AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 3.8.2025 / 02:07
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logini. kone täynnä viruksia.
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
HJT-logini. Kone täynnä viruksia.
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 09:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tähän koneeseen ei ole ennen päässyt viruksia oikeastaan ainuttakaan koska netti kulkee ensin toiseen koneeseen ja siitä tähän. Mutta nyt kone on yhtäkkiä täynnä niitä, hidastelee, sammuu itsestään, tekee pop-uppeja jne.
En ole itse oikeastaan koittanut niitä poistella koska ajattelin että parempi samantien kysyä apua paremmin osaavilta.

Eli HJT-logini:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:07:51, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\TEMP\win2A8.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\---\Omat tiedostot\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB00429 - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - C:\WINDOWS\system32\fccbcyx.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll
O2 - BHO: (no name) - {CD806F40-8F1B-40EE-AFF9-1AE03B28FC0E} - C:\WINDOWS\system32\pmnlj.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2A8.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\tjlckxln.dll",sitypnow
O4 - HKCU\..\Run: [LemmingsRevolutionSetup.exe] C:\DOCUME~1\---\TYPYT~1\LEMMIN~1.EXE /r
O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMedia] svchost
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: fccbcyx - C:\WINDOWS\SYSTEM32\fccbcyx.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8510 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 09:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista lisää poista sovelutuksesta

Trend Micro HijackThis v2.0.0 (BETA)

lataa uudestaan tuosta alta

Lataa hjt:n tuosta http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

asenna naputtele numero järjestyksessä

1.Unzip
2.OK
3.Close

scannaa paina tuosta > Do a system scan and save a logfile

Kopioi ponnahtava muistio hjt loki ja laita tänne.

Nimeä uudelleen se pomminkuva skanneriksi ( millä avaat hjt ajon )

====================

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: XBTB00429 - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - (no file)


====================

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==================

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
" Käynnistä tietokone
" Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
" Seuraavaksi pitäisi ilmestyä valikko
" Valitse valikosta vikasietotila.

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

=========================

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===================

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

==============

escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

====================

Laita lokit ja uusi scannattu hjt:n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 10:01
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 11:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kiitos paljon.

Tässä tuon antamasi hjt:n uusi logi (en ole vielä siis tehnyt mitään):

Logfile of HijackThis v1.99.1
Scan saved at 15:00:06, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\TEMP\win2A8.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\---\LOCALS~1\Temp\sys16.exe
C:\DOCUME~1\---\LOCALS~1\Temp\32sv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2A8.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\tjlckxln.dll",sitypnow
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [LemmingsRevolutionSetup.exe] C:\DOCUME~1\---\TYPYT~1\LEMMIN~1.EXE /r
O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 11:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juu ala vain rummuttamaan ohjeen mukaan

ja nimeä tuo uudelleen
C:\HJT\==> HijackThis.exe <=== skanneriksi

Siinähän tuo ilta menee mukavasti kun on tekemistä ;)

Onkos tuo F-secure saanut jotekin siipeensä kun on niin vähän siintä lokissa. Herjaako tuo tietoturva sitä?
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 11:21
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 12:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hmm, en itse tätä konetta yleensä käytä, mutta en usko että tässä on ikinä f-secure päällä. Kun netti tulee tähän koneeseen toisen koneen kautta, niin ei ole lähes ikinä tullut viruksia yli vuoden aikana vaikkei ole ollut oikeastaan mitään virustorjuntaa päällä :D vain tuo windowsin palomuuri hehheh.

eScan skannailee vielä mutta laitan muita logeja (NoLop ei löytänyt mitään):

Logfile of HijackThis v1.99.1
Scan saved at 16:00:13, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



======




VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 15:04:04 29.7.2007

Listing files found while scanning....

