Jump to content

No network after malware removal (Smart Protection 2012)


Recommended Posts

Merged post

I have a computer that had Smart Protection 2012 infection. It was removed with MBAM, but now the computer isn't able to connect to network, wireless or wired.

The initial removal of Smart Protection happened over a month ago. Before posting here, I ran MBAM quick scan, and it found 48 infected files. After the scan and cleanup, I rebooted the computer and ran a second quick scan to make sure the infections were gone. The second scan found 0 infections. Logs of both scans are attached.

Here are the logs. First the DDS and ATTACH files, then the two MBAM scan logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Run by Susanna at 21:58:09 on 2012-04-03

Microsoft Windows 7 Professional 6.1.7600.0.1252.358.1035.18.3063.2034 [GMT 3:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\ProgramData\DatacardService\DCService.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\ASUS\ATK Hotkey\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files\ASUS\ATK Hotkey\WDC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ProgramData\GameXN\GameXNGO.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Susanna\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uDefault_Page_URL = hxxp://www.asus.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [GameXN (update)] "c:\programdata\gamexn\GameXNGO.exe" /u

uRun: [GameXN (news)] "c:\programdata\gamexn\GameXNGO.exe" /n

uRun: [GameXN] "c:\programdata\gamexn\GameXNGO.exe" /silent

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Epson Stylus SX235(Verkko)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihle.exe /fu "c:\users\susanna\appdata\local\temp\E_S4CBE.tmp" /EF "HKCU"

mRun: [set] c:\programdata\SetWallpaper.cmd

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe

mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe

mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\susanna\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\susanna\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\susanna\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.254

TCP: Interfaces\{7B6C52E5-8AA8-4F30-AFE4-EB989743AEB8} : NameServer = 192.89.123.231 192.89.123.230

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07} : DhcpNameServer = 192.168.0.254

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07}\77C616E6D21607 : DhcpNameServer = 192.168.0.254

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07}\A5978554C4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07}\A5978554C4F523 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07}\A5978554C4F533 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C79A5233-6C2E-46C6-B3E0-CA7B8F205A07}\A5978554C4F543 : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\susanna\appdata\roaming\mozilla\firefox\profiles\i8jk1isn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\susanna\appdata\roaming\mozilla\firefox\profiles\i8jk1isn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\susanna\appdata\roaming\mozilla\firefox\profiles\i8jk1isn.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-8-27 15416]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-27 66616]

R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-5-8 229376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-23 63616]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google-päivityspalvelu (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-31 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-23 101504]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-23 204800]

S3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-31 136176]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-11 50688]

S3 StorSvc;Tallennuspalvelu;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-02-09 19:17:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-30 18:57:53 8192 ----a-w- c:\windows\system32\E_DCINST.DLL

2012-01-30 18:57:52 93696 ----a-w- c:\windows\system32\E_FLBHLE.DLL

2012-01-30 18:57:52 63488 ----a-w- c:\windows\system32\E_FD4BHLE.DLL

2009-04-08 07:31:56 106496 ----a-w- c:\program files\common files\CPInstallAction.dll

2008-08-11 18:45:20 155648 ----a-w- c:\program files\common files\MSIactionall.dll

.

============= FINISH: 22:00:48,75 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 27.8.2010 14:12:12

System Uptime: 3.4.2012 21:49:09 (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | X58LE

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | Socket 478 | 996/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 2,574 GiB free.

D: is FIXED (NTFS) - 137 GiB total, 88,904 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: HTTP

Device ID: ROOT\LEGACY_HTTP\0000

Manufacturer:

Name: HTTP

PNP Device ID: ROOT\LEGACY_HTTP\0000

Service: HTTP

.

==== System Restore Points ===================

.

