|
Ongelmaa spywaren poistamisessa.
|
|
Member
|
22. tammikuuta 2006 @ 06:42 |
Linkki tähän viestiin
|
Yhtenä päivänä huomasin,että työpöydälle oli tullut tälläinen ilmoitus http://koti.mbnet.fi/rikhardo/kuvat/spyware.PNG . Olen koittanut etsiä ongelmaa useilla eri ohjelmilla,mutta en ole saanut poistettua ilmoitusta ja spywarea. Mitä pitäisi tehdä?
|
Senior Member
|
22. tammikuuta 2006 @ 07:04 |
Linkki tähän viestiin
|
|
|
Member
|
22. tammikuuta 2006 @ 07:30 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 12:29:12, on 1/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Network Monitor\netmon.exe
E:\Program Files\F-Secure\Common\FSMB32.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\F-Secure\Common\FCH32.EXE
E:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
E:\Program Files\F-Secure\Common\FAMEH32.EXE
E:\Program Files\F-Secure\Common\FSM32.EXE
E:\Program Files\ahead\InCD\InCD.exe
E:\WINDOWS\System32\private.exe
E:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
E:\WINDOWS\System32\d.exe
E:\Program Files\F-Secure\Common\FNRB32.EXE
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure\Common\FIH32.EXE
E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Ohjelmatiedostot\Ad-aware\Ad-Aware SE Personal\Ad-Aware.exe
E:\WINDOWS\System32\wuauclt.exe
E:\rikun jutut\ohjelmat\Opera\Opera.exe
C:\hjt\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [bvzfam] E:\WINDOWS\System32\hglvgbs.exe r
O4 - HKLM\..\Run: [ControlPanel] E:\WINDOWS\System32\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [dmtbj.exe] E:\WINDOWS\System32\dmtbj.exe
O4 - HKLM\..\Run: [PayTime] E:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [winsync] E:\WINDOWS\System32\iqypyc.exe reg_run
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: Applets - E:\WINDOWS\
O20 - Winlogon Notify: Themes - E:\WINDOWS\
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\dmVzc2E\command.exe (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
|
Member
|
22. tammikuuta 2006 @ 10:20 |
Linkki tähän viestiin
|
|
Ton jos joku kattois että mikä on ongelmana.
|
Senior Member
2 tuotearviota
|
22. tammikuuta 2006 @ 10:41 |
Linkki tähän viestiin
|
|
En ole ammattililainen muuta nämä rivit pitäs kait fixiata:
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
|
Senior Member
|
22. tammikuuta 2006 @ 13:18 |
Linkki tähän viestiin
|
Örkkipesäke sieltä paljastu...
Aloitetaan tällä kertaa puhdistus ewidolla...
-> http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaisesti päivitys...
<<<<<<<<<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Naputtele F8 koneen käynnistyksen yhteydessä ja valitse vikasietotila
-> aja ewido full system scan, tallenna raportti.
Palaa normaalitilaan ja lähetä ewidon raportti + uusi hjt loki.
Lähdetään näin alkuun, mutta vasta alkua tämä.
