Hitaampaa ja hitaampaa

**RB211** · #1 4 huhtikuu 2008, 10:57

Kun olet ladannut joitakin juttuja olen tietokoneella alkaa hitaammin ja hitaammin ja harmittaa vakoilu / haittaohjelmien lisätä avautumisen, että En voi päästä eroon. Voit auttaa guys ..

**Hybr! D** · #2 4 huhtikuu 2008, 11:02

Aloita tästä: http://www.computer-juice.com/forums...-posting-7476/

**RB211** · #3 4 huhtikuu 2008, 14:51

Ok tämä on ensimmäinen loki. En ota sitä juuri jatkaa?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 pm
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Muisti tuotteet skannatut: 703
Muisti uhkia havaittu: 1
Rekisterikohteita skannatut: 5826
Rekisterin uhkia havaittu: 43
Tiedostoalkiot skannatut: 289779
Tiedoston uhkia havaittu: 158
Adware.Vundo Variantti / Asukas
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variantti
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Alkuperä
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ LIPUT
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ palvelevat-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ StatCounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Alkuperä
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace -
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variantti / Rel
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI2
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI2
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ LNNMP.INI2
C: \ WINDOWS \ SYSTEM32 \ MCRH.TMP
C: \ WINDOWS \ SYSTEM32 \ RRQSS.INI
C: \ WINDOWS \ SYSTEM32 \ VVVWA.INI2
Adware.Vundo-Muunnos
C: \ WINDOWS \ SYSTEM32 \ DDCCA.DLL
C: \ WINDOWS \ SYSTEM32 \ SSQRR.DLL
Trace.Known Threat Lähteet
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ alhaalta [2]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-ominaisuuksia [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-vasen-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ikkuna [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ puhtaan [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ Top [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-oikeus-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ suositella [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ tyylejä [5]. CSS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ kehitys [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-katsaus [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ pikaisesti [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ tyylejä [2]. CSS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-osto [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ merkki [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn-home [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ ilmoitus [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ Shield [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ Play [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ rajat [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ CLOSEBUTTON [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. GIF

**evilfantasy** · #4 4 huhtikuu 2008, 19:20

Kyllä jatka muun vaiheet. Jokainen askel etsii ja korjaa erilaisia uhkia.

**RB211** · #5 5 huhtikuu 2008, 00:13

OK Heres toinen log ..

Malwarebytes' Anti-Malware 1.10
Tietokantaversio: 592
Scan type: Full Scan (: \ | C: \ | C: \ | C: \ | H: \ | I: \ | J: \ |)
Objects skannatut: 336027
Kulunut aika: 1 tunti (s), 8 minute (s), 1 second (s)
Saastuneita muistiprosesseja: 5
Memory Modules Infected: 0
Rekisteriavaimista Infected: 10
Saastuneita rekisteriarvoja: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
Memory Modules Infected:
(Ei haittaohjelmia kohteet havaitaan)
Rekisteriavaimista Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services es \ aikataulu (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Quarantined ja poistaminen onnistui.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(Ei haittaohjelmia kohteet havaitaan)
Kansiot Infected:
(Ei haittaohjelmia kohteet havaitaan)
Files Infected:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ kierrosta [1]. Jpg (Trojan.Madcode) -> Quarantined and deleted successfully. C
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Quarantined ja poistaminen onnistui.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C

