[RB211]

Hei kaverit .. juuri avannut sähköpostiosoitteen ja osui kanssa Antivirus XP 2008 virus. Cant päästä siitä eroon. Kaikki apu paljon ..

[evilfantasy]

Alku TÄSTÄ

Post tukit kun valmis.

[RB211]

Sorry mate I dont ymmärrä .. Mitä haluat minun tekevän sen myötä kaikki?

[Hybr! D]

Käytä aikaa lukea se ja suorita ohjelmiston ja post lokitiedostot, jotta voimme nähdä, mitä on meneillään kanssa tietokoneessa.

[RB211]

Heres rekistereitä:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Muodostettu 07.05.2008 klo 05:20 PM
Application Version: 4.15.1000
Core Rules Database Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Muisti erät skannattu: 268
Muisti uhkia havaittu: 1
Rekisterin kohteita skannattu: 407
Rekisterin uhkia havaittu: 26
Tiedoston kohteita skannattavan: 6977
Tiedoston uhkia havaittu: 175
Rogue.AntiVirus XP 2008
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008 \ Miten Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ palvelevat-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sukupuoli-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ mainontaa [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClickin [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. CO [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ alkusoitto [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ a [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ statcounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 O7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ kolmijalan [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ parantaa [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ DoubleClickin [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ viisitoista [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 O7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ windowsmedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ statcounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ tilit [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ palvelevat-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ mainontaa [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Class
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St art
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se teen
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se teen # Turvallisuus
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals Bluescreen Näytönsäästäjä
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ Prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Alkuperä
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1.19
Tietokannan versio: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objektit skannattavan: 113635
Kulunut aika: 42 minuutti (t), 4 toinen (t)
Memory Processes Infected: 0
Memory Modules Infected: 0
Rekisteriavaimista Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(Ei haittaohjelmia kohteet havaitaan)
Memory Modules Infected:
(Ei haittaohjelmia kohteet havaitaan)
Rekisteriavaimista Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> Quarantined ja poistaminen onnistui.
Registry Values Infected:
(Ei haittaohjelmia kohteet havaitaan)
Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined ja poistaminen onnistui.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined ja poistaminen onnistui.
Kansiot Infected:
(Ei haittaohjelmia kohteet havaitaan)
Files Infected:
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000029.exe (Trojan.Downloader) -> Quarantined ja poistaminen onnistui.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000047.dll (Rogue.AntivirusXP2008) -> Quarantined ja poistaminen onnistui.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> Quarantined ja poistaminen onnistui.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> Quarantined ja poistaminen onnistui.

JavaRa 1,08 Muuttokulut Log.Report seuraa sen jälkeen, kun linja .------------------------------------ The JavaRa poisto aloitettiin la heinäkuu 05 19:49:54 2008
Found and removed: C: \ Program Files \ Java \ jre1.6.0_05Found ja poistaa: SOFTWARE \ Javasoftin \ Java Runtime Environment \ 1.4Found ja poistaa: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_02Found ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_04Found ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_06Found ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_09Found ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_10Found ja poistaa: Software \ Javasoftin \ Java2D \ 1.5.0_11Found ja poistaa: SOFTWARE \ Classes \ JavaPlugin.150_02Found ja poistaa: SOFTWARE \ Classes \ JavaPlugin.150_04Found ja poistaa: SOFTWARE \ Classes \ JavaPlugin.150_06Found ja poistaa: SOFTWARE \ Classes \ JavaPlugin.150_09Found ja poistaa: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Päättynyt raportointi.


Kiitos kaverit

[evilfantasy]

Tarvitsevat Hijackthis loki nyt.

[RB211]

Oho pahoillani. Tässä se on:

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 20:24:21, on 05.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Iso Vahtipalvelu \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download ja Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search-työkalurivi Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search-työkalurivi - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" päivityksen viivästyminen 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [Iso Alerts] C: \ Program Files \ Iso Vahtipalvelu \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra yhteydessä valikkotoimintoa: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra yhteydessä valikkotoimintoa: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra yhteydessä valikkotoimintoa: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll / search.htm
O8 - Extra yhteydessä valikkotoimintoa: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra yhteydessä valikkotoimintoa: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra yhteydessä valikkotoimintoa: Avaa uudessa tausta-välilehti - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra yhteydessä valikkotoimintoa: Avaa uudessa tulosaineiston välilehti - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra yhteydessä valikkotoimintoa: Samanlaisia Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra yhteydessä valikkotoimintoa: Käännä Englanti - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - c: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10438 bytes

[evilfantasy]

Vielä tehtävää.

Ladata SDFix.exe ja tallenna se työpöydälle.

