HJT-LOGI

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 13.3.2025 / 17:34

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logi

Aiheet

Keskustelualueet

Aloita uusi viestiketju

HJT-LOGI

Siirry:

Kirjoittaja

Viesti

Rosterx

Newbie

22. elokuuta 2006 @ 05:02

Linkki tähän viestiin

Ongelma on sellainen että koneelle tuli haittaohjelma, minkä mukana tuli sitten myös pari troijalaista ilmeisestikkin.
NOPEA APU TARPEEN!

Tässä logi

Logfile of HijackThis v1.99.1
Scan saved at 8:53:34, on 22.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\Media-Codec\iesplugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Boost XP Service] C:\Program Files\Boost XP\bxservice.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ath.cx
O17 - HKLM\Software\..\Telephony: DomainName = ath.cx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ath.cx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ath.cx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\system32\vwlummc.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. elokuuta 2006 @ 05:06

Rosterx

Newbie

22. elokuuta 2006 @ 05:05

Linkki tähän viestiin

C:\Program Files\Media-Codec\pmmon.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\Media-Codec\pmsngr.exe

nämä prosessit tiedän että ovat haitallisia, mutta niitä en saa pois tuolta, eikä tuota media-codeccia saa pois.

[ + lainaa]

-kemisti-

AfterDawn Addict

22. elokuuta 2006 @ 13:50

Linkki tähän viestiin

Ensinnäkin koneessa olisi hyvä olla virustorjunta ja palomuuri
Kumpaakaan ei näy :)

Lataa SmitfraudFix (c) S!Ri
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

[ + lainaa]

Ei HjT-lokeja tms. yksityisviestillä!

lintukala

Junior Member

29. elokuuta 2006 @ 13:41

Linkki tähän viestiin

en ole Rosterx, mutta mulla on sama ongelma ja tässä on smitfraudfix logi:

SmitFraudFix v2.81

Scan done at 17:37:06,60, ti 29.08.2006
Run from C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\vwlummc.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Ohjelmat\KYNNIS~1\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EEMELI~1.KUK\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Media-Codec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2234}"="DCOM Server 2234"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
@="C:\WINDOWS\system32\2234_32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
@="C:\WINDOWS\system32\2234_32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + lainaa]

-kemisti-

AfterDawn Addict

29. elokuuta 2006 @ 13:48

Linkki tähän viestiin

@lintukala:

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Lähetä sen sisältö ja HjT-loki tänne, ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/316714

[ + lainaa]

Ei HjT-lokeja tms. yksityisviestillä!

lintukala

Junior Member

29. elokuuta 2006 @ 16:53

Linkki tähän viestiin

Kiitos avusta =)

tein ohjeittesi mukaan ja tässä on smitfraudfix logi cleanin jälkeen:

GenericRenosFix by S!Ri

C:\WINDOWS\system32\vwlummc.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Ohjelmat\KYNNIS~1\.protected Deleted
C:\Program Files\Media-Codec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2234}"="DCOM Server 2234"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
@="C:\WINDOWS\system32\2234_32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
@="C:\WINDOWS\system32\2234_32.dll"

»»»»»»»»»»»»»»»»»»»»»»»» End

ja tässä HjT- logi:

O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - E:\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Kyllä tämä ainakin jotain auttoi. vieläkin jotain pop-uppeja tuntuu näytölle ilmestyvän.

[ + lainaa]

-kemisti-

AfterDawn Addict

29. elokuuta 2006 @ 17:00

Linkki tähän viestiin

HjT-loki ei ole kokonainen. Se alkaa sanoilla "Logfile of HijackThis..."
Eli lähetäpä uudestaan.

Tuolla bottiarmeijalla ym. sanoisin kyllä melkeen format C:
Nuo kaikki örkkejä:

O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Mutta itse teet päätöksesi :)

[ + lainaa]

Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. elokuuta 2006 @ 17:01

lintukala

Junior Member

29. elokuuta 2006 @ 17:52

Linkki tähän viestiin

tässä uudestaan tuo HjT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:40:30, on 29.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
E:\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\3ff2ab07.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\$NtUninstallKB5470665$\kavss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\DC++\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {681DB8F4-4401-0D8F-8A12-03AD07435D9E} - C:\WINDOWS\system32\hfjwwel.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - E:\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Niin. En tiedä miten tuo formatointi tapahtuu, mutta koitan etsiä ohjeita. :) Eikö ole muuta tehtävissä kuin formatointi? Monet noista örkeistä on mielestäni jo pitkään ollut koneessa, enkä ole huomannut että niistä hirveästi haittaa olisi ollut.
Viimeaikoina tehtävienhallinnan prosesseissa explorer.exen muistin käyttö on ollut aina jotain 40-90 000 kt, vaikka ei mitään netti ohjelmaa ole ollut päällä.. mistäköhän tämä voisi johtua?

