Kone sammuu 5 minuutin päästä käynnistämisesta

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by hartsa82, Nov 11, 2008.

  1. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Voiko joku tarkistaa lokin?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:57:15, on 11.11.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Save Size] "C:\ProgramData\64 Pop Pop.3uz0m4x"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O13 - Gopher Prefix:
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    --
    End of file - 4588 bytes
     
    hartsa82, Nov 11, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen

    Lataa Lop S&D täältä

    Tuplaklikkaa Lop S&D.exeä
    Valitse Suomi kieleksi painamalla U ja Enter.
    Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
    Odota, kunnes tarkistus on valmis
    Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
     
    yaht, Nov 11, 2008
    #2
  3. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Tässä loki:



    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : hullu j ( Administrator )
    BOOT : Fail-safe with network boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
    D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( ti 11.11.2008|17:24 )

    [ UAC => 1 ]

    --------------------\\ Listaa hakemistoja sijainnissa Local

    [19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
    [08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
    [10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
    [10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
    [11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
    [15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
    [11.11.2008|17:22] C:\Users\HULLUJ~1\AppData\Local\Temp
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
    [13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
    [3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
    [12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana

    --------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

    [11.11.2008 16:49][--ah-----] C:\Windows\tasks\SA.DAT
    [11.11.2008 16:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

    [11.11.2008|16:49] C:\ProgramData\.zreglib
    [28.10.2008|00:54] C:\ProgramData\64 Pop Pop.3uz0m4x
    [28.10.2008|00:54] C:\ProgramData\64 Pop Pop.zkgtj0
    [10.11.2008|17:19] C:\ProgramData\Admin Inter 1 Mags
    [07.10.2008|22:12] C:\ProgramData\Adobe
    [02.11.2006|15:02] C:\ProgramData\Application Data
    [07.12.2007|20:37] C:\ProgramData\ATI
    [08.09.2008|17:09] C:\ProgramData\CyberLink
    [02.11.2006|15:02] C:\ProgramData\Desktop
    [02.11.2006|15:02] C:\ProgramData\Documents
    [05.11.2008|12:40] C:\ProgramData\DVD Shrink
    [02.11.2006|15:02] C:\ProgramData\Favorites
    [28.10.2008|00:54] C:\ProgramData\Flag First
    [11.11.2008|15:41] C:\ProgramData\Grisoft
    [08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
    [07.12.2007|20:42] C:\ProgramData\HP
    [07.12.2007|20:42] C:\ProgramData\hpzinstall.log
    [08.09.2008|16:48] C:\ProgramData\K„ynnist„-valikko
    [23.09.2008|18:29] C:\ProgramData\LightScribe
    [08.09.2008|16:48] C:\ProgramData\Mallit
    [10.11.2008|18:17] C:\ProgramData\Malwarebytes
    [10.11.2008|11:27] C:\ProgramData\Microsoft
    [07.12.2007|20:49] C:\ProgramData\muvee Technologies
    [09.11.2008|18:10] C:\ProgramData\ntuser.pol
    [07.12.2007|20:58] C:\ProgramData\PC-Doctor
    [16.09.2008|13:39] C:\ProgramData\SlySoft
    [10.11.2008|16:56] C:\ProgramData\Solt Lake Software
    [02.11.2006|15:02] C:\ProgramData\Start Menu
    [08.09.2008|16:48] C:\ProgramData\Suosikit
    [09.11.2008|17:33] C:\ProgramData\Symantec
    [02.11.2006|15:02] C:\ProgramData\Templates
    [08.09.2008|16:48] C:\ProgramData\Tiedostot
    [08.09.2008|16:48] C:\ProgramData\Ty”p”yt„
    [28.10.2008|13:06] C:\ProgramData\WindowsSearch
    [5|tiedosto(a)] C:\ProgramData\tavua
    [31|kansio(ta)] C:\ProgramData\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

