HjT logi syynäiltäväksi.

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

keskiviikko 12.11.2025 / 09:26

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi syynäiltäväksi.

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

HjT logi syynäiltäväksi.

Siirry:

Kirjoittaja

Viesti

73r0

Newbie

12. helmikuuta 2008 @ 22:33

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 22:06:37, on 12.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\FSPC\fspc.exe
C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system\wcdvtray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\Documents and Settings\All Users\Application

Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
C:\Ohjelmat\Diskkeeper 2008\DkService.exe
C:\Ohjelmat\Winamp\winamp.exe
C:\Ohjelmat\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3...Q304&bd=pavilio

n&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3...Q304&bd=pavilio

n&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3...Q304&bd=pavilio

n&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: load=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Ohjelmat\FLV

Downloader\MoyeaCth.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program

files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program

Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common

Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Ohjelmat\RivaTuner v2.0 Final

Release\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Ohjelmat\Nokia PC Suite\Nokia PC

Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection

Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection

Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application

Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash

/minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - Startup: Laajakaesta.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program

Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01}

- C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pc protection

plus\fsps\program\fslsp.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdat...t/wuweb_site.ca

b?1163245222296
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D06FC3-7AAB-4962-82C4-0E5E6070B0CE}:

NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{80C36B8B-D4A0-4044-891B-FD459D2D0E00}:

NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1FC61D2-58E7-4036-95AF-10D3F249E3AE}:

NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O21 - SSODL: gAwJOzNOL - {A087D4B4-0A2D-7E1E-B48D-E3A899D9ED2C} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common

Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Ohjelmat\Diskkeeper

2008\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation

- C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation -

C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation

- C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection

Plus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner -

C:\Ohjelmat\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown

owner - C:\Ohjelmat\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -

C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe

[ + lainaa]

Hujo

Suspended permanently

12. helmikuuta 2008 @ 23:47

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

73r0

Newbie

13. helmikuuta 2008 @ 16:41

Linkki tähän viestiin

ComboFix 08-02-13.2 - Omistaja 2008-02-13 16:09:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.925 [GMT 2:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\mmediacodec
C:\setup.exe
C:\WINDOWS\hosts
C:\WINDOWS\secure32.html
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 )))))))))))))))))
.

2008-02-12 22:52 . 2008-02-12 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 22:52 . 2008-02-12 22:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 16:16 . 2008-02-12 16:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-12 11:03 . 2008-02-12 11:03 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-09 01:56 . 2008-02-09 01:56 268 --ah----- C:\sqmdata16.sqm
2008-02-09 01:56 . 2008-02-09 01:56 244 --ah----- C:\sqmnoopt16.sqm
2008-02-08 22:44 . 2008-02-08 22:44 268 --ah----- C:\sqmdata15.sqm
2008-02-08 22:44 . 2008-02-08 22:44 244 --ah----- C:\sqmnoopt15.sqm
2008-01-30 23:14 . 2008-01-30 23:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\VRCGameUpdater
2008-01-20 19:31 . 2008-01-20 19:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\MoyeaFLV2Video
2008-01-20 00:20 . 2008-01-20 00:20 268 --ah----- C:\sqmdata14.sqm
2008-01-20 00:20 . 2008-01-20 00:20 244 --ah----- C:\sqmnoopt14.sqm
2008-01-19 03:45 . 2008-01-19 03:45 268 --ah----- C:\sqmdata13.sqm
2008-01-19 03:45 . 2008-01-19 03:45 244 --ah----- C:\sqmnoopt13.sqm
2008-01-17 22:36 . 2008-01-21 20:42 30 --a------ C:\WINDOWS\kaska.san
2008-01-16 17:29 . 2005-01-04 17:12 1,845,243 --a------ C:\WINDOWS\system32\haspds_windows.dll
2008-01-16 17:29 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-01-16 17:29 . 2001-09-28 18:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-01-16 17:29 . 2004-08-03 13:44 24,576 --a------ C:\WINDOWS\system32\hdsuinst.exe
2008-01-15 20:14 . 2008-01-15 20:14 81,920 --a------ C:\WINDOWS\system32\emfxp.dll
2008-01-15 20:14 . 2008-01-15 20:14 49,152 --a------ C:\WINDOWS\system32\unpdf.exe
2008-01-15 15:58 . 2008-01-15 15:58 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Thinstall
2008-01-15 15:41 . 2008-01-15 15:51 <KANSIO> d-------- C:\Program Files\Autodesk
2008-01-13 23:14 . 2008-02-13 16:02 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-01-13 23:14 . 2008-01-13 23:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-13 23:13 . 2008-01-13 23:13 <KANSIO> d-------- C:\Program Files\Skype
2008-01-13 23:13 . 2008-01-13 23:13 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2008-01-13 23:12 . 2008-01-13 23:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 12:42 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-13 08:01 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-02-10 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 21:18 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\My Games
2008-02-10 21:14 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 20:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\gtk-2.0
2008-01-31 22:35 98,304 ----a-w C:\WINDOWS\DUMPb76f.tmp
2008-01-31 22:29 98,304 ----a-w C:\WINDOWS\DUMPa330.tmp
2008-01-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VRCGameUpdater
2008-01-30 13:25 98,304 ----a-w C:\WINDOWS\DUMP0450.tmp
2008-01-29 12:23 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2008-01-24 22:29 98,304 ----a-w C:\WINDOWS\DUMP24d8.tmp
2008-01-24 15:52 98,304 ----a-w C:\WINDOWS\DUMP0bd2.tmp
2008-01-21 18:43 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-01-19 18:42 --------- d-s---w C:\Program Files\Xfire
2008-01-15 13:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-11 00:29 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-09 20:11 --------- d-----w C:\Program Files\PC Protection Plus
2008-01-09 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-01-06 20:16 98,304 ----a-w C:\WINDOWS\DUMPa73c.tmp
2008-01-01 13:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-31 19:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Inkscape
2007-12-30 18:55 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-30 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-30 18:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-30 18:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-29 22:32 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 00:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Moyea
2007-12-23 10:03 --------- d-----w C:\Program Files\VstPlugins
2007-11-18 17:25 14,030 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-12-30 16:08 263,576 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-11-22 10:23 82,432 --sha-r C:\Documents and Settings\Omistaja\Application Data\uhj?.exe
2003-11-03 14:07 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-11-03 14:07 348,160 ----a-w C:\Program Files\msvcr71.dll
2003-05-30 06:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 00:40 487,424 ----a-w C:\Program Files\msvcp70.dll
2005-01-06 00:59 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-05-26 19:08 56 --sh--r C:\WINDOWS\system32\98CCDA26BE.sys
.
Files Infected - Win32.Agent.zb
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768]
"DAEMON Tools"="C:\Ohjelmat\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 02:34 192512]
"VTTimer"="VTTimer.exe" []
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 07:59 1056768]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38 241664]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-03-30 06:30 155648]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-27 18:07 88364 C:\WINDOWS\AGRSMMSG.exe]
"RivaTunerStartupDaemon"="C:\Ohjelmat\RivaTuner v2.0 Final Release\RivaTuner.exe" [2006-12-24 21:15 2576384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"M1000Mnt"="M1000Rmv.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"PCSuiteTrayApplication"="C:\Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"F-Secure Manager"="C:\Program Files\PC Protection Plus\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"TalkAndWrite"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2008-01-15 20:14 3042816]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Ohjelmat\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-02-12 11:55:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 16:15:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rlvacumd.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\rlvacumd.dll
.
Completion time: 2008-02-13 16:18:35
ComboFix-quarantined-files.txt 2008-02-13 14:18:29
.
2007-11-21 09:17:36 --- E O F ---

