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\tfboigfa.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\tuxekkci.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ugrcpame.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ukcltovq.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\vblobbfd.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\vhnnba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\vibqvsgl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\vyoknh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\wsskujsb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\wupoaqdu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\xhqmzn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\xoereqqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\yijvxgli.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\ykgexj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\QooBox\Quarantine\H\WINDOWS\system32\zlxlqz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP32\A0002019.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP72\A0008214.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP72\A0008175.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP73\A0008369.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP74\A0008473.exe (Malware.Tool) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP78\A0008875.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP79\A0009965.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP80\A0010057.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP80\A0010086.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP80\A0010087.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP80\A0010089.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP81\A0012511.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP81\A0012530.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP84\A0014949.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP87\A0015225.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP88\A0015286.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP88\A0015353.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020516.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020534.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020552.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020503.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020504.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020505.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020506.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020507.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020508.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020509.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020510.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020511.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020512.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020514.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020515.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020517.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020518.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020519.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020520.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020521.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020522.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020523.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020524.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020525.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020526.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020527.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020529.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020531.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020532.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020533.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020535.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020536.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020537.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020538.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020539.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020540.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020541.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020542.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020543.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020544.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020545.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020547.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020548.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020549.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020550.exe (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020551.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020553.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020554.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020556.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020557.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020558.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020559.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020560.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020561.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020562.dll (Trojan.Vundo) -> Quarantined and deleted successfully. H:\System Volume Information\_restore{F5324A3B-17C2-4DF3-98B6-2B9FE87BCC9A}\RP90\A0020563.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:19, on 26.8.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe H:\Program Files\Common Files\LightScribe\LSSrvc.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\PnkBstrA.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe H:\Program Files\ASUS\Six Engine\SixEngine.exe H:\Program Files\Multimedia Card Reader\shwicon2k.exe H:\Program Files\Razer\Lycosa\razerhid.exe H:\Program Files\Razer\DeathAdder\razerhid.exe H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe H:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe H:\progra~1\valve\steam\steam.exe H:\Program Files\DAEMON Tools Lite\daemon.exe H:\Program Files\Messenger\msmsgs.exe H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe H:\Program Files\Razer\DeathAdder\razertra.exe H:\Program Files\Razer\Lycosa\razertra.exe H:\Program Files\Razer\DeathAdder\razerofa.exe H:\Program Files\Xfire\xfire.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\WINDOWS\system32\wuauclt.exe H:\WINDOWS\system32\wpabaln.exe H:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fsnordic.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Lycosa] "H:\Program Files\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [DeathAdder] H:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [UVS11 Preload] H:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ScreenManager Pro for LCD] H:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Steam] "h:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\xfire.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1216927050703 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9962 bytes
Noni kato ny ku tuli kahtena.. kesti niin kauan ton lähettäminen et ajattelin et stoppas. koitin laittaa uudelleen, sama homma. Tuli sit näköjää vähä jäljes.