|
Member
|
23. tammikuuta 2006 @ 02:42 |
Linkki tähän viestiin
|
Tässä nyt ewidon logi:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 22:20:35, 1/22/2006
+ Report-Checksum: D7A18CB7
+ Scan result:
C:\drsmartload1.exe -> Downloader.Adload.l : Cleaned with backup
E:\RECYCLED\De4740.tmp -> Adware.Casino : Cleaned with backup
E:\RECYCLED\De4741.tmp -> Adware.Casino : Cleaned with backup
:mozilla.50:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.51:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.52:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.59:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.79:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.84:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.85:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.86:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.87:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.88:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.94:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.96:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.103:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
E:\RECYCLED\De5626.CHK -> Downloader.Inor.a : Cleaned with backup
E:\RECYCLED\De8283.txt -> Spyware.Cookie.Adtech : Cleaned with backup
E:\RECYCLED\De8293.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\RECYCLED\De9195.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\WINDOWS\system32\spool\PRINTERS\00003.SPL -> Backdoor.SdBot.xm : Cleaned with backup
E:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
E:\WINDOWS\system32\agqwq.dat -> Downloader.Qoologic.at : Cleaned with backup
E:\WINDOWS\system32\s.exe -> Downloader.Small.awa : Cleaned with backup
E:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup
E:\WINDOWS\system32\mpastmib.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\CIWFLT32.DLL -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\ntevent.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\dIdxof.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\shmpapi.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\SVKJKDC.0XE -> Trojan.Pakes : Cleaned with backup
E:\WINDOWS\system32\enrul1991.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\lv8m09l1e.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\lv6009jme.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\gppql3751.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\lv6o09j3e.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\j82qlif5182.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\nzmsdba.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\s8puli7918.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\pzflbmsg.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\ctutil.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\p48q0el5ehq.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\r68s0gl7e6q.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\d8j02i1mg8.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\ennsl1571.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\k862lijo18oc.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\n64slgh7164.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\kt0ol7d31.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\g022lafo1d2c.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\bntsprx2.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\o6lulg3916.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\ir00l5dm1.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\q4860elsehq60.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\h4j40e1qeh.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\IQYPYC.0XE -> Downloader.Qoologic.at : Cleaned with backup
E:\WINDOWS\system32\jt6u07j9e.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\n0p4la7q1d.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\h4n0le5m1h.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\gp08l3du1.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\irp0l57m1.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\gpjsl3171.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\lvls0937e.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\lv8209loe.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\gp06l3ds1.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\f6l00g3me6.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\nkmsdba.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\system32\m4640ejqehoe0.dll -> Spyware.Look2Me : Cleaned with backup
E:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
E:\WINDOWS\tool1.exe -> Trojan.Small : Cleaned with backup
E:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
E:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
E:\Documents and Settings\All Users\Documents\Sys33.exe -> Backdoor.SdBot.xm : Cleaned with backup
E:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
E:\Documents and Settings\vesa\Local Settings\Temp\ptsBF.tmp -> Adware.Casino : Cleaned with backup
E:\Documents and Settings\vesa\Local Settings\Temp\ptsC0.tmp -> Adware.Casino : Cleaned with backup
:mozilla.18:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.64:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.68:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.70:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.75:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\temp.frCA0E -> Downloader.Qoologic.ax : Cleaned with backup
E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\temp.fr9244 -> Downloader.Qoologic.ax : Cleaned with backup
E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Cookies\riku@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Cookies\riku@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Logger.Small.dg : Cleaned with backup
E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
E:\FOUND.007\FILE0015.CHK -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437226.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437231.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437232.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0438231.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0438232.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439230.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439423.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439425.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440423.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440424.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440604.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440608.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440609.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440611.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0441609.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0441610.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0441619.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0441623.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442619.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442624.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442625.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442635.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442636.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442637.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442643.exe -> Adware.Casino : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0443636.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0443637.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444635.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444636.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444637.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445635.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445637.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445638.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0446638.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0447634.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0448634.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0448640.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449635.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449649.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449656.EXE -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449658.EXE -> Downloader.Small.bwr : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449690.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449692.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449697.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP171\A0450693.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP173\A0450762.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP173\A0451767.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451913.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451914.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0452959.0XE -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0453936.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0454939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0455939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0456939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0456942.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0457939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0457945.