    [14.10.2008|12:46] C:\Program Files\7-Zip
    [07.10.2008|22:12] C:\Program Files\Adobe
    [11.11.2008|10:52] C:\Program Files\Alwil Software
    [07.12.2007|20:32] C:\Program Files\ATI
    [07.12.2007|20:33] C:\Program Files\ATI Technologies
    [28.10.2008|17:39] C:\Program Files\BitComet
    [20.10.2008|19:33] C:\Program Files\BitTorrent
    [23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
    [11.11.2008|15:31] C:\Program Files\CCleaner
    [09.11.2008|17:31] C:\Program Files\Common Files
    [07.12.2007|20:47] C:\Program Files\CyberLink
    [10.09.2008|21:12] C:\Program Files\DivX
    [09.11.2008|17:34] C:\Program Files\DNA
    [16.09.2008|11:28] C:\Program Files\DVD Shrink
    [14.10.2008|21:01] C:\Program Files\ffdshow
    [11.11.2008|15:41] C:\Program Files\Grisoft
    [07.12.2007|20:59] C:\Program Files\Hewlett-Packard
    [10.11.2008|17:19] C:\Program Files\HP
    [07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
    [21.10.2008|18:37] C:\Program Files\Internet Explorer
    [07.12.2007|20:51] C:\Program Files\Java
    [07.12.2007|20:34] C:\Program Files\MainConcept
    [10.11.2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
    [02.11.2006|14:37] C:\Program Files\Microsoft Games
    [07.12.2007|20:53] C:\Program Files\Microsoft Office
    [07.12.2007|20:53] C:\Program Files\Microsoft Works
    [10.11.2008|17:19] C:\Program Files\Mobile Partner
    [21.10.2008|18:37] C:\Program Files\Movie Maker
    [02.11.2006|14:37] C:\Program Files\MSBuild
    [07.12.2007|20:49] C:\Program Files\muvee Technologies
    [07.12.2007|20:59] C:\Program Files\Online Services
    [07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
    [07.12.2007|20:35] C:\Program Files\Realtek
    [02.11.2006|14:37] C:\Program Files\Reference Assemblies
    [14.10.2008|12:48] C:\Program Files\SlySoft
    [09.11.2008|17:32] C:\Program Files\Symantec
    [11.11.2008|16:51] C:\Program Files\Trend Micro
    [02.11.2006|15:01] C:\Program Files\Uninstall Information
    [24.09.2008|13:13] C:\Program Files\URUSoft
    [23.09.2008|20:09] C:\Program Files\Webteh
    [10.10.2008|11:27] C:\Program Files\Winamp
    [21.10.2008|18:37] C:\Program Files\Windows Calendar
    [21.10.2008|18:37] C:\Program Files\Windows Collaboration
    [21.10.2008|18:37] C:\Program Files\Windows Defender
    [21.10.2008|18:37] C:\Program Files\Windows Journal
    [21.10.2008|18:37] C:\Program Files\Windows Mail
    [21.10.2008|18:37] C:\Program Files\Windows Media Player
    [08.09.2008|16:48] C:\Program Files\Windows NT
    [21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
    [21.10.2008|18:37] C:\Program Files\Windows Sidebar
    [28.10.2008|12:19] C:\Program Files\WinRAR
    [0|tiedosto(a)] C:\Program Files\tavua
    [53|kansio(ta)] C:\Program Files\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

    [07.10.2008|22:12] C:\Program Files\Common Files\Adobe
    [07.12.2007|20:42] C:\Program Files\Common Files\HP
    [07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
    [07.12.2007|20:51] C:\Program Files\Common Files\Java
    [07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
    [07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
    [07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
    [07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
    [10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
    [02.11.2006|13:18] C:\Program Files\Common Files\Services
    [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
    [21.10.2008|18:37] C:\Program Files\Common Files\System
    [0|tiedosto(a)] C:\Program Files\Common Files\tavua
    [15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

    --------------------\\ Process

    ( 26 Processes )

    iexplore.exe ~ [PID:1212]

    --------------------\\ Etsii S_Lopilla

    C:\ProgramData\64 Pop Pop.zkgtj0
    C:\ProgramData\64 Pop Pop.3uz0m4x
    C:\ProgramData\FLAGFI~1
    C:\ProgramData\FLAGFI~1\Mp3Drive.exe
    C:\ProgramData\FLAGFI~1\otgnexha.exe

    --------------------\\ Etsii Lopin tiedostoja ja kansioita

    C:\ProgramData\Admin Inter 1 Mags
    C:\Users\HULLUJ~1\AppData\Local\Temp\nst15B3.tmp
    C:\Users\HULLUJ~1\AppData\Local\Temp\nst935.tmp

    --------------------\\ Etsii rekisterikohteita

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mpeg Admin Dvd]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\PROGRA~2\\FLAGFI~1\\Mp3Drive.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Save Size"="\"C:\\ProgramData\\64 Pop Pop.3uz0m4x\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Tarkistaa Hosts-tiedostoa

    Hosts-tiedosto PUHDAS


    --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 17:24:24
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    disk error: C:\Windows\System32\
    please note that you need administrator rights to perform deep scan

    --------------------\\ Tarkistaa muita infektioita

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

    --------------------\\ Cracks & Keygens ..