C:\windows\system32\afcsblga.dll
C:\windows\system32\afmjbpfh.dll
C:\windows\system32\aglbscfa.ini
C:\windows\system32\aismrsvm.dll
C:\windows\system32\cmsqdjvn.dll
C:\windows\system32\eptvrvfl.dll
C:\WINDOWS\system32\fccbcyx.dll
C:\WINDOWS\system32\hluwfsju.dll
C:\windows\system32\htwxtuyw.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\windows\system32\jshmncky.ini
C:\windows\system32\lfvrvtpe.ini
C:\windows\system32\lqtkpfao.dll
C:\windows\system32\mjmmtsef.dll
C:\windows\system32\mvsrmsia.ini
C:\windows\system32\ossnvgwr.ini
C:\WINDOWS\system32\pmnlj.dll
C:\windows\system32\ptspvxav.ini
C:\windows\system32\ptvguoyb.dll
C:\windows\system32\rbvmwakc.dll
C:\windows\system32\rgavitka.dll
C:\windows\system32\rwgvnsso.dll
C:\windows\system32\skdeqbqu.dll
C:\windows\system32\txevaqyu.dll
C:\windows\system32\vaxvpstp.dll
C:\windows\system32\wigwexni.dll
C:\windows\system32\wyutxwth.ini
C:\windows\system32\ykcnmhsj.dll

Beginning removal...

Attempting to delete C:\windows\system32\afcsblga.dll
C:\windows\system32\afcsblga.dll Has been deleted!

Attempting to delete C:\windows\system32\afmjbpfh.dll
C:\windows\system32\afmjbpfh.dll Has been deleted!

Attempting to delete C:\windows\system32\aglbscfa.ini
C:\windows\system32\aglbscfa.ini Has been deleted!

Attempting to delete C:\windows\system32\aismrsvm.dll
C:\windows\system32\aismrsvm.dll Has been deleted!

Attempting to delete C:\windows\system32\cmsqdjvn.dll
C:\windows\system32\cmsqdjvn.dll Has been deleted!

Attempting to delete C:\windows\system32\eptvrvfl.dll
C:\windows\system32\eptvrvfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbcyx.dll
C:\WINDOWS\system32\fccbcyx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hluwfsju.dll
C:\WINDOWS\system32\hluwfsju.dll Has been deleted!

Attempting to delete C:\windows\system32\htwxtuyw.dll
C:\windows\system32\htwxtuyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jshmncky.ini
C:\windows\system32\jshmncky.ini Has been deleted!

Attempting to delete C:\windows\system32\lfvrvtpe.ini
C:\windows\system32\lfvrvtpe.ini Has been deleted!

Attempting to delete C:\windows\system32\lqtkpfao.dll
C:\windows\system32\lqtkpfao.dll Has been deleted!

Attempting to delete C:\windows\system32\mjmmtsef.dll
C:\windows\system32\mjmmtsef.dll Has been deleted!

Attempting to delete C:\windows\system32\mvsrmsia.ini
C:\windows\system32\mvsrmsia.ini Has been deleted!

Attempting to delete C:\windows\system32\ossnvgwr.ini
C:\windows\system32\ossnvgwr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\windows\system32\ptspvxav.ini
C:\windows\system32\ptspvxav.ini Has been deleted!

Attempting to delete C:\windows\system32\ptvguoyb.dll
C:\windows\system32\ptvguoyb.dll Has been deleted!

Attempting to delete C:\windows\system32\rbvmwakc.dll
C:\windows\system32\rbvmwakc.dll Has been deleted!

Attempting to delete C:\windows\system32\rgavitka.dll
C:\windows\system32\rgavitka.dll Has been deleted!

Attempting to delete C:\windows\system32\rwgvnsso.dll
C:\windows\system32\rwgvnsso.dll Has been deleted!

Attempting to delete C:\windows\system32\skdeqbqu.dll
C:\windows\system32\skdeqbqu.dll Has been deleted!

Attempting to delete C:\windows\system32\txevaqyu.dll
C:\windows\system32\txevaqyu.dll Has been deleted!

Attempting to delete C:\windows\system32\vaxvpstp.dll
C:\windows\system32\vaxvpstp.dll Has been deleted!

Attempting to delete C:\windows\system32\wigwexni.dll
C:\windows\system32\wigwexni.dll Has been deleted!

Attempting to delete C:\windows\system32\wyutxwth.ini
C:\windows\system32\wyutxwth.ini Has been deleted!

Attempting to delete C:\windows\system32\ykcnmhsj.dll
C:\windows\system32\ykcnmhsj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccbcyx.dll
C:\WINDOWS\system32\fccbcyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Has been deleted!

Performing Repairs to the registry.
Done!