**RB211** · #6 5 huhtikuu 2008, 00:51

Voi OK I didnt toteuttaa minun piti lähettää ne kaikki yhdessä. Sorry guys ... Tässä ne ovat:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 pm
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Muisti tuotteet skannatut: 703
Muisti uhkia havaittu: 1
Rekisterikohteita skannatut: 5826
Rekisterin uhkia havaittu: 43
Tiedostoalkiot skannatut: 289779
Tiedoston uhkia havaittu: 158
Adware.Vundo Variantti / Asukas
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variantti
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Alkuperä
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ LIPUT
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ palvelevat-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ StatCounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Uusissa Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Alkuperä
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace -
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variantti / Rel
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI2
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI2
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ LNNMP.INI2
C: \ WINDOWS \ SYSTEM32 \ MCRH.TMP
C: \ WINDOWS \ SYSTEM32 \ RRQSS.INI
C: \ WINDOWS \ SYSTEM32 \ VVVWA.INI2
Adware.Vundo-Muunnos
C: \ WINDOWS \ SYSTEM32 \ DDCCA.DLL
C: \ WINDOWS \ SYSTEM32 \ SSQRR.DLL
Trace.Known Threat Lähteet
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ alhaalta [2]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-ominaisuuksia [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-vasen-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ikkuna [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ puhtaan [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ Top [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-oikeus-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ suositella [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ tyylejä [5]. CSS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ kehitys [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-katsaus [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ pikaisesti [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ tyylejä [2]. CSS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-osto [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ merkki [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn-home [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ johtajille [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ ilmoitus [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ Shield [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ Play [1]. JS
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ rajat [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ CLOSEBUTTON [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. GIF
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. GIF

Malwarebytes' Anti-Malware 1.10
Tietokantaversio: 592
Scan type: Full Scan (: \ | C: \ | C: \ | C: \ | H: \ | I: \ | J: \ |)
Objects skannatut: 336027
Kulunut aika: 1 tunti (s), 8 minute (s), 1 second (s)
Saastuneita muistiprosesseja: 5
Memory Modules Infected: 0
Rekisteriavaimista Infected: 10
Saastuneita rekisteriarvoja: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Puretut prosessi onnistuneesti.
Memory Modules Infected:
(Ei haittaohjelmia kohteet havaitaan)
Rekisteriavaimista Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services es \ aikataulu (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Quarantined ja poistaminen onnistui.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Quarantined ja poistaminen onnistui.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(Ei haittaohjelmia kohteet havaitaan)
Kansiot Infected:
(Ei haittaohjelmia kohteet havaitaan)
Files Infected:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ kierrosta [1]. Jpg (Trojan.Madcode) -> Quarantined and deleted successfully. C
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ CTFMON.EXE (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Quarantined ja poistaminen onnistui.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C
C: \ Documents and Settings \ Danny \ Local Settings \ Application Data \ spool.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu at 08:45:34, on 05.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ycommon.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ mpbtn.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. paikalliset
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / Autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" päivityksen viivästyminen 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Käynnistysmerkinnät
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / pienenä
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (pienennetty). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT broadband Desktop Help.lnk = C: \ Program Files \ BT broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra yhteydessä valikkotoimintoa: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra yhteydessä valikkotoimintoa: & Download with & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra yhteydessä valikkotoimintoa: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Pikanäppäin Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10856 bytes

Paljon kiitoksia

**evilfantasy** · #7 5 huhtikuu 2008, 01:27

Näyttää siellä oli paljon pois, on vielä kyseenalainen merkinnät Hijackthis loki joten meidän täytyy ajaa hieman eri työkaluja.

Ladata Vundofix.exe omalle työpöydälle.

Kaksoisnapsauta VundoFix.exe suorittaa sen.
Kun VundoFix avautuu, napsauta Scan for Vundo painiketta.
Kun se on tehty skannaus napsauttamalla Poista Vundo painiketta.
Saat nopeasti kysyy, haluatko poistaa tiedostot, valitse KYLLÄ
Kun valitset Kyllä, työpöydälle jää tyhjäksi, koska se alkaa poistamaan Vundo.
Kun valmis, se nopea, että se shutdown tietokone, napsauta OK.
Käännä tietokone uudelleen.
Lähetä sisältö C: \vundofix.txt ja uusi HiJackThis log.

Huom: On mahdollista, että VundoFix havainnut tiedostoa ei voitu poistaa. Tässä tapauksessa VundoFix näytetään reboot, noudata edellä mainittuja ohjeita alkaen "Klikkaa Scan for Vundo nappia" kun VundoFix näkyy reboot.