    C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe


    [F:48][D:9]-> C:\Users\HULLUJ~1\AppData\Local\Temp
    [F:31][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:421][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:3][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]

    --------------------\\ Tarkistus valmistui 17:24:44
    [ UAC => 1 ]

     
    hartsa82, Nov 11, 2008
    #3
  4. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Jeps loppi ja TDSS siellä on.

    Käynnistä Lop S&D

    Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
    ÄLÄ sulje ikkunaa korjauksen aikana!
    Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
     
    yaht, Nov 11, 2008
    #4
  5. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Malwarebytesin päivitys ei onnistunut. Tässä lopR- ja Hjt-lokit.

    lopR-loki:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : hullu j ( Administrator )
    BOOT : Fail-safe with network boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
    D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT - Total:983 Mo (Free:0 Go)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [3] ( ti 11.11.2008|17:57 )

    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

    Poistettu! - C:\Users\HULLUJ~1\AppData\Local\Temp\nst15B3.tmp
    Poistettu! - C:\Users\HULLUJ~1\AppData\Local\Temp\nst935.tmp
    Poistettu! - C:\ProgramData\64 Pop Pop.zkgtj0
    Poistettu! - C:\ProgramData\64 Pop Pop.3uz0m4x
    Poistettu! - C:\ProgramData\FLAGFI~1\Mp3Drive.exe
    Poistettu! - C:\ProgramData\FLAGFI~1\otgnexha.exe
    Poistettu! - C:\ProgramData\Admin Inter 1 Mags
    Poistettu! - C:\ProgramData\FLAGFI~1

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listaa hakemistoja sijainnissa Local

    [19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
    [08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
    [10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
    [10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
    [11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
    [15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
    [11.11.2008|17:57] C:\Users\HULLUJ~1\AppData\Local\Temp
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
    [13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
    [3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
    [12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana

    --------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

    [11.11.2008 16:49][--ah-----] C:\Windows\tasks\SA.DAT
    [11.11.2008 16:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

    [11.11.2008|16:49] C:\ProgramData\.zreglib
    [07.10.2008|22:12] C:\ProgramData\Adobe
    [02.11.2006|15:02] C:\ProgramData\Application Data
    [07.12.2007|20:37] C:\ProgramData\ATI
    [08.09.2008|17:09] C:\ProgramData\CyberLink
    [02.11.2006|15:02] C:\ProgramData\Desktop
    [02.11.2006|15:02] C:\ProgramData\Documents
    [05.11.2008|12:40] C:\ProgramData\DVD Shrink
    [02.11.2006|15:02] C:\ProgramData\Favorites
    [11.11.2008|15:41] C:\ProgramData\Grisoft
    [08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
    [07.12.2007|20:42] C:\ProgramData\HP
    [07.12.2007|20:42] C:\ProgramData\hpzinstall.log
    [08.09.2008|16:48] C:\ProgramData\K„ynnist„-valikko
    [23.09.2008|18:29] C:\ProgramData\LightScribe
    [08.09.2008|16:48] C:\ProgramData\Mallit
    [10.11.2008|18:17] C:\ProgramData\Malwarebytes
    [10.11.2008|11:27] C:\ProgramData\Microsoft
    [07.12.2007|20:49] C:\ProgramData\muvee Technologies
    [09.11.2008|18:10] C:\ProgramData\ntuser.pol
    [07.12.2007|20:58] C:\ProgramData\PC-Doctor
    [16.09.2008|13:39] C:\ProgramData\SlySoft
    [10.11.2008|16:56] C:\ProgramData\Solt Lake Software
    [02.11.2006|15:02] C:\ProgramData\Start Menu
    [08.09.2008|16:48] C:\ProgramData\Suosikit
    [09.11.2008|17:33] C:\ProgramData\Symantec
    [02.11.2006|15:02] C:\ProgramData\Templates
    [08.09.2008|16:48] C:\ProgramData\Tiedostot
    [08.09.2008|16:48] C:\ProgramData\Ty”p”yt„
    [28.10.2008|13:06] C:\ProgramData\WindowsSearch
    [3|tiedosto(a)] C:\ProgramData\tavua
    [29|kansio(ta)] C:\ProgramData\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

