Logfile of HijackThis v1.99.1 Scan saved at 14:33:13, on 1.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\fswsclds.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Dan\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Toivottavasti loki on riittävä ja joku asiantunteva osaisi neuvoa, tosiaan troijalainen koneella on kaspersky online scannerin mukaan.
ajas tuolla Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken. tos oli escannin löydöt alaboksist, ilmeisesti mirc client... escannin varsinaine scanlog on iha järkyttävän pitkä ja kun yritin sitä liittää nii selain jääty, sitä ei kai ollut tarkoituskaan tähän pistää? Mutta tässä sen aikaseimmin ajamani Kaspersky online scannerin löydöt: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, March 01, 2008 2:31:55 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 1/03/2008 Kaspersky Anti-Virus database records: 591615 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 53978 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 00:48:15 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07062007-165828.log Object is locked skipped C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\dfsr.db Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsr.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsrtmp.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\tmp.edb Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\MSHist012008030120080302\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF6977.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000008.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\F-Secure\Common\policy.ipf Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1AB336CA-CF43-4B3A-B09F-DDDA80BB5E75}\RP60\A0004211.0XE Infected: Trojan-Downloader.Win32.Winlagons.af skipped C:\System Volume Information\_restore{1AB336CA-CF43-4B3A-B09F-DDDA80BB5E75}\RP60\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{92092395-6655-42CE-91E0-8BDB7955AED4}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
ComboFix 08-03-01.3 - Dan 2008-03-01 16:24:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1439 [GMT 2:00] Running from: C:\Documents and Settings\Dan\Työpöytä\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-01 to 2008-03-01 ))))))))))))))))) . 2008-03-01 12:25 . 2008-03-01 15:49 0 --a------ C:\23990098.$$$ 2008-03-01 09:41 . 2008-03-01 09:43 <KANSIO> d-------- C:\Bases 2008-03-01 09:40 . 2008-03-01 09:44 <KANSIO> d-------- C:\Kaspersky 2008-03-01 09:24 . 2008-03-01 09:24 <KANSIO> d-------- C:\Documents and Settings\Dan\Application Data\Grisoft 2008-03-01 09:24 . 2008-03-01 09:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-01 09:24 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-29 11:51 . 2008-02-29 11:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-29 11:51 . 2008-02-29 11:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-16 16:17 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-02-16 16:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-16 16:17 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-16 16:17 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-02-12 17:53 . 2008-03-01 16:12 <KANSIO> d-------- C:\Program Files\Steam 2008-02-08 01:55 . 2008-02-08 01:55 <KANSIO> d-------- C:\WINDOWS\system32\Lang 2008-02-08 01:55 . 2008-02-08 01:55 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-02-08 01:55 . 2008-02-08 01:55 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-02-08 01:51 . 2008-02-08 01:51 <KANSIO> d-------- C:\WINDOWS\system32\RTCOM 2008-02-08 01:50 . 2007-07-05 10:08 16,380,416 -r------- C:\WINDOWS\RTHDCPL.exe 2008-02-08 01:50 . 2007-03-23 13:19 9,715,200 -r------- C:\WINDOWS\RTLCPL.exe 2008-02-08 01:50 . 2007-07-18 13:26 4,547,584 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-02-08 01:50 . 2007-06-15 10:45 1,826,816 -r------- C:\WINDOWS\SkyTel.exe 2008-02-08 01:50 . 2007-01-16 04:39 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe 2008-02-08 01:50 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl 2008-02-08 01:49 . 2008-02-08 01:49 <KANSIO> d-------- C:\Program Files\Realtek 2008-02-08 01:49 . 2006-05-04 10:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2008-02-08 01:49 . 2007-06-28 10:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe 2008-02-08 01:49 . 2007-01-12 10:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll 2008-02-08 01:49 . 2008-02-08 01:49 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-02-08 01:49 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-02-08 01:38 . 2008-02-08 01:38 <KANSIO> d-------- C:\WINDOWS\nview 2008-02-08 01:38 . 2007-10-28 10:52 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-02-08 01:38 . 2008-02-08 01:38 161,371 --a------ C:\WINDOWS\system32\nvapps.xml 2008-02-08 01:38 . 2007-10-28 10:52 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-02-08 01:37 . 2007-10-28 18:02 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-02-08 01:27 . 2008-02-08 01:27 <KANSIO> d-------- C:\Intel 2008-02-08 01:27 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-02-08 01:25 . 2008-02-08 01:49 15,600 --a------ C:\WINDOWS\gdrv.sys 2008-02-08 01:14 . 2004-09-15 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-02-08 01:13 . 2004-09-15 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-02-08 01:11 . 2008-02-08 01:11 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-02-08 01:11 . 2008-02-08 01:11 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-02-08 01:11 . 2008-02-08 01:11 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-02-08 01:11 . 2008-02-08 01:11 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-02-08 01:11 . 2008-02-08 01:11 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-02-02 19:34 . 2008-02-02 19:34 <KANSIO> d-------- C:\Program Files\uTorrent . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 00:24 --------- d-----w C:\Documents and Settings\Dan\Application Data\uTorrent 2008-02-18 17:51 --------- d-----w C:\Program Files\World of Warcraft 2008-02-14 17:45 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-12 21:09 --------- d-----w C:\Program Files\Last.fm 2008-02-07 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-28 20:45 --------- d-----w C:\Program Files\mIRC 2008-01-03 19:29 --------- d-----w C:\Program Files\GameSpy Arcade 2008-01-02 22:30 --------- d-----w C:\Program Files\Warcraft III 2004-10-01 13:00 40,960 -c--a-w C:\Program Files\UNINSTALL_CDS.0XE . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 17:25 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-13 17:02 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 15:24 106571] "razertra"="C:\Program Files\Razer\razertra.exe" [2004-10-10 17:21 208896] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 21:37 188416] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39 77824] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-16 14:02 155648] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 07:02 1838592] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 16:51 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 10:52 8531968] "nwiz"="nwiz.exe" [2007-10-28 10:52 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 10:52 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360] C:\Documents and Settings\Dan\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-03 02:06:23 106496] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-08-03 22:08:28 169472] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-14 13:05:45 118784] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-08-03 21:49:29 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"= C:\WINDOWS\system32\ioctrl.