Anna Vundo maaliin, joskus se voi kestää useita kulkee

----------

Ladata SDFix.exe ja tallenna se työpöydälle.

Kaksoisnapsauta SDFix.exe ja se purkaa tiedostoja% systemdrive%
(Asema, joka sisältää Windows Directory, yleensä C: \ SDFix)

Ole hyvä ja sitten käynnistää tietokone uudelleen vuonna Vikasietotila tekemällä seuraavasti:

Käynnistä tietokone uudelleen
Kuultuaan tietokone piippaa kerran käynnistyksen aikana, mutta ennen kuin Windows-kuvake näkyy, kosketa F8-näppäintä jatkuvasti;
Sen sijaan Windows lastaamista normaalia, että Lisäasetukset Valikko tulisi näkyä;
Valitse ensimmäinen vaihtoehto, Windows vikasietotilassa, paina sitten Anna.
Valitse tavallista huomioon.
Avaa uutetut SDFix-kansio ja kaksoisnapsauta RunThis.bat Käynnistä komentorivi.
Tyyppi Y aloittaa saneerausmenettelyn.
Se poistaa kaikki Troijan Palvelut ja rekisterimerkintöjä, että se toteaa sitten sinua paina mitä tahansa näppäintä Uudelleenkäynnistä.
Paina mitä tahansa näppäintä ja se käynnistä tietokone.
Kun tietokone uudelleen Fixtool ajaa uudelleen ja täydellisen poistamisen prosessi sitten näyttö PäättynytPaina mitä tahansa näppäintä varten käsikirjoituksen ja lataamaan työpöydän kuvakkeet.
Kun työpöydän kuvakkeet ladata SDFix raportti avoinna näytön ja myös tallentaa osaksi SDFix kansio Report.txt
(Report.txt myös kopioidaan leikepöydälle).
Lopuksi lisää sisältöä, Report.txt näkyy seuraavassa postitse.

----------

Juokse uusi Hijackthis skannata ja lähettää paljon kirjaudu yhdessä muiden kanssa.

Lisäksi haluaisin tietää, miten asiat ovat nyt.

**RB211** · #8 5 huhtikuu 2008, 02:23

OK Seuraava kahdesti.

VundoFix V7.0.3
Scan started at 10:07:05 05/04/2008
Listing tiedostoja löytyi skannauksen aikana ....
C: \ WINDOWS \ system32 \ anthkpru.dll
Alku poistaminen ...
Yrittää poistaa C: \ WINDOWS \ system32 \ anthkpru.dll
C: \ WINDOWS \ system32 \ anthkpru.dll on poistettu!
Performing korjauksia rekisteriin.
Tehty!

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu at 10:18:53, on 05.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ycommon.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliPoint \ dpupdchk.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. paikalliset
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / Autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" päivityksen viivästyminen 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Käynnistysmerkinnät
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / pienenä
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (pienennetty). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT broadband Desktop Help.lnk = C: \ Program Files \ BT broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra yhteydessä valikkotoimintoa: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra yhteydessä valikkotoimintoa: & Download with & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra yhteydessä valikkotoimintoa: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Pikanäppäin Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10853 bytes

**evilfantasy** · #9 5 huhtikuu 2008, 02:36

Sdfix log?

**RB211** · #10 5 huhtikuu 2008, 02:51

OK sdfix ja viimeisimmät sniper:

Hurraa

Sdfix: Version 1.166
Johtama Danny on 05.04.2008 klo 10:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ sdfix \ sdfix
Checking Services :

Palauttaminen Windows Registry Values
Restoring Windows Default Hosts File
Käynnistystä

Checking Files :
Trojan Files Found:
C: \ WINDOWS \ Temp \ 1852.tmp.lst - Poistettu
C: \ WINDOWS \ Temp \ 2723.tmp.lst - Poistettu
C: \ WINDOWS \ Temp \ 2F76.tmp.lst - Poistettu
C: \ WINDOWS \ Temp \ 541A.tmp.lst - Poistettu
C: \ WINDOWS \ Temp \ 580D.tmp.lst - Poistettu
C: \ WINDOWS \ Temp \ 6E54.tmp.lst - Poistettu
C: \ WINDOWS \ fetchuserid.exe - Poistettu

