Logfile of HijackThis v1.99.1 Scan saved at 22:06:37, on 12.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe C:\Program Files\PC Protection Plus\Common\FSMA32.EXE C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE C:\Program Files\PC Protection Plus\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\PC Protection Plus\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe C:\Program Files\PC Protection Plus\FSPC\fspc.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system\wcdvtray.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\WebCam\M1000\M1000Mnt.exe C:\Program Files\PC Protection Plus\Common\FSM32.EXE C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe C:\Ohjelmat\Diskkeeper 2008\DkService.exe C:\Ohjelmat\Winamp\winamp.exe C:\Ohjelmat\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilio n&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilio n&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q304&bd=pavilio n&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F3 - REG:win.ini: load= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Ohjelmat\FLV Downloader\MoyeaCth.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Ohjelmat\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Laajakaesta.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pc protection plus\fsps\program\fslsp.dll O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.ca b?1163245222296 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{40D06FC3-7AAB-4962-82C4-0E5E6070B0CE}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{80C36B8B-D4A0-4044-891B-FD459D2D0E00}: NameServer = 212.116.32.218 212.116.32.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1FC61D2-58E7-4036-95AF-10D3F249E3AE}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing) O21 - SSODL: gAwJOzNOL - {A087D4B4-0A2D-7E1E-B48D-E3A899D9ED2C} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Ohjelmat\Diskkeeper 2008\DkService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Ohjelmat\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (file missing) O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Ohjelmat\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
ComboFix 08-02-13.2 - Omistaja 2008-02-13 16:09:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.925 [GMT 2:00] Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\mmediacodec C:\setup.exe C:\WINDOWS\hosts C:\WINDOWS\secure32.html C:\WINDOWS\system32\paytime.exe C:\WINDOWS\tool1.exe C:\WINDOWS\tool2.exe C:\WINDOWS\tool3.exe C:\WINDOWS\tool4.exe C:\WINDOWS\tool5.exe D:\Autorun.inf . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 ))))))))))))))))) . 2008-02-12 22:52 . 2008-02-12 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-12 22:52 . 2008-02-12 22:52 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-12 16:16 . 2008-02-12 16:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2008-02-12 11:03 . 2008-02-12 11:03 0 --a------ C:\WINDOWS\oodcnt.INI 2008-02-09 01:56 . 2008-02-09 01:56 268 --ah----- C:\sqmdata16.sqm 2008-02-09 01:56 . 2008-02-09 01:56 244 --ah----- C:\sqmnoopt16.sqm 2008-02-08 22:44 . 2008-02-08 22:44 268 --ah----- C:\sqmdata15.sqm 2008-02-08 22:44 . 2008-02-08 22:44 244 --ah----- C:\sqmnoopt15.sqm 2008-01-30 23:14 . 2008-01-30 23:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\VRCGameUpdater 2008-01-20 19:31 . 2008-01-20 19:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\MoyeaFLV2Video 2008-01-20 00:20 . 2008-01-20 00:20 268 --ah----- C:\sqmdata14.sqm 2008-01-20 00:20 . 2008-01-20 00:20 244 --ah----- C:\sqmnoopt14.sqm 2008-01-19 03:45 . 2008-01-19 03:45 268 --ah----- C:\sqmdata13.sqm 2008-01-19 03:45 . 2008-01-19 03:45 244 --ah----- C:\sqmnoopt13.sqm 2008-01-17 22:36 . 2008-01-21 20:42 30 --a------ C:\WINDOWS\kaska.san 2008-01-16 17:29 . 2005-01-04 17:12 1,845,243 --a------ C:\WINDOWS\system32\haspds_windows.dll 2008-01-16 17:29 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys 2008-01-16 17:29 . 2001-09-28 18:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE 2008-01-16 17:29 . 2004-08-03 13:44 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe 2008-01-15 20:14 . 2008-01-15 20:14 81,920 --a------ C:\WINDOWS\system32\emfxp.dll 2008-01-15 20:14 . 2008-01-15 20:14 49,152 --a------ C:\WINDOWS\system32\unpdf.exe 2008-01-15 15:58 . 2008-01-15 15:58 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Thinstall 2008-01-15 15:41 . 2008-01-15 15:51 <KANSIO> d-------- C:\Program Files\Autodesk 2008-01-13 23:14 . 2008-02-13 16:02 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\skypePM 2008-01-13 23:14 . 2008-01-13 23:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-13 23:13 . 2008-01-13 23:13 <KANSIO> d-------- C:\Program Files\Skype 2008-01-13 23:13 . 2008-01-13 23:13 <KANSIO> d-------- C:\Program Files\Common Files\Skype 2008-01-13 23:12 . 2008-01-13 23:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 12:42 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-13 08:01 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype 2008-02-10 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-10 21:18 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\My Games 2008-02-10 21:14 --------- d-----w C:\Program Files\Yahoo! 