    [14.10.2008|12:46] C:\Program Files\7-Zip
    [07.10.2008|22:12] C:\Program Files\Adobe
    [11.11.2008|10:52] C:\Program Files\Alwil Software
    [07.12.2007|20:32] C:\Program Files\ATI
    [07.12.2007|20:33] C:\Program Files\ATI Technologies
    [28.10.2008|17:39] C:\Program Files\BitComet
    [20.10.2008|19:33] C:\Program Files\BitTorrent
    [23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
    [11.11.2008|15:31] C:\Program Files\CCleaner
    [09.11.2008|17:31] C:\Program Files\Common Files
    [07.12.2007|20:47] C:\Program Files\CyberLink
    [10.09.2008|21:12] C:\Program Files\DivX
    [09.11.2008|17:34] C:\Program Files\DNA
    [16.09.2008|11:28] C:\Program Files\DVD Shrink
    [14.10.2008|21:01] C:\Program Files\ffdshow
    [11.11.2008|15:41] C:\Program Files\Grisoft
    [07.12.2007|20:59] C:\Program Files\Hewlett-Packard
    [10.11.2008|17:19] C:\Program Files\HP
    [07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
    [21.10.2008|18:37] C:\Program Files\Internet Explorer
    [07.12.2007|20:51] C:\Program Files\Java
    [07.12.2007|20:34] C:\Program Files\MainConcept
    [10.11.2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
    [02.11.2006|14:37] C:\Program Files\Microsoft Games
    [07.12.2007|20:53] C:\Program Files\Microsoft Office
    [07.12.2007|20:53] C:\Program Files\Microsoft Works
    [10.11.2008|17:19] C:\Program Files\Mobile Partner
    [21.10.2008|18:37] C:\Program Files\Movie Maker
    [02.11.2006|14:37] C:\Program Files\MSBuild
    [07.12.2007|20:49] C:\Program Files\muvee Technologies
    [07.12.2007|20:59] C:\Program Files\Online Services
    [07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
    [07.12.2007|20:35] C:\Program Files\Realtek
    [02.11.2006|14:37] C:\Program Files\Reference Assemblies
    [14.10.2008|12:48] C:\Program Files\SlySoft
    [09.11.2008|17:32] C:\Program Files\Symantec
    [11.11.2008|16:51] C:\Program Files\Trend Micro
    [02.11.2006|15:01] C:\Program Files\Uninstall Information
    [24.09.2008|13:13] C:\Program Files\URUSoft
    [23.09.2008|20:09] C:\Program Files\Webteh
    [10.10.2008|11:27] C:\Program Files\Winamp
    [21.10.2008|18:37] C:\Program Files\Windows Calendar
    [21.10.2008|18:37] C:\Program Files\Windows Collaboration
    [21.10.2008|18:37] C:\Program Files\Windows Defender
    [21.10.2008|18:37] C:\Program Files\Windows Journal
    [21.10.2008|18:37] C:\Program Files\Windows Mail
    [21.10.2008|18:37] C:\Program Files\Windows Media Player
    [08.09.2008|16:48] C:\Program Files\Windows NT
    [21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
    [21.10.2008|18:37] C:\Program Files\Windows Sidebar
    [28.10.2008|12:19] C:\Program Files\WinRAR
    [0|tiedosto(a)] C:\Program Files\tavua
    [53|kansio(ta)] C:\Program Files\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

    [07.10.2008|22:12] C:\Program Files\Common Files\Adobe
    [07.12.2007|20:42] C:\Program Files\Common Files\HP
    [07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
    [07.12.2007|20:51] C:\Program Files\Common Files\Java
    [07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
    [07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
    [07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
    [07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
    [10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
    [02.11.2006|13:18] C:\Program Files\Common Files\Services
    [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
    [21.10.2008|18:37] C:\Program Files\Common Files\System
    [0|tiedosto(a)] C:\Program Files\Common Files\tavua
    [15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

    --------------------\\ Process

    ( 25 Processes )

    ... OK !