Kansioon C: \ Program Files \ drmupgds - Kaukainen

Removing Temp Files
ADS Check :

Lopullinen Tarkista :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
skannaus piilotettu prosessien ...
skannaus piilotettu services & järjestelmän pesäkuoriaisen ...
skannaus piilotettu rekisterimerkinnöistä ...
skannaus piilotetut tiedostot ...
scan loppuun onnistuneesti
piilotettu prosessit: 0
piilotettu palvelut: 0
piilotetut tiedostot: 0

Jäljellä olevat palvelut :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ profiilin \ authorizedapplications \ listalle]
"C: \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor vuokrata"
"C: \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"C: \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ Program Files \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ Program Files \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Ena bled: Yahoo! Messenger"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"D: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe" = "D: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe: *: Enabled: Microsoft Flight Simulator "
"C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe: *: Enabled: Microsoft DirectPlay8 Server"
"C: \ Program Files \ \ Kontiki \ \ KService.exe" = "C: \ Program Files \ \ Kontiki \ \ KService.exe: *: Enabled: Toimitus Manager Service"
"C: \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EiB.exe" = "C: \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EIP . exe: *: Ena Bled: Brothers in Arms Earned in Blood "
"C: \ \ Valve \ \ Condition Zero \ \ czero.exe" = "C: \ \ Valve \ \ Condition Zero \ \ czero.exe: *: Enabled: Condition Zero Launcher"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_04 \ \ \ bin \ \ javaw.exe" = "C: \ \ Pro grammaa Files \ \ Java \ \ jre1.6.0_04 \ \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ Program Files \ \ DAP \ \ DAP.exe: *: Enabled: Download Accelerator Plus (DAP)"
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe" = "C: \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe: *: Enabled: VideoA ccelerator"
"C: \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe" = "C: \ \ Prog ram Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe: *: Enabled: VideoAcceleratorService"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_05 \ \ \ bin \ \ javaw.exe" = "C: \ \ Pro grammaa Files \ \ Java \ \ jre1.6.0_05 \ \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listalle]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
Jäljellä olevat tiedostot :

Tiedoston Backups: - C: \ sdfix \ sdfix \ varmuuskopiot \ backups.zip
Tiedostot, joiden Piilotettu Määritteet :
Ti 5 helmikuu 2008 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Ma 28 tammikuu 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Finished!

ja

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu at 10:48:43, on 05.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ycommon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. paikalliset
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Selaimen \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / Autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" päivityksen viivästyminen 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Laajakaista Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Käynnistysmerkinnät
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / pienenä
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (pienennetty). Lnk = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT broadband Desktop Help.lnk = C: \ Program Files \ BT broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra yhteydessä valikkotoimintoa: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra yhteydessä valikkotoimintoa: & Download with & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra yhteydessä valikkotoimintoa: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ laituri \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Pikanäppäin Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 11044 bytes

Samanlaisia Threads
Kierre	Thread Starter	Forum	Vastaukset	Last Post
Hidastunut internet nopeuksia iltaisin kaapeli	kojowilliams	Verkottuminen, Modeemit & VoIP	1	25. toukokuuta 2009 14:18
Nopea muutto pelit parantaa taitoja hitaammin liikkuvat pelejä!	NeuroDrive	PC & Console Gaming	1	4th Feb 2009 04:19
PC hitaampaa maailman hitain asia!	liman	Virusten, vakoiluohjelmien & Security	40	20. marraskuu 2008 06:35
Ulkoiset hardrives hitaampaa kuin sisäinen?	dubs89	Drives & Removable Media	3	29. Joulukuu 2007 14:05

Thread Tools
Näytä Tulostettava versio Lähetä tämä sivu