Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:59:58, on 3.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\SwiftSwitch\SwiftSwitch.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [isp8311~@#] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ir_ext_temp_8\AutoPlay\Docs\isp8311.exe O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\License Wma.exe O4 - HKLM\..\Run: [Bird Fork Eq Bows] C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast\ATOM MPEG MEOW.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Link Okay] C:\DOCUME~1\Omistaja\APPLIC~1\AMOKJO~1\Cdrom Show Dash.exe O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Löytyykö jotain vikoja ym?
Avaa ohjauspaneelin lisää/poista sovellus ja poista bitdownload.. katso http://www.siteadvisor.com/sites/bitdownload.org?ref=safesearch&aff_id=0 Hijackthissillä muut ohjelmat suljettuna! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Unknown O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\License Wma.exe Unknown O4 - HKLM\..\Run: [Bird Fork Eq Bows] C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast\ATOM MPEG MEOW.exe O4 - HKCU\..\Run: [Link Okay] C:\DOCUME~1\Omistaja\APPLIC~1\AMOKJO~1\Cdrom Show Dash.exe Unknown O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized Merkkaa nuo rivit ja paina FIX CHECKED ========= Lataa ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) ========== Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä... http://www.spywareedge.net/nolop/NoLop.exe1 http://www.spywaretimes.com/Tools/Download/Anti-malwareToolsLinkki http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16 * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen * Tuplaklikkaa NoLop.exe ajaaksesi sen * Klikkaa nappulaa "Search and Destroy" <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>> * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK * Klikkaa "REBOOT"-painiketta. * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera. -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. -- ======= 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. siis 1. Nolopin logi 2. Combofixin logi 3. Uusi hijackthis logi
NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\Omistaja\Työpöytä [3.8.2007] [13:06:50] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\EB7007AD97CBC3A9.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Cast Ping Base Frag -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Cyberlink C:\Documents and Settings\All Users\Application Data\F-secure C:\Documents and Settings\All Users\Application Data\Fssg C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Nvidia C:\Documents and Settings\All Users\Application Data\Support.com C:\Documents and Settings\All Users\Application Data\Swiftswitch C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Omistaja\Application Data\Adobe C:\Documents and Settings\Omistaja\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Omistaja\Application Data\Amokjoycorn C:\Documents and Settings\Omistaja\Application Data\Anvil Studio C:\Documents and Settings\Omistaja\Application Data\Apple Computer C:\Documents and Settings\Omistaja\Application Data\Azureus C:\Documents and Settings\Omistaja\Application Data\Bitdownload C:\Documents and Settings\Omistaja\Application Data\Bsplayer C:\Documents and Settings\Omistaja\Application Data\Bsplayer Pro C:\Documents and Settings\Omistaja\Application Data\Cyberlink C:\Documents and Settings\Omistaja\Application Data\Divx C:\Documents and Settings\Omistaja\Application Data\Extrafilm C:\Documents and Settings\Omistaja\Application Data\F-secure C:\Documents and Settings\Omistaja\Application Data\Google C:\Documents and Settings\Omistaja\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Omistaja\Application Data\Identities C:\Documents and Settings\Omistaja\Application Data\Ijjigame C:\Documents and Settings\Omistaja\Application Data\Lavasoft C:\Documents and Settings\Omistaja\Application Data\Limewire C:\Documents and Settings\Omistaja\Application Data\Macromedia C:\Documents and Settings\Omistaja\Application Data\Microsoft C:\Documents and Settings\Omistaja\Application Data\Mozilla C:\Documents and Settings\Omistaja\Application Data\Real C:\Documents and Settings\Omistaja\Application Data\Sun C:\Documents and Settings\Omistaja\Application Data\Systemrequirementslab C:\Documents and Settings\Omistaja\Application Data\Utorrent C:\Documents and Settings\Omistaja\Application Data\X-chat 2 C:\Documents and Settings\Vieras\Application Data\Identities C:\Documents and Settings\Vieras\Application Data\Macromedia C:\Documents and Settings\Vieras\Application Data\Microsoft C:\Documents and Settings\Vieras\Application Data\Mozilla ----------------------------------------------------------------- ComboFix 07-08-03.4 - "Omistaja" 2007-08-03 13:14:00.1 [GMT 3:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.Tosi ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-03 13:13 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-03 13:04 <KANSIO> d-------- C:\NoLopBackups 2007-08-03 01:52 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-31 14:38 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-07-31 14:35 <KANSIO> d--h----- C:\DOCUME~1\Omistaja\APPLIC~1\IJJIGame 2007-07-29 22:53 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BitDownload 2007-07-29 22:53 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Manager Thunk Bows Cast 2007-07-29 22:53 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag 2007-07-29 22:52 <KANSIO> d-------- C:\Program Files\AmokJoyCorn 2007-07-29 22:52 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\AmokJoyCorn 2007-07-28 17:39 <KANSIO> d-------- C:\Program Files\Guitar Pro 5 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\Shared 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\Incomplete 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\LimeWire 2007-07-28 11:46 <KANSIO> d-------- C:\Program Files\LimeWire 2007-07-19 12:29 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\ExtraFilm 2007-07-19 12:28 <KANSIO> d-------- C:\Program Files\ExtraFilm Kotona 2007-07-19 00:22 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\X-Chat 2 2007-07-19 00:21 <KANSIO> d-------- C:\Program Files\xchat 2007-07-18 21:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-07-08 19:33 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_34 2007-07-08 19:31 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32 2007-07-07 15:01 <KANSIO> d-------- C:\Program Files\SwiftSwitch 2007-07-03 02:00 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\SystemRequirementsLab (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-03 02:26 --------- d-------- C:\Program Files\eMule 2007-08-03 02:26 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent 2007-08-03 02:26 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Azureus 2007-07-11 11:38 78066 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 11:38 381490 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-06-30 18:39 --------- d-------- C:\Program Files\DivX 2007-06-29 22:08 --------- d-------- C:\Program Files\Motherboard Monitor 5 2007-06-29 18:36 --------- d-------- C:\Program Files\OpenOffice.org1.1.4 2007-06-29 18:12 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-05-31 09:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-31 09:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 09:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 09:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 09:44 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 10:54 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 05:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-28 12:02] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2006-11-22 16:54] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2006-11-22 16:54] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22] "ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm Kotona\Agent.exe" [2005-05-27 17:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ NoLop.exe [2007-08-03 13:02:23] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\F-Secure\HIPS\fshs.sys R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys S3 dump_wmimmc;dump_wmimmc;\??