    --------------------\\ Etsii S_Lopilla

    Lopin kansioita ei löytynyt !

    --------------------\\ Etsii Lopin tiedostoja ja kansioita

    Lopin kansioita ei löytynyt !

    --------------------\\ Etsii rekisterikohteita

    ..... OK !

    --------------------\\ Tarkistaa Hosts-tiedostoa

    Hosts-tiedosto PUHDAS


    --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 17:57:57
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    disk error: C:\Windows\System32\
    please note that you need administrator rights to perform deep scan

    --------------------\\ Tarkistaa muita infektioita

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

    --------------------\\ Cracks & Keygens ..

    C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe


    [F:45][D:7]-> C:\Users\HULLUJ~1\AppData\Local\Temp
    [F:35][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:925][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:3][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - ti 11.11.2008|17:58 - Option : [3]

    --------------------\\ Tarkistus valmistui 17:58:12
    [ UAC => 1 ]



    Hjt-loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:12:32, on 11.11.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O13 - Gopher Prefix:
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    --
    End of file - 4570 bytes
     
    hartsa82, Nov 11, 2008
    #5
  6. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    yaht, Nov 11, 2008
    #6
  7. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Malwarebytesin asennus ei onnistu. Tässä viimeisimmät lokit.


    lopR-loki:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : hullu j ( Administrator )
    BOOT : Fail-safe with network boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080723-1] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:457 Go (Free:317 Go)
    D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [3] ( ke 12.11.2008|19:35 )

    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listaa hakemistoja sijainnissa Local

    [19.09.2008|12:35] C:\Users\HULLUJ~1\AppData\Local\Adobe
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Application Data
    [08.09.2008|17:01] C:\Users\HULLUJ~1\AppData\Local\ATI
    [10.11.2008|16:50] C:\Users\HULLUJ~1\AppData\Local\d3d9caps.dat
    [10.11.2008|15:45] C:\Users\HULLUJ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [20.10.2008|19:33] C:\Users\HULLUJ~1\AppData\Local\DNA
    [11.11.2008|15:44] C:\Users\HULLUJ~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [08.09.2008|21:48] C:\Users\HULLUJ~1\AppData\Local\Microsoft
    [15.10.2008|16:23] C:\Users\HULLUJ~1\AppData\Local\Microsoft Games
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Sivuhistoria
    [12.11.2008|19:35] C:\Users\HULLUJ~1\AppData\Local\Temp
    [08.09.2008|16:52] C:\Users\HULLUJ~1\AppData\Local\Temporary Internet Files
    [13.10.2008|13:26] C:\Users\HULLUJ~1\AppData\Local\VirtualStore
    [3|tiedosto(a)] C:\Users\HULLUJ~1\AppData\Local\tavua
    [12|kansio(ta)] C:\Users\HULLUJ~1\AppData\Local\tavua vapaana

    --------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

    [12.11.2008 19:16][--ah-----] C:\Windows\tasks\SA.DAT
    [11.11.2008 18:29][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

    [12.11.2008|19:16] C:\ProgramData\.zreglib
    [07.10.2008|22:12] C:\ProgramData\Adobe
    [02.11.2006|15:02] C:\ProgramData\Application Data
    [07.12.2007|20:37] C:\ProgramData\ATI
    [08.09.2008|17:09] C:\ProgramData\CyberLink
    [02.11.2006|15:02] C:\ProgramData\Desktop
    [02.11.2006|15:02] C:\ProgramData\Documents
    [05.11.2008|12:40] C:\ProgramData\DVD Shrink
    [02.11.2006|15:02] C:\ProgramData\Favorites
    [11.11.2008|15:41] C:\ProgramData\Grisoft
    [08.09.2008|16:52] C:\ProgramData\Hewlett-Packard
    [07.12.2007|20:42] C:\ProgramData\HP
    [07.12.2007|20:42] C:\ProgramData\hpzinstall.log
    [08.09.2008|16:48] C:\ProgramData\K„ynnist„-valikko
    [23.09.2008|18:29] C:\ProgramData\LightScribe
    [08.09.2008|16:48] C:\ProgramData\Mallit
    [10.11.2008|18:17] C:\ProgramData\Malwarebytes
    [10.11.2008|11:27] C:\ProgramData\Microsoft
    [07.12.2007|20:49] C:\ProgramData\muvee Technologies
    [09.11.2008|18:10] C:\ProgramData\ntuser.pol
    [07.12.2007|20:58] C:\ProgramData\PC-Doctor
    [16.09.2008|13:39] C:\ProgramData\SlySoft
    [10.11.2008|16:56] C:\ProgramData\Solt Lake Software
    [02.11.2006|15:02] C:\ProgramData\Start Menu
    [08.09.2008|16:48] C:\ProgramData\Suosikit
    [09.11.2008|17:33] C:\ProgramData\Symantec
    [02.11.2006|15:02] C:\ProgramData\Templates
    [08.09.2008|16:48] C:\ProgramData\Tiedostot
    [08.09.2008|16:48] C:\ProgramData\Ty”p”yt„
    [28.10.2008|13:06] C:\ProgramData\WindowsSearch
    [3|tiedosto(a)] C:\ProgramData\tavua
    [29|kansio(ta)] C:\ProgramData\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