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10184:TCP"= 10184:TCP:BitComet 10184 TCP "10184:UDP"= 10184:UDP:BitComet 10184 UDP R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 10:05] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 10:05] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2005-08-03 21:10] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2002-04-23 12:23] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-08-04 06:17] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2002-04-23 12:23] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-12-05 15:24] R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2005-08-04 06:17] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-08 01:49] S3 HwIOctl;HwIOctl;C:\Program Files\Setup Files\MS-6728 v3.A0\HwIOctl.sys [] S3 Memctl;Memctl;C:\Program Files\Setup Files\MS-6728 v3.A0\Memctl.sys [] S3 PciCon;PciCon;D:\PciCon.sys [] . 'Ajoitetut tehtävät'-kansion sisältö "2008-03-01 14:12:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 16:28:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-01 16:29:31 . 2008-03-01 01:02:15 --- E O F ---
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE =========== 1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
merkkailin noista noi 3 ylimmäistä mutta O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE ei meinaa tosta löytyä, eli mikä neuvoksi?
Logfile of HijackThis v1.99.1 Scan saved at 16:49:09, on 1.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\fswsclds.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\WINDOWS\system32\LVComS.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Dan\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Sat Mar 01 17:45:15 2008 => Checking for Novarg Virus... Sat Mar 01 17:45:15 2008 => Checking for Pagabot Virus... Sat Mar 01 17:45:15 2008 => Checking for Parite.b Virus... Sat Mar 01 17:45:16 2008 => Checking for Parite.a Virus... Sat Mar 01 17:45:16 2008 => ***** Scanning complete. ***** Sat Mar 01 17:45:16 2008 => Total Number of Files Scanned: 49157 Sat Mar 01 17:45:16 2008 => Total Number of Virus(es) Found: 1 Sat Mar 01 17:45:16 2008 => Total Number of Disinfected Files: 0 Sat Mar 01 17:45:16 2008 => Total Number of Files Renamed: 0 Sat Mar 01 17:45:16 2008 => Total Number of Deleted Files: 0 Sat Mar 01 17:45:16 2008 => Total Number of Errors: 6 Sat Mar 01 17:45:16 2008 => Time Elapsed: 00:49:24 Sat Mar 01 17:45:16 2008 => Virus Database Date: 2008/03/01 Sat Mar 01 17:45:16 2008 => Virus Database Count: 591405 Sat Mar 01 17:45:16 2008 => Scan Completed. File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken. escannin tulokset
Kasperskyn online skanni väittäs et koneella on vieläkin yks troijalainen. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, March 01, 2008 7:57:13 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 1/03/2008 Kaspersky Anti-Virus database records: 592239 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 51556 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 00:48:14 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07062007-165828.log Object is locked skipped C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\dfsr.db Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsr.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsrtmp.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\tmp.edb Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows Live Contacts\danvalli2@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows Live Contacts\danvalli2@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\MSHist012008030120080302\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF1331.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF13DC.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF613D.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DFABBC.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DFABF2.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Dan\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\3DO\Heroes 3 Complete\Data\H3ab_bmp.lod Object is locked skipped C:\Program Files\3DO\Heroes 3 Complete\Data\H3ab_spr.lod Object is locked skipped C:\Program Files\3DO\Heroes 3 Complete\Data\H3bitmap.lod Object is locked skipped C:\Program Files\3DO\Heroes 3 Complete\Data\H3sprite.lod Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000008.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\F-Secure\Common\policy.ipf Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1AB336CA-CF43-4B3A-B09F-DDDA80BB5E75}\RP60\A0004211.0XE Infected: Trojan-Downloader.Win32.Winlagons.af skipped C:\System Volume Information\_restore{1AB336CA-CF43-4B3A-B09F-DDDA80BB5E75}\RP61\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{11518EED-7401-4D14-8E45-E596C0CAD3CF}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
et näyttä ajavan tuolla minkä laitoin 1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
Joo eli viimeisimpien skannien mukaan tuo troija ois nyt vihdoinkin saatu koneelta putsattua, kiitoksia Hujo avusta. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 02, 2008 4:01:29 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/03/2008 Kaspersky Anti-Virus database records: 593570 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 49577 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 00:46:21 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07062007-165828.log Object is locked skipped C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\dfsr.db Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsr.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\fsrtmp.log Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Messenger\danvalli2@hotmail.com\SharingMetadata\Working\database_1AA0_6BB9_A06B_9A51\tmp.edb Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows Live Contacts\danvalli2@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Sivuhistoria\History.IE5\MSHist012008030220080303\index.dat Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF9591.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DF95CA.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temp\~DFFA0.tmp Object is locked skipped C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Dan\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000008.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\F-Secure\Common\policy.ipf Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped C:\Program Files\Steam\Steam.log Object is locked skipped C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1AB336CA-CF43-4B3A-B09F-DDDA80BB5E75}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{AE985DC0-B8BF-4A4B-822F-D8A3A5B2245E}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