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0458939.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0458945.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0459951.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460384.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460391.exe -> Downloader.PassAlert.d : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460560.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461562.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461563.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461564.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461580.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461582.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461583.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462580.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462581.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462582.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0463580.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0463581.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463621.dll -> Spyware.Look2Me : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463625.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463626.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0464624.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0464625.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465624.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465625.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465648.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465649.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466648.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466649.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466658.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466659.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0467658.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0467659.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467667.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467668.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467675.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467685.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467686.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468685.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468686.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468708.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468709.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468717.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468718.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468729.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468730.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468765.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468766.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468776.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468777.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468801.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468810.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468811.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0469810.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0469811.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470810.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470811.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470820.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470821.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472820.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472821.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472839.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472840.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472852.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0473852.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0473853.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0474854.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0474855.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP186\A0475000.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP186\A0475001.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475854.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475855.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475864.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475865.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475874.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475875.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475885.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475886.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0476884.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0476885.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0477884.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0477885.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0478884.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0478890.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP189\A0479004.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP189\A0479005.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP190\A0479389.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP190\A0479390.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0480391.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0480392.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0481392.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0481393.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0482389.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0482390.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0483389.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0483390.0xe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0484442.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0485441.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0486445.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488451.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488466.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488467.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488485.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0489464.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0489466.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP194\A0490464.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP194\A0490465.exe -> Trojan.Pakes : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP197\A0497545.exe -> Downloader.Qoologic.at : Cleaned with backup
E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP197\A0497546.exe -> Trojan.Pakes : Cleaned with backup
::Report End
ja uus hijack logi:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:57, on 1/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
E:\Program Files\F-Secure\Common\FSM32.EXE
E:\Program Files\ahead\InCD\InCD.exe
E:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\F-Secure\Common\FSMB32.EXE
E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
E:\Program Files\F-Secure\Common\FCH32.EXE
E:\WINDOWS\System32\devldr32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\F-Secure\Common\FAMEH32.EXE
E:\Program Files\F-Secure\Common\FNRB32.EXE
E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure\Common\FIH32.EXE
E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\rikun jutut\ohjelmat\Opera\Opera.exe
E:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: Applets - E:\WINDOWS\
O20 - Winlogon Notify: Themes - E:\WINDOWS\
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. tammikuuta 2006 @ 02:44
|
Senior Member
|
24. tammikuuta 2006 @ 02:43 |
Linkki tähän viestiin
|
Loistavaa ewido hoiti alkuroskat pois :) Montakohan löytöä tossa mahto olla?
Yhteys on muuten kaapattu Valko-Venäjältä käsin.
Fixaa: Avaa Hijackthis -> Do a system scan only -> Merkkaa -> Paina fix cheked.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
----------->
Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944
<<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>
Naputtele F8 koneen käynnistyksen yhteydessä ja valitse vikasietotila
Poista käsin:
C:\-->winstall.exe<--
Palaa normaalitilaan:
Hae eScan
-> http://koti.mbnet.fi/pattaya1/escanmwav.htm
Päivitä ohjeiden mukaan ja lähetä sen alalaatikon tulokset tänne uuden hjt lokin kera!
|
Member
|
24. tammikuuta 2006 @ 13:33 |
Linkki tähän viestiin
|
eScan:
File E:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
File E:\WINDOWS\System32\private.exe infected by "Trojan-Downloader.Win32.Delf.aco" Virus. Action Taken: File Deleted.
File E:\WINDOWS\System32\dial32.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
File E:\WINDOWS\System32\dgprpsetup.exe infected by "Trojan-Downloader.Win32.Delf.aco" Virus. Action Taken: File Deleted.
File E:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File C:\SECURE32.0TML infected by "not-virus:Hoax.Win32.Renos.y" Virus. Action Taken: File Renamed.
File E:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File E:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\All Users\Application Data\great idol web build\grid phone.exe tagged as not-a-virus:AdWare.Win32.Lop.p. No Action Taken.
File E:\Documents and Settings\vesa\Local Settings\Temp\cmdinst.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.