[ + lainaa]

Hujo

Suspended permanently

13. helmikuuta 2008 @ 22:23

Linkki tähän viestiin

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

[ + lainaa]

Voiko tietsikka koskaan toimia?

73r0

Newbie

16. helmikuuta 2008 @ 19:24

Linkki tähän viestiin

File C:\WINDOWS\system32\XJXRJG.0LL infected by "Trojan-Proxy.Win32.Agent.df" Virus. Action Taken: File Deleted.
File C:\Ohjelmat\YouTube FLV to AVI Suite Enerprise\data\libaccess.0xe infected by "Trojan.Win32.Agent.csy" Virus. Action Taken: File Deleted.
File C:\Ohjelmat\YouTube FLV to AVI Suite Enerprise\Uninstall.0xe infected by "Trojan.Win32.Delf.axt" Virus. Action Taken: File Deleted.
File C:\Program Files\Give4Free Plugin\uninstall.exe tagged as not-a-virus:AdWare.Win32.Chiem.c. No Action Taken.
File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc28.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.g. No Action Taken.
File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc61.exe tagged as not-a-virus:AdWare.Win32.WinAD.z. No Action Taken.
File C:\RECYCLER\S-1-5-21-1605260070-2079253868-3833637110-1003\Dc64.dll tagged as not-a-virus:AdWare.Win32.Midadle.b. No Action Taken.
File C:\System Volume Information\_restore{EF7B9B72-035F-42A2-BDC2-6E27BDB1C4B7}\RP754\A0398863.0xe infected by "Trojan.Win32.Delf.axt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\webdlg32.dll tagged as not-a-virus:AdWare.Win32.SBSoft.g. No Action Taken.
File G:\Poltteleppa levylle\Rompetta\tightvnc-1.3.9-setup.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1370. No Action Taken.

[ + lainaa]

Hujo

Suspended permanently

16. helmikuuta 2008 @ 19:54

Linkki tähän viestiin

scannaa uusi hjt:n loki

[ + lainaa]

Voiko tietsikka koskaan toimia?

73r0

Newbie

18. helmikuuta 2008 @ 18:28

Linkki tähän viestiin

Empä nyt skannaile kun meni jo koko kone sekaisin ja jotain korjausasennusta tein niin sepä siinä formatoi koko koneenni prkkrlll!

[ + lainaa]

Mainos

Hujo

Suspended permanently

18. helmikuuta 2008 @ 19:01

Linkki tähän viestiin

ai tuupasit käyttöjärjestelmä cd:n koneeseen
tietysti oli se recovery

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

Aiheeseen liittyviä linkkejä

Lataa uusin versio HijackThis-ohjelmasta täältä!

Aiheeseen liittyviä viestiketjuja	Viestejä	Viimeisin viesti	Keskustelualue
HJT Logi	2	3. kesäkuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ?	4	6. toukokuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa	1	3. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log	1	2. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen!	2	10. maaliskuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta	1	19. helmikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2	1	11. tammikuuta 2014	Windows -ongelmat
HJT-logia..	1	9. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi syynäiltäväksi.


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.