    [14.10.2008|12:46] C:\Program Files\7-Zip
    [07.10.2008|22:12] C:\Program Files\Adobe
    [11.11.2008|10:52] C:\Program Files\Alwil Software
    [07.12.2007|20:32] C:\Program Files\ATI
    [07.12.2007|20:33] C:\Program Files\ATI Technologies
    [28.10.2008|17:39] C:\Program Files\BitComet
    [20.10.2008|19:33] C:\Program Files\BitTorrent
    [23.09.2008|20:10] C:\Program Files\BS.Player ControlBar
    [11.11.2008|15:31] C:\Program Files\CCleaner
    [09.11.2008|17:31] C:\Program Files\Common Files
    [07.12.2007|20:47] C:\Program Files\CyberLink
    [10.09.2008|21:12] C:\Program Files\DivX
    [09.11.2008|17:34] C:\Program Files\DNA
    [16.09.2008|11:28] C:\Program Files\DVD Shrink
    [14.10.2008|21:01] C:\Program Files\ffdshow
    [11.11.2008|15:41] C:\Program Files\Grisoft
    [07.12.2007|20:59] C:\Program Files\Hewlett-Packard
    [10.11.2008|17:19] C:\Program Files\HP
    [07.12.2007|20:59] C:\Program Files\InstallShield Installation Information
    [21.10.2008|18:37] C:\Program Files\Internet Explorer
    [07.12.2007|20:51] C:\Program Files\Java
    [07.12.2007|20:34] C:\Program Files\MainConcept
    [11.11.2008|18:44] C:\Program Files\Malwarebytes' Anti-Malware
    [02.11.2006|14:37] C:\Program Files\Microsoft Games
    [07.12.2007|20:53] C:\Program Files\Microsoft Office
    [07.12.2007|20:53] C:\Program Files\Microsoft Works
    [10.11.2008|17:19] C:\Program Files\Mobile Partner
    [21.10.2008|18:37] C:\Program Files\Movie Maker
    [02.11.2006|14:37] C:\Program Files\MSBuild
    [07.12.2007|20:49] C:\Program Files\muvee Technologies
    [07.12.2007|20:59] C:\Program Files\Online Services
    [07.12.2007|21:09] C:\Program Files\PC-Doctor 5 for Windows
    [07.12.2007|20:35] C:\Program Files\Realtek
    [02.11.2006|14:37] C:\Program Files\Reference Assemblies
    [14.10.2008|12:48] C:\Program Files\SlySoft
    [09.11.2008|17:32] C:\Program Files\Symantec
    [11.11.2008|16:51] C:\Program Files\Trend Micro
    [02.11.2006|15:01] C:\Program Files\Uninstall Information
    [24.09.2008|13:13] C:\Program Files\URUSoft
    [23.09.2008|20:09] C:\Program Files\Webteh
    [10.10.2008|11:27] C:\Program Files\Winamp
    [21.10.2008|18:37] C:\Program Files\Windows Calendar
    [21.10.2008|18:37] C:\Program Files\Windows Collaboration
    [21.10.2008|18:37] C:\Program Files\Windows Defender
    [21.10.2008|18:37] C:\Program Files\Windows Journal
    [21.10.2008|18:37] C:\Program Files\Windows Mail
    [21.10.2008|18:37] C:\Program Files\Windows Media Player
    [08.09.2008|16:48] C:\Program Files\Windows NT
    [21.10.2008|18:37] C:\Program Files\Windows Photo Gallery
    [21.10.2008|18:37] C:\Program Files\Windows Sidebar
    [28.10.2008|12:19] C:\Program Files\WinRAR
    [0|tiedosto(a)] C:\Program Files\tavua
    [53|kansio(ta)] C:\Program Files\tavua vapaana