File E:\Documents and Settings\vesa\Local Settings\Temp\dk.dial infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\gnbhopmd.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
Uusi Hijack logi:
Logfile of HijackThis v1.99.1
Scan saved at 18:32:53, on 1/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\F-Secure\Common\FSMB32.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\F-Secure\Common\FCH32.EXE
E:\Program Files\F-Secure\Common\FAMEH32.EXE
E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure\Common\FNRB32.EXE
E:\Program Files\F-Secure\Common\FIH32.EXE
E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\F-Secure\Common\FSM32.EXE
E:\Program Files\ahead\InCD\InCD.exe
E:\WINDOWS\System32\ctfmon.exe
C:\program files\valve\steam\steam.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\devldr32.exe
E:\Ohjelmatiedostot\miranda\miranda32.exe
c:\program files\valve\steam\steamapps\rikuhardo\counter-strike\hl.exe
E:\rikun jutut\ohjelmat\Opera\Opera.exe
C:\hjt\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: Applets - E:\WINDOWS\
O20 - Winlogon Notify: Themes - E:\WINDOWS\
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
|
Senior Member
|
25. tammikuuta 2006 @ 03:03 |
Linkki tähän viestiin
|
|
Avaa kone vikasietotilassa:
Poista:
E:\WINDOWS\System32\-->rzspy.exe
C:\-->SECURE32.0TML (huomaa että nimi on saattanut hiukan muuttua)
E:\WINDOWS\Temp\--> Poista kaikki kohteet Temp kansiosta
E:\Documents and Settings\All Users\Application Data\-->great idol web build<--\
E:\Documents and Settings\vesa\Local Settings\Temp\ Poista kaikki kohteet temp kansiosta.
Olet ilmeisesti poistanut Pandan koneelta mutta se on jäänyt vielä pyörimään?
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Käynnistä -> suorita -> services.msc -> ok
Etsi Listalta Panda:
-> Panda Process Protection Service
Tuplaklikkaa sitä, paina seis ja valitse käynnistymistavaksi "ei käytössä"
Lisäksi poista kansio:
E:\Program Files\Common Files\-->Panda Software<--\
Muutoin on puhdasta :)
|
Member
|
25. tammikuuta 2006 @ 03:16 |
Linkki tähän viestiin
|
|
nyt tuli 2 sellast ongelmaa et en löytäny tota C:\-->SECURE32.0TML
ja sitte tuolla services menussa oli vissii se panda jo stopilla ku siin ei voinu painaa ku start
|
Member
|
25. tammikuuta 2006 @ 03:20 |
Linkki tähän viestiin
|
|
eikä työpöytäkää viel normalisoitunu :(
|
Senior Member
|
25. tammikuuta 2006 @ 19:01 |
Linkki tähän viestiin
|
Selvä juttu, eliminoitu hyvin tuo SECURE32.0TML
Klikkaa työpöydällä oikealla hiiren nappulalla -> ominaisuudet -> työpöytä -> mukauta työpöytää -> web-välilehti.
Katso, jos siellä on jotain security-juttua, niin poista se. Jos siellä näkyy jotain muuta outoa, niin kerro myös siitä.
Jos asia ei tuosta ilmene niin:
Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.
Jos ei löydy, tee haku hakusanalla warnhp.html.
Lähetä registry searchin tulokset.
|
Member
|
26. tammikuuta 2006 @ 02:52 |
Linkki tähän viestiin
|
|
tällästä tuli tuolla desktop.html haulla:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "desktop.html" 1/26/2006 7:49:49
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1417001333-436374069-842925246-1011\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"="E:\\WINDOWS\\desktop.html"
Poistin tämän tiedoston ja heti helpotti. Kiitos avusta
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. tammikuuta 2006 @ 02:54
|
Senior Member
|
26. tammikuuta 2006 @ 15:25 |
Linkki tähän viestiin
|
|
Ole hyvä. Ehditkin poistaa enneku ehdotin :) Hyvä, kone on kunnossa nyt.
|
|
Mainos
|
|
|
|
ratnunter
Member
|
6. helmikuuta 2006 @ 08:58 |
Linkki tähän viestiin
|
errrm, en olis ihan varma vielä
otappa blacklight:
http://www.f-secure.com/blacklight/try.shtml
aja skannaus, kun valmis sulje blacklight ja laita sen loki tänne
toi keyloggeri mikä sulla sielä oli on erikoisen kiinnostunu pankkien salasanoista ja luottokorttien numeroista
tsekkaa pankkis ja luottokorttifirmas et onko outoja nostoja...
|