Kaksoisnapsauta SDFix.exe ja se purkaa tiedostoja% systemdrive%
(Asema, joka sisältää Windows Directory, yleensä C: \ SDFix)

Nyt sitten käynnistää tietokone uudelleen vuonna Vikasietotila tekemällä seuraavasti:

• Käynnistä tietokone uudelleen
• Kuultuaan tietokone piippaa kerran käynnistyksen aikana, mutta ennen kuin Windows-kuvake näkyy, kosketa F8-näppäintä jatkuvasti;
• Sen sijaan Windows lastaamista normaalia, että Lisäasetukset Valikko tulisi näkyä;
• Valitse ensimmäinen vaihtoehto, Windows vikasietotilassa, paina sitten Anna.
• Valitse tavallista huomioon.
• Avaa uutetut SDFix-kansio ja kaksoisnapsauta RunThis.bat Käynnistä komentorivi.
• Tyyppi Y aloittaa saneerausmenettelyn.
• Se poistaa kaikki Troijan Palvelut ja rekisterimerkintöjä, että se toteaa sitten sinua paina mitä tahansa näppäintä Uudelleenkäynnistä.
• Paina mitä tahansa näppäintä ja se käynnistä tietokone.
• Kun tietokone uudelleen Fixtool ajaa uudelleen ja täydellisen poistamisen prosessi sitten näyttö PäättynytPaina mitä tahansa näppäintä varten käsikirjoituksen ja lataamaan työpöydän kuvakkeet.
• Kun työpöydän kuvakkeet ladata SDFix raportti avoinna näytön ja myös tallentaa osaksi SDFix kansio Report.txt
  (Report.txt myös kopioidaan leikepöydälle).
• Lopuksi kopioi ja liitä sisältö tulokset tiedosto Report.txt Kun uutta HijackThis loki näkyy seuraavassa vastausta.

Jos SDFix ei näytetä tai saat virheitä, seuraa linkkiä ohjeita käynnissä SDFix. Kuinka käyttää SDFix

----------

Seuraava post lisätä
SDFix loki
UUSI Hijackthis loki

[RB211]

OK Seuraava lokit

SDFix: Version 1.201
Run: Danny on 05.07.2008 klo 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ Songs \ SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Käynnistystä

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Lopullinen Tarkista :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
skannaus piilotettu prosessien ...
skannaus piilotettu services & järjestelmän pesäkuoriaisen ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
skannaus piilotettu rekisterimerkinnöistä ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
skannaus piilotetut tiedostot ...
scan loppuun onnistuneesti
piilotettu prosessit: 0
piilotettu palvelut: 0
piilotetut tiedostot: 0

Jäljellä olevat palvelut :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ profiilin \ authorizedapplications \ listalle]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - RPC Server "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Paikalliset Scanner "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - Realtime seurata "
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ Program Files \ \ Iso Vahtipalvelu \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Iso Vahtipalvelu \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed installer"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listalle]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ \ Iso Vahtipalvelu \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Iso Vahtipalvelu \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
Jäljellä olevat tiedostot :

Tiedostot, joiden Piilotettu Määritteet :
Keskiviikko 26 tammikuu 2005 4704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Ke 13 heinäkuu 2005 4348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
La 5 heinäkuu 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Ma 13 kesäkuu 2005 7420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Ma 13 kesäkuu 2005 7420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Ma 13 kesäkuu 2005 7420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
La 5 heinäkuu 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Ke 13 heinäkuu 2005 4348 ... H. --- "C: \ Documents and Settings \ Danny \ Omat tiedostot \ Omat musiikkitiedostot \ License Backup \ drmv1key.bak"
Ke 25 tammikuu 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Omat tiedostot \ Omat musiikkitiedostot \ License Backup \ drmv1lic.bak"
Ke 13 heinäkuu 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Omat tiedostot \ Omat musiikkitiedostot \ License Backup \ drmv2key.bak"
Finished!


ja


Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 21:33:52, on 05.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Iso Vahtipalvelu \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download ja Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search-työkalurivi Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search-työkalurivi - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MusicMatch \ MusicMatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" päivityksen viivästyminen 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [Iso Alerts] C: \ Program Files \ Iso Vahtipalvelu \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fi-fi \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra yhteydessä valikkotoimintoa: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra yhteydessä valikkotoimintoa: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra yhteydessä valikkotoimintoa: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fi-fi \ msntb.dll / search.htm
O8 - Extra yhteydessä valikkotoimintoa: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra yhteydessä valikkotoimintoa: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra yhteydessä valikkotoimintoa: Avaa uudessa tausta-välilehti - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra yhteydessä valikkotoimintoa: Avaa uudessa tulosaineiston välilehti - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra yhteydessä valikkotoimintoa: Samanlaisia Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra yhteydessä valikkotoimintoa: Käännä Englanti - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - c: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10422 bytes

[evilfantasy]

Minun täytyy olla joitakin lisätietoja pari kuvaa. Post linkkejä tästä tuloksia, kun valmis.

Scan Suspicious File (s)

Listan Virustotal
(Jos useampi kuin yksi tiedosto tarvitsee skannata ne on tehtävä erikseen ja lokit lähetetty kunkin yksi)

• Kopioi tiedosto polku jäljempänä koodi ruutuun:

Code:

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

• Kun lataa osoittamalla kerran sisällä ikkunan vieressä Selaa.
• Paina Ctrl + V -näppäintä (molemmat samanaikaisesti) liittää tiedoston polku ikkuna.
• Seuraava napsauta Lähetä tiedosto
  • Tiedostosi mahdollisesti tulleet jonoon joka kestää yleensä alle minuutissa selvä.
• Tämä tulee tehdä tarkistuksen useiden eri virustarkistusta moottoreita.
• Tärkeää: Odota kaikki hakunopeutta moottoreiden valmis.
• Kopioi ja liitä linkki tulokset seuraavan vastauksen.

Nyt tehdä saman tiedoston.

Code:

C: \ Program Files \ Iso Vahtipalvelu \ UnitedAlerts.exe