2008-02-10 20:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\gtk-2.0 2008-01-31 22:35 98,304 ----a-w C:\WINDOWS\DUMPb76f.tmp 2008-01-31 22:29 98,304 ----a-w C:\WINDOWS\DUMPa330.tmp 2008-01-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VRCGameUpdater 2008-01-30 13:25 98,304 ----a-w C:\WINDOWS\DUMP0450.tmp 2008-01-29 12:23 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus 2008-01-24 22:29 98,304 ----a-w C:\WINDOWS\DUMP24d8.tmp 2008-01-24 15:52 98,304 ----a-w C:\WINDOWS\DUMP0bd2.tmp 2008-01-21 18:43 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Xfire 2008-01-19 18:42 --------- d-s---w C:\Program Files\Xfire 2008-01-15 13:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-11 00:29 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll 2008-01-09 20:11 --------- d-----w C:\Program Files\PC Protection Plus 2008-01-09 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg 2008-01-06 20:16 98,304 ----a-w C:\WINDOWS\DUMPa73c.tmp 2008-01-01 13:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-12-31 19:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Inkscape 2007-12-30 18:55 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-30 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-30 18:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-30 18:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2007-12-29 22:32 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-26 00:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Moyea 2007-12-23 10:03 --------- d-----w C:\Program Files\VstPlugins 2007-11-18 17:25 14,030 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2004-12-30 16:08 263,576 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT 2004-11-22 10:23 82,432 --sha-r C:\Documents and Settings\Omistaja\Application Data\uhj?.exe 2003-11-03 14:07 499,712 ----a-w C:\Program Files\msvcp71.dll 2003-11-03 14:07 348,160 ----a-w C:\Program Files\msvcr71.dll 2003-05-30 06:22 344,064 ----a-r C:\Program Files\msvcr70.dll 2002-01-05 00:40 487,424 ----a-w C:\Program Files\msvcp70.dll 2005-01-06 00:59 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2007-05-26 19:08 56 --sh--r C:\WINDOWS\system32\98CCDA26BE.sys . Files Infected - Win32.Agent.zb . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] "BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768] "DAEMON Tools"="C:\Ohjelmat\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 02:34 192512] "VTTimer"="VTTimer.exe" [] "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920] "OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 07:59 1056768] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38 241664] "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-03-30 06:30 155648] "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-27 18:07 88364 C:\WINDOWS\AGRSMMSG.exe] "RivaTunerStartupDaemon"="C:\Ohjelmat\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 21:15 2576384] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "M1000Mnt"="M1000Rmv.exe" [] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "PCSuiteTrayApplication"="C:\Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] "F-Secure Manager"="C:\Program Files\PC Protection Plus\Common\FSM32.exe" [2007-04-26 19:12 183208] "F-Secure TNB"="C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208] "TalkAndWrite"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2008-01-15 20:14 3042816] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32] wintfj32.dll . 'Ajoitetut tehtävät'-kansion sisältö "2008-02-12 11:55:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 16:15:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\rlvacumd.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\rlvacumd.dll . Completion time: 2008-02-13 16:18:35 ComboFix-quarantined-files.txt 2008-02-13 14:18:29 . 2007-11-21 09:17:36 --- E O F ---
Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne.
File C:\WINDOWS\system32\XJXRJG.0LL infected by "Trojan-Proxy.Win32.Agent.df" Virus. Action Taken: File Deleted. File C:\Ohjelmat\YouTube FLV to AVI Suite Enerprise\data\libaccess.0xe infected by "Trojan.Win32.Agent.csy" Virus. Action Taken: File Deleted. File C:\Ohjelmat\YouTube FLV to AVI Suite Enerprise\Uninstall.0xe infected by "Trojan.Win32.Delf.axt" Virus. Action Taken: File Deleted. File C:\Program Files\Give4Free Plugin\uninstall.exe tagged as not-a-virus:AdWare.Win32.Chiem.c. No Action Taken. File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc28.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.g. No Action Taken. File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc61.exe tagged as not-a-virus:AdWare.Win32.WinAD.z. No Action Taken. File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc64.dll tagged as not-a-virus:AdWare.Win32.Midadle.b. No Action Taken. File C:\System Volume Information\_restore{EF7B9B72-035F-42A2-BDC2-6E27BDB1C4B7}\RP754\A0398863.0xe infected by "Trojan.Win32.Delf.axt" Virus. Action Taken: File Deleted. File C:\WINDOWS\Downloaded Program Files\webdlg32.dll tagged as not-a-virus:AdWare.Win32.SBSoft.g. No Action Taken. File G:\Poltteleppa levylle\Rompetta\tightvnc-1.3.9-setup.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1370. No Action Taken.
Empä nyt skannaile kun meni jo koko kone sekaisin ja jotain korjausasennusta tein niin sepä siinä formatoi koko koneenni prkkrlll!
