vissiinki taas tätä mese virusta... + HJT logi

Hencka · Jun 5, 2008

windowsin automaattiset päivitykset ei toimi...

HJT LOGI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:42, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection\Common\FSMA32.EXE
C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Protection\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PC Protection\Common\FCH32.EXE
C:\Program Files\PC Protection\Common\FAMEH32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection\FSPC\fspc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
C:\Program Files\PC Protection\FSAUA\program\fsus.exe
C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\PC Protection\FSGUI\ispnews.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\hencka666\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [{4A-A0-0B-BC-ZN}] C:\DOCUME~1\Sirkka\LOCALS~1\Temp\ComponentDownloader\17.ex_ P2D002
O4 - HKLM\..\Run: [Microsoft] fognyg.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Sirkka\Työpöytä\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AdVantage Setup] H:\BSplayer\AdVantageSetup.exe
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [BM7fc7938f] Rundll32.exe "C:\WINDOWS\system32\vtbyclsy.dll",s
O4 - HKLM\..\Run: [7cf4a013] rundll32.exe "C:\WINDOWS\system32\ataljooa.dll",b
O4 - HKLM\..\RunServices: [MSN Messenger] live.messenger.com
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Help.lnk = C:\Program Files\Postal2\Help.htm
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_all.htm
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)

--
End of file - 9996 bytes

Hujo · Jun 5, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Hencka · Jun 6, 2008

nonii! yks bropleema ainaki on nyt korjattu ku noi windowsin automaattiset päivitykset rupes toimimaan.

Tässä kuitenki viel tää Combofix logi

ComboFix 08-06-05.2 - Sirkka 2008-06-05 20:20:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.284 [GMT 3:00]
Running from: C:\Documents and Settings\Sirkka\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\#SharedObjects\N2XRHTHN\iforex.com
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\#SharedObjects\N2XRHTHN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\#SharedObjects\N2XRHTHN\www.broadcaster.com
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Sirkka\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\admintxt.txt
C:\WINDOWS\BM7fc7938f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aoojlata.ini
C:\WINDOWS\system32\ataljooa.dll
C:\WINDOWS\system32\bpvsemmu.ini
C:\WINDOWS\system32\djqbyeqa.ini
C:\WINDOWS\system32\gevmwang.exe
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\hpbxnfpq.dll
C:\WINDOWS\system32\hwmtjaxc.exe
C:\WINDOWS\system32\iddhpngm.ini
C:\WINDOWS\system32\iehxqdec.exe
C:\WINDOWS\system32\klmlkUtv.ini
C:\WINDOWS\system32\klmlkUtv.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qpfnxbph.ini
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\wfaerifq.exe
C:\WINDOWS\system32\wkmavwao.ini
C:\WINDOWS\system32\vpfeoucj.exe
C:\WINDOWS\system32\vtUklmlk.dll
C:\WINDOWS\system32\xbbcmovb.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-05 to 2008-06-05 )))))))))))))))))
.

2008-06-04 21:04 . 2008-06-04 21:04 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-04 09:57 . 2008-06-04 09:57 125,952 --a------ C:\WINDOWS\system32\vtbyclsy.0ll
2008-06-02 20:42 . 2008-06-02 20:42 125,952 --a------ C:\WINDOWS\system32\feqvqqaq.dll
2008-06-02 20:40 . 2008-06-02 20:40 125,952 --a------ C:\WINDOWS\system32\mvfmaoco.0ll
2008-06-01 16:36 . 2008-06-01 16:36 8 --a------ C:\WINDOWS\system32\7cf4b29d
2008-06-01 15:25 . 2008-06-01 15:25 133,120 --a------ C:\WINDOWS\system32\ybmtrctf.0ll
2008-06-01 15:20 . 2008-06-01 15:20 125,952 --a------ C:\WINDOWS\system32\rcmgjiky.0ll
2008-05-31 12:00 . 2008-05-31 12:00 133,120 --a------ C:\WINDOWS\system32\moesgayj.0ll
2008-05-31 11:56 . 2008-05-31 11:56 125,952 --a------ C:\WINDOWS\system32\grlljbvu.0ll
2008-05-30 07:20 . 2008-05-30 07:20 133,120 --a------ C:\WINDOWS\system32\njbfornv.0ll
2008-05-29 22:17 . 2008-05-31 11:52 706 ---hs---- C:\WINDOWS\system32\nfxqhvln.ini
2008-05-29 22:12 . 2008-05-29 22:12 125,952 --a------ C:\WINDOWS\system32\hewmktnl.0ll
2008-05-28 20:30 . 2008-05-28 20:30 133,120 --a------ C:\WINDOWS\system32\djiuxybs.0ll
2008-05-28 20:23 . 2008-05-28 20:23 125,952 --a------ C:\WINDOWS\system32\fibmmldp.0ll
2008-05-28 20:16 . 2008-05-28 20:16 57,344 --a------ C:\WINDOWS\system32\urqQjkjI.0ll
2008-05-28 16:06 . 2008-05-28 16:06 57,344 --a------ C:\WINDOWS\system32\awtrPiiG.0ll
2008-05-28 14:48 . 2008-05-28 14:48 57,344 --a------ C:\WINDOWS\system32\urqPjJDW.0ll
2008-05-28 07:03 . 2008-05-28 07:03 57,344 --a------ C:\WINDOWS\system32\iifebCtQ.0ll
2008-05-28 07:02 . 2008-05-29 09:02 96,768 -----c--- C:\is154890.0xe
2008-05-28 07:01 . 2008-05-28 14:48 40,960 --a--c--- C:\dciz.0xe
2008-05-27 20:45 . 2008-05-27 20:45 56,832 -r-hs---- C:\WINDOWS\winudspm.0xe
2008-05-27 20:45 . 2008-05-27 20:45 40,960 --a--c--- C:\dci.0xe
2008-05-26 20:30 . 2008-05-26 20:30 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-26 20:30 . 2008-05-27 08:57 <KANSIO> d-------- C:\Documents and Settings\Sirkka\Application Data\Audacity
2008-05-14 09:05 . 2008-05-14 09:05 <KANSIO> d-------- C:\Documents and Settings\Sirkka\Application Data\ifolor
2008-05-14 09:05 . 2008-05-14 09:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ifolor
2008-05-13 11:49 . 2008-05-13 11:49 3,072 --ahsc--- C:\Thumbs.db
2008-05-11 14:56 . 2008-05-13 11:49 <KANSIO> d----c--- C:\$CTJTMP
2008-05-11 14:56 . 2008-05-11 14:56 39 --a--c--- C:\CTJINI.INI
2008-05-10 17:53 . 2008-05-10 17:53 <KANSIO> d-------- C:\Documents and Settings\Sirkka\.thumbnails
2008-05-10 17:48 . 2008-05-26 18:23 <KANSIO> d-------- C:\Documents and Settings\Sirkka\.gimp-2.4
2008-05-10 17:45 . 2008-05-10 17:45 <KANSIO> d-------- C:\Program Files\GIMP-2.0
2008-05-06 21:15 . 2008-05-06 21:15 <KANSIO> d-------- C:\Program Files\Wanadoo Edition