RP151: 12.1.2012 9:41:24 - Windows Update

RP153: 30.1.2012 21:00:48 - Installed EpsonNet Print

RP154: 30.1.2012 21:03:37 - Installed Epson Event Manager

RP155: 30.1.2012 21:09:06 - Asennettu Microsoft Visual C++ 2005 Redistributable

RP157: 30.1.2012 21:13:54 - Installed Easy Photo Print Plug-in for PMB(Picture Motion Browse£x¢U

RP158: 30.1.2012 21:18:39 - Installed ABBYY FineReader 9.0 Sprint

RP159: 31.1.2012 18:19:25 - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

ASUS CopyProtect

ASUS Data Security Manager

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS MultiFrame

ASUS Power4Gear Hybrid

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

µTorrent

Avira AntiVir Personal - Free Antivirus

BS.Player FREE

Conduit Engine

Dropbox

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON Scan

EPSON SX235 Series Printer Uninstall

EpsonNet Print

ffdshow v1.1.3529 [2010-08-11]

GameXN GO

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

IrfanView (remove only)

Java Auto Updater

Java™ 6 Update 20

Java™ 6 Update 23

Käyttöopas EPSON SX235 Series

Malwarebytes Anti-Malware versio 1.60.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobile Partner

Mozilla Firefox 10.0 (x86 fi)

NB Probe

Net4Switch

OpenOffice.org 3.2

Picasa 3

Realtek High Definition Audio Driver

RICOH R5U8xx Media Driver ver.3.62.02

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype Click to Call

Skype™ 5.5

Spotify

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

uTorrentBar Toolbar

Verkko-opas EPSON SX235 Series

WinFlash

Wireless Console 2

.

==== End Of File ===========================

MBAM Scan1:

Malwarebytes Anti-Malware (Kokeiluversio) 1.60.1.1000

www.malwarebytes.org

Tietokantaversio: v2012.02.09.06

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Susanna :: SUSANNA-PC [järjestelmänvalvoja]

Suojaus: Käytössä

3.4.2012 21:19:53

mbam-log-2012-04-03 (21-19-53).txt

Tarkistustyyppi: Pikatarkistus

Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos

Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)

Tarkistettuja kohteita: 170388

Kulunut aika: 8 minuutti(a), 38 sekunti(a)

Epäilyttäviä muistiprosesseja: 0

(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0

(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0

(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 48

C:\Windows\System32\cwcpsvc20.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\GTF32BUS.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\mapserver6.3.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\AEAudioService.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\aspi32.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\AppnBase.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\avpnnic.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\bdselfpr.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\c-dillasrv.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\CiscoVpnInstallService.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\eaps2kbd.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\epfwtdi.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\EpmShd.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\EU3_USB.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\FA312.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\hwpsgt.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\i81x.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\icam4usb.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\LPCFilter.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\mpservice.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\nuvaud2.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\NWFILTER.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\nwlnkipx.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\ozoneinstallerservice.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\ppmoucls.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\raspppoe.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\s7otranx.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\sansaservice.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\sfsync02.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\sglogplayer.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\SIODRV.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\sprtsvc_smartagent.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\ssm_mdfl.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\tfsnifs.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\tiumfwl.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\TMHIDSRV.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\U81xmdfl.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\vmkbd.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\vmkbd2.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\vrservice.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\wg4n.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\winsshd.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\wltwo51b.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\wwnetdde.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\yats32.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\zpjava.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\iisadmin.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

C:\Windows\System32\wanarp.dll (RootKit.0Access.H) -> Karanteenattu ja poistettu onnistuneesti.

(loppu)

MBAM Scan 2:

Malwarebytes Anti-Malware (Kokeiluversio) 1.60.1.1000

www.malwarebytes.org

Tietokantaversio: v2012.02.09.06

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Susanna :: SUSANNA-PC [järjestelmänvalvoja]

Suojaus: Käytössä

3.4.2012 21:35:30

mbam-log-2012-04-03 (21-35-30).txt

Tarkistustyyppi: Pikatarkistus

Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos

Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)

Tarkistettuja kohteita: 170371

Kulunut aika: 12 minuutti(a), 5 sekunti(a)

Epäilyttäviä muistiprosesseja: 0

(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0

(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0

(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0

(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0

(Ei haitallisia kohteita)

(loppu)

Forgot to mention: DHCP is enabled for both wireless and wired NICs.

Link to post
Share on other sites

Bump. Really could use some help. I have to get this sorted until tomorrow, and I'd like to avoid doing a complete windows re-install. The computer has a restore point that was created a month before the initial infection. Would rolling back to that help?

Thanks.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.