[ + lainaa]

-kemisti-

AfterDawn Addict

30. elokuuta 2006 @ 05:43

Linkki tähän viestiin

Siis kyllä voin puhdistaa koneesi, mutta siellä on vaan näköjään yks backdoor, yksi keylogger ja botteja, niin itse en käyttäisi tuota enää ilman forkkausta...

Tässä puhdistusohjeet:

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.

Fixaa nämä:

R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
O2 - BHO: (no name) - {681DB8F4-4401-0D8F-8A12-03AD07435D9E} - C:\WINDOWS\system32\hfjwwel.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [Blondes]C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Sitten käynnistä -> suorita
kirjoita sc stop mousecrm ja klikkaa ok
sitten sc delete mousecrm ja klikkaa ok
sitten sc stop PowerManager ja klikkaa ok
sitten sc delete PowerManager ja klikkaa ok

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\hfjwwel.dll
C:\windows\mrjj.exe
C:\WINDOWS\bykih.exe
C:\WINDOWS\addlc.exe
C:\WINDOWS\sdkro.exe
C:\WINDOWS\system32\d3yj.exe
C:\WINDOWS\sdkun.exe
C:\WINDOWS\sdkkn32.exe
C:\WINDOWS\iphy.exe
C:\WINDOWS\system32\apihc.exe
C:\WINDOWS\system32\atlit32.exe
C:\WINDOWS\system32\iewb.exe
C:\WINDOWS\system32\ipec32.exe
C:\WINDOWS\system32\3ff2ab07.exe
C:\WINDOWS\system32\yxphhml.dll
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe
C:\WINDOWS\system32\2234_32.dll
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\svchost.exe

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).[/list]
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

[Color=green]Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta[/color]

[*]Käynnistä Ewido Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.[list]
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:[list]
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"

[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia Ewidon skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä Ewido Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine(1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä Ewidon raportti viestikejuusi.

Lähetä:

- uusi HjT-loki
- c:\fixwareout\report.txt
- ewidon raportti

[ + lainaa]

Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. elokuuta 2006 @ 05:46

lintukala

Junior Member

30. elokuuta 2006 @ 09:22

Linkki tähän viestiin

HjT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 13:18:30, on 30.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
E:\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\D-Tools\daemon.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
E:\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
E:\DC++\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

fixwareout logi:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32
{BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

ewidon logi:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:13:11 30.8.2006

+ Scan result:

HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Error during cleaning.
C:\WINDOWS\system32\{BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe -> Adware.Casino : Cleaned with backup (quarantined).
D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf -> Adware.Comet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Error during cleaning.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/10a.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mscdaux.dll -> Backdoor.Delf.aml : Cleaned with backup (quarantined).
C:\WINDOWS\system32\2234_28.dll -> Backdoor.Dsrv : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\6.tmp -> Downloader.Agent.aly : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\E367EH2R\miniclipGameLoader[1].dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp3072.exe -> Downloader.Small.dcj : Cleaned with backup (quarantined).
F:\My Received Files\My Received Files\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp -> Downloader.Tiny.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[35].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[36].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[35].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[36].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[37].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[38].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[39].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[40].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[41].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp5120.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\script-20[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
E:\DC++\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
C:\winstall.exe.tcf -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ipod.raw.exe -> Proxy.Lager.ce : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\SK@J:exsglm -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\SK@J:vqsazq -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\2234_27.dll -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YGJN98T\UDefender_Installer[1].exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\4DIBC5AV\UDefender_Installer[1].exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\msn.exe -> Trojan.Sinowal.al : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.an : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00014.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\$_3472452.EXE -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).

::Report end

[ + lainaa]

Mainos

-kemisti-

AfterDawn Addict

30. elokuuta 2006 @ 14:02

Linkki tähän viestiin

Poista tuo -> C:\WINDOWS\system32\{BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe

Tyhjennä roskis

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

Lähetä myös uusi HjT-loki.

[ + lainaa]

Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. elokuuta 2006 @ 14:02

Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.