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 17:41 --------- d-----w C:\Program Files\Steam
2008-06-03 15:57 --------- d-----w C:\Program Files\LimeWire
2008-06-03 15:57 --------- d-----w C:\Program Files\Incomplete
2008-05-26 15:15 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\gtk-2.0
2008-05-15 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-05 09:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 18:31 --------- d-----w C:\Program Files\WarRock
2008-04-27 08:59 --------- d-----w C:\Program Files\Ventrilo
2008-04-22 15:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 08:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-06 11:28 --------- d-----w C:\Program Files\OLYMPUS
2008-04-06 11:26 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-29 09:10 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-12-29 09:08 1,147 ---ha-w C:\Documents and Settings\Sirkka\hpothb07.dat
2007-12-29 09:07 0 ---ha-w C:\Documents and Settings\Sirkka\Application Data\hpothb07.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b2b6430-1eb5-4188-80d7-484dc65fa924}]
C:\WINDOWS\system32\diqowhhc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-29 21:01 1271032]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 16:59 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\PC Protection\Common\FSM32.exe" [2007-11-01 14:42 182936]
"F-Secure TNB"="C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" [2007-11-01 14:42 739936]
"News Service"="C:\Program Files\PC Protection\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"SoundMan"="SOUNDMAN.EXE" [2006-10-26 12:19 55296 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 23:43 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"PWRISOVM.EXE"="C:\Documents and Settings\Sirkka\Työpöytä\PowerISO\PWRISOVM.EXE" [ ]
"AdVantage Setup"="H:\BSplayer\AdVantageSetup.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows UDP Control"="winudspm.exe" []
"BM7fc7938f"="C:\WINDOWS\system32\vtbyclsy.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebCtQ]
iifebCtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtUklmlk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hencka666\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hencka666\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hencka666\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\danc3\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hencka666\\deathmatch classic\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hencka666\\source sdk base\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11396:TCP"= 11396:TCP:BitComet 11396 TCP
"11396:UDP"= 11396:UDP:BitComet 11396 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 16:58]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Protection\HIPS\fshs.sys [2008-02-13 17:06]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Protection\Anti-Virus\minifilter\fsgk.sys [2007-11-01 14:42]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 22:06]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 14:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys [2007-11-01 14:42]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-31 17:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-02-09 07:14:39 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1161929320.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-05 10:01:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCPROT~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCPROT~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:39:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection\Common\FSMA32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsgk32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Protection\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PC Protection\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\PC Protection\Common\FAMEH32.EXE
C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection\FWES\program\fsdfwd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-05 21:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 18:09:44

Pre-Run: 4,781,649,920 tavua vapaana
Post-Run: 6,919,720,960 tavua vapaana

214 --- E O F --- 2008-05-16 15:59:51

Hujo · Jun 6, 2008

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\winudspm.0xe
C:\dci.0xe
C:\WINDOWS\system32\vtbyclsy.dll

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===========

scannaa uusi hjt:n loki myös viimisenä

Log in or Sign up

vissiinki taas tätä mese virusta... + HJT logi

Hencka Guest

Hujo Guest

Hencka Guest

Hujo Guest

Share This Page

Log in or Sign up

vissiinki taas tätä mese virusta... + HJT logi

Hencka Guest

Hujo Guest

Hencka Guest

Hujo Guest

Share This Page

Useful Searches