Logfile of HijackThis v1.99.1 Scan saved at 13:59:58, on 12.2.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HDD Health\hddhealth.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\UltimateZip 2.7\uzqkst.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\Documents and Settings\Administrator.käyttäjä-KMYZEF\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: nvdesk32.dll MsgPlusLoader.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Kiitoksia etukäteen.
Laita ensiksi se Hjt C-aseman juureen, eli C:\hijackthis\hijackthsi.exe, ja kerro onko koneella jotakin ongelmaa?
Poista ohjauspaneelista: SurfAccuracy (Nimessä voi olla merkkejä) Niin tuo HJT C:n juureen ja fixaas nämä: R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe Jos et käytä Windows-meseä niin fixaa tämä: 04 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Sitten poista tämä: C:\Program Files\[bold]SurfAccuracy[/bold]<--- KANSIO Muuten on ok. Fixaa nuo käynnistä kone uudelleen ja pistä uusi loki foralle.
Pitää käskeä siirtään tuo hjt oikeaan paikkaan. Escan löysi noin 192 virusta/spywaree ja poisti niistä 150, tämän perusteella ajattelin, että on jotakin vialla.
Et sattunut tallentamaan sitä eScanin raporttia? Skannaa joka tapauksessa Ewidolla, sillä eScan ei poista spy/malwarea, se vain löytää sitä. Tuossa ohjeet Ewidoon > http://keskustelu.afterdawn.com/thread_view.cfm/269186 Tee ohjeiden mukaan ja lähetä sen raportti tänne.
Tässä olisi escan raportti: File C:\PROGRA~1\SURFAC~1\SAcc.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken. File C:\Documents and Settings\Administrator.Käyttäjä\Local Settings\Temp\upd.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken. File C:\Documents and Settings\Administrator.Käyttäjä-KMYZEF\Local Settings\Temporary Internet Files\Content.IE5\4DMNSTM3\WinFixerScannerInstall[1].exe tagged as not-a-virusownloader.Win32.Agent.f. No Action Taken. File C:\Program Files\FinnishIRC XP\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\062A6A8B tagged as not-a-virus:AdWare.Win32.SaveNow.ab. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18AD4C6D tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\209450D8 tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20FA46E0 tagged as not-a-virus:AdWare.Win32.Lop.e. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\232C7E35 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\232F2831 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2333522E tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\270E5844 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DD188B tagged as not-a-virus:AdWare.Win32.F1Organizer.h. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2907755E tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29A87271 tagged as not-a-virus:AdWare.Win32.AdMir.a. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29AB1C6E tagged as not-a-virus:AdWare.Win32.Lop.e. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29B51A63 tagged as not-a-virus:AdWare.Win32.Lop.e. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29C56C51 tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29D21443 tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2C240CD7 tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36834E13 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CE76329 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CEB0D25 tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5BA905EA tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5BAD2FE6 tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5BE5780E tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\633F175E tagged as not-a-virus:AdWare.Win32.Wintol.p. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\659341F6 tagged as not-a-virus:AdWare.Win32.Lop.e. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71EC6AD6 tagged as not-a-virus:AdWare.Win32.Lop.e. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AD53D54 tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D2F69C3 tagged as not-a-virus:AdWare.Win32.VB.f. No Action Taken. File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F9D2D55 tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken. File C:\Program Files\SurfAccuracy\SAcc.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken. File D:\Setuppeja\FircXP.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. File D:\Setuppeja\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. File D:\Viihde\Musiikkia\media share folder\kipaleet\mirc61.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken. File G:\WINDOWS\SYSTEM32\msbb321.dll tagged as not-a-virus:AdWare.Win32.180Solutions. No Action Taken. File G:\WINDOWS\SYSTEM32\bde3dref3K7.dll tagged as not-a-virus:AdWare.Win32.BrilliantDigital.35684. No Action Taken. File G:\WINDOWS\SYSTEM32\reg2.exe tagged as not-a-virus:AdWare.Win32.SideBar.a. No Action Taken. File G:\WINDOWS\SYSTEM32\BO2802040113.dll tagged as not-a-virus:AdWare.Win32.VirtualBouncer.d. No Action Taken. File G:\WINDOWS\NDNuninstall5_64.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\WINDOWS\NDNuninstall6_10.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\WINDOWS\NDNuninstall4_50.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\WINDOWS\NDNuninstall4_80.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\WINDOWS\NDNuninstall4_88.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\WINDOWS\NDNuninstall5_48.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File G:\Ohjelmatiedostot\MediaLoads\v1\ML.exe tagged as not-a-virus:AdWare.Win32.DownloadWare. No Action Taken. File G:\Documents and Settings\All Users\Application Data\DelFin\PromulGate\patchme.exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.h. No Action Taken.
Poista ohjauspaneelista, jos on: MediaLoads SurfAccuracy Tyhjennä hakemistot: C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine C:\Documents and Settings\Administrator.Käyttäjä\Local Settings\Temp C:\Documents and Settings\Administrator.Käyttäjä-KMYZEF\Local Settings\Temporary Internet Files Poista nämä: C:\PROGRA~1\SURFAC~1 G:\WINDOWS\SYSTEM32\msbb321.dll G:\WINDOWS\SYSTEM32\bde3dref3K7.dll G:\WINDOWS\SYSTEM32\reg2.exe G:\WINDOWS\SYSTEM32\BO2802040113.dll G:\Ohjelmatiedostot\MediaLoads + kaikki NDNuninstallerit