    --------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

    [07.10.2008|22:12] C:\Program Files\Common Files\Adobe
    [07.12.2007|20:42] C:\Program Files\Common Files\HP
    [07.12.2007|20:42] C:\Program Files\Common Files\InstallShield
    [07.12.2007|20:51] C:\Program Files\Common Files\Java
    [07.12.2007|20:49] C:\Program Files\Common Files\LightScribe
    [07.12.2007|20:47] C:\Program Files\Common Files\LS Getting Started
    [07.12.2007|20:53] C:\Program Files\Common Files\microsoft shared
    [07.12.2007|20:49] C:\Program Files\Common Files\muvee Technologies
    [10.09.2008|21:12] C:\Program Files\Common Files\PX Storage Engine
    [02.11.2006|13:18] C:\Program Files\Common Files\Services
    [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [09.11.2008|17:33] C:\Program Files\Common Files\Symantec Shared
    [21.10.2008|18:37] C:\Program Files\Common Files\System
    [0|tiedosto(a)] C:\Program Files\Common Files\tavua
    [15|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

    --------------------\\ Process

    ( 26 Processes )

    ... OK !

    --------------------\\ Etsii S_Lopilla

    Lopin kansioita ei löytynyt !

    --------------------\\ Etsii Lopin tiedostoja ja kansioita

    Lopin kansioita ei löytynyt !

    --------------------\\ Etsii rekisterikohteita

    ..... OK !

    --------------------\\ Tarkistaa Hosts-tiedostoa

    Hosts-tiedosto PUHDAS


    --------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja


    --------------------\\ Tarkistaa muita infektioita

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

    --------------------\\ Cracks & Keygens ..

    C:\Users\HULLUJ~1\AppData\Roaming\uTorrent\Minilyrics v6.0.3697 Final + KeyGeN.torrent
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK
    C:\Users\HULLUJ~1\Downloads\AnyDVD & HD v.6.4.6.1\AnyDVD & HD v.6.4.6.1\CRACK\AnyDVDtray.exe


    [F:14][D:2]-> C:\Users\HULLUJ~1\AppData\Local\Temp
    [F:20][D:1]-> C:\Users\HULLUJ~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:298][D:7]-> C:\Users\HULLUJ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:8][D:5]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - ti 11.11.2008|17:24 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - ti 11.11.2008|17:58 - Option : [3]
    3 - "C:\Lop SD\LopR_3.txt" - ke 12.11.2008|19:35 - Option : [3]

    --------------------\\ Tarkistus valmistui 19:35:36
    [ UAC => 1 ]



    Hjt-loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:43, on 12.11.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: mxlivemedia - {8c8cc284-4a08-9f92-e150-f2646bc72b29} - C:\Windows\system32\nsz1622.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\hullu j\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O13 - Gopher Prefix:
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    --
    End of file - 4583 bytes
     
    hartsa82, Nov 12, 2008
    #7
  8. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
    Combofix.exe
    Combofix.exe

    Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    *
     
    yaht, Nov 12, 2008
    #8
  9. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Ei onnistu compofixinkaan ajaminen, ilmoittaa vain että windows on havainnut ongelman ja sovellus suljetaan. Mitenhän onnistuisi?
     
    hartsa82, Nov 12, 2008
    #9
  10. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    yaht, Nov 12, 2008
    #10
  11. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Ei onnistu vikasietotilassakaan.
     
    hartsa82, Nov 12, 2008
    #11
  12. hartsa82

    hartsa82 Regular member

    Joined:
    Aug 30, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    26
    Asennettiin koko winukka uusiksi kaverin koneeseen, ku oli niin jynkässä.
     
    hartsa82, Nov 13, 2008
    #12
  13. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Nooh oltaisiin tuo kyllä saatu puhtaaksi mutta parempi näin ainakin pääsi 100% kaikesta eroon :D
     
    yaht, Nov 13, 2008
    #13

Share This Page