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS S3 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys S3 NTACCESS;NTACCESS;\??\D:\NTACCESS.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d34e2575-7e17-11da-9d1d-806d6172696f}] AutoRun\command- D:\Setup.exe Contents of the 'Scheduled Tasks' folder 2007-08-03 09:42:49 C:\WINDOWS\Tasks\Scheduled scanning task.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 13:15:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-03 13:18:35 --- E O F --- ---------------------------------------------------------------------- Ja lopuksi vielä uus hjt loki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:20:18, on 3.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: NoLop.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6431 bytes
avaa hijackthis merkkaa ja paina fixchecked O4 - Global Startup: NoLop.exe ======= Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne: Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu) Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. ======= Tarkista koneesi F-Securen online skannerilla Huom, skanneri toimii vain Internet Explorer selaimella * Lue sivun ohjeet huolella läpi * Klikkaa Start scanning * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna * Klikkaa Accept * Klikkaa Custom Scan * Säädä asetukset seuraavasti o "Virus Scan Option" kohdasta valitse Scan whole system o "Other Scan Option" kohdasta valitse Scan All Files o Valitse Scan whole system for rootkits o Valitse Scan whole system for spyware o Laita ruksi kohtaan Scan inside archives o Varmista että Use advanced heuristics on valittuna * Klikkaa Start * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu * Odota kärsivällisesti * Kun sakannaus on suoritettu, klikkaa Automatic cleaning * Klikkaa Show Report * Raportti aukeaa selaimessa, kopioi teksti kokonaan * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle * Voit sulkea skannerin * Lähetä raportti viestiketjuusi
F-secure online scannerin laitan hieman myöhemmin, koska nyt hieman kiire. Tossa olis kuitenkin tuo ComboFix ComboFix 07-08-03.4 - "Omistaja" 2007-08-03 15:51:50.2 [GMT 3:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.Tosi Command switches used :: C:\Documents and Settings\Omistaja\Ty”p”yt„\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Omistaja\APPLIC~1\AmokJoyCorn C:\DOCUME~1\Omistaja\APPLIC~1\AmokJoyCorn\0 C:\Documents and Settings\All Users\Application Data\Cast Ping Base Frag C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-03 13:13 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-03 13:04 <KANSIO> d-------- C:\NoLopBackups 2007-08-03 01:52 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-31 14:38 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-07-31 14:35 <KANSIO> d--h----- C:\DOCUME~1\Omistaja\APPLIC~1\IJJIGame 2007-07-29 22:53 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BitDownload 2007-07-29 22:52 <KANSIO> d-------- C:\Program Files\AmokJoyCorn 2007-07-28 17:39 <KANSIO> d-------- C:\Program Files\Guitar Pro 5 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\Shared 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\Incomplete 2007-07-28 11:47 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\LimeWire 2007-07-28 11:46 <KANSIO> d-------- C:\Program Files\LimeWire 2007-07-19 12:29 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\ExtraFilm 2007-07-19 12:28 <KANSIO> d-------- C:\Program Files\ExtraFilm Kotona 2007-07-19 00:22 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\X-Chat 2 2007-07-19 00:21 <KANSIO> d-------- C:\Program Files\xchat 2007-07-18 21:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-07-08 19:33 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_34 2007-07-08 19:31 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32 2007-07-07 15:01 <KANSIO> d-------- C:\Program Files\SwiftSwitch 2007-07-03 02:00 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\SystemRequirementsLab (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-03 02:26 --------- d-------- C:\Program Files\eMule 2007-08-03 02:26 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent 2007-08-03 02:26 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Azureus 2007-07-11 11:38 78066 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 11:38 381490 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-06-30 18:39 --------- d-------- C:\Program Files\DivX 2007-06-29 22:08 --------- d-------- C:\Program Files\Motherboard Monitor 5 2007-06-29 18:36 --------- d-------- C:\Program Files\OpenOffice.org1.1.4 2007-06-29 18:12 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-05-31 09:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-31 09:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 09:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 09:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 09:44 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 10:54 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 05:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-28 12:02] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2006-11-22 16:54] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2006-11-22 16:54] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22] "ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm Kotona\Agent.exe" [2005-05-27 17:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ NoLop.exe [2007-08-03 13:02:23] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\F-Secure\HIPS\fshs.sys R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys S3 dump_wmimmc;dump_wmimmc;\??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS S3 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys S3 NTACCESS;NTACCESS;\??\D:\NTACCESS.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d34e2575-7e17-11da-9d1d-806d6172696f}] AutoRun\command- D:\Setup.exe *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-08-03 09:42:49 C:\WINDOWS\Tasks\Scheduled scanning task.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 15:53:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-03 15:54:07 C:\ComboFix-quarantined-files.txt ... 2007-08-03 15:53 C:\ComboFix2.txt ... 2007-08-03 13:18 --- E O F ---
Juups.. eli laita uusi hjtlogi ja f-securen raportti poista myös tää kansio C:\Program Files\AmokJoyCorn