=====



"---" - 2007-07-29 15:33:10 [GMT 3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\---\TYPYT~1\internet.lnk
C:\WINDOWS\system32\aiwkkcji.exe
C:\WINDOWS\system32\bmodipgp.exe
C:\WINDOWS\system32\csqntwcf.exe
C:\WINDOWS\system32\cthgtooy.exe
C:\WINDOWS\system32\cyhqjwby.exe
C:\WINDOWS\system32\etjqoqnk.exe
C:\WINDOWS\system32\hguuyjrm.exe
C:\WINDOWS\system32\qcepxbvo.exe
C:\WINDOWS\system32\rimictjl.exe
C:\WINDOWS\system32\rrmalshj.exe
C:\WINDOWS\system32\rtcjqrrj.exe
C:\WINDOWS\system32\syswin.exe
C:\WINDOWS\system32\tgurnebf.exe
C:\WINDOWS\system32\tjjokqbr.exe
C:\WINDOWS\system32\venbwkjh.exe
C:\WINDOWS\system32\wjxiqamd.exe
C:\WINDOWS\system32\wkeiqeun.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 15:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 15:18 d-------- C:\WINDOWS\ERUNT
2007-07-29 15:04 d-------- C:\VundoFix Backups
2007-07-29 14:59 d-------- C:\HJT
2007-07-29 13:22 d-------- C:\WINDOWS\pss
2007-07-29 13:06 d-------- C:\Program Files\InterMute
2007-07-28 19:41 615 --a------ C:\WINDOWS\eReg.dat
2007-07-28 19:41 d-------- C:\Program Files\EA Games
2007-07-28 19:30 126,016 --a------ C:\WINDOWS\system32\tjlckxln.dll
2007-07-28 19:27 69,184 --a------ C:\WINDOWS\system32\lhavwfib.dll
2007-07-26 20:57 69,184 --a------ C:\WINDOWS\system32\agttpdid.dll
2007-07-24 18:39 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-23 18:04 126,016 --a------ C:\WINDOWS\system32\iiksgokx.dll
2007-07-23 17:57 126,016 --a------ C:\WINDOWS\system32\rjvvwctg.dll
2007-07-23 17:54 10,240 --a------ C:\WINDOWS\system32\hlpsrv.exe
2007-07-20 18:17 dr------- C:\DOCUME~1\JRJEST~1.000\K?ynnist?-valikko
2007-07-20 18:17 d--h----- C:\DOCUME~1\JRJEST~1.000\Tulostinymp?rist?
2007-07-20 18:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 18:17 d-------- C:\DOCUME~1\JRJEST~1.000\Ty?p?yt?
2007-07-20 18:17 d-------- C:\DOCUME~1\JRJEST~1.000\.netbeans
2007-07-20 18:16 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-13 19:40 93,696 --a------ C:\WINDOWS\system32\drvrag.dll
2007-07-08 19:50 d--hs---- C:\found.000
2007-07-08 18:02 d-------- C:\Program Files\Lavasoft
2007-07-08 18:02 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-08 17:26 786,432 --ah----- C:\DOCUME~1\JRJEST~1.000\NTUSER.DAT
2007-07-08 17:26 d--h----- C:\DOCUME~1\JRJEST~1.000\Mallit
2007-07-02 20:42 d-------- C:\Program Files\bfgclient
2007-07-02 20:42 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-07-02 18:14 48 --a------ C:\DOCUME~1\---\readme.bat
2007-07-02 13:44 d-------- C:\DOCUME~1\---\APPLIC~1\Zen Puzzle Garden


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 12:12:34 503,296 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-07-29 05:50:41 -------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-07-28 15:40:57 -------- d-----w C:\DOCUME~1\---\APPLIC~1\uTorrent
2007-07-20 16:19:26 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-20 15:17:06 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-07-20 15:17:06 -------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
2007-07-20 15:17:06 -------- d-----w C:\Program Files\QuickTime
2007-07-20 15:16:57 -------- d-----w C:\Program Files\Turtle Odyssey 2
2007-07-20 15:15:59 -------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-07-20 15:15:56 -------- d-----w C:\Program Files\Truck Dismount
2007-07-20 15:15:30 -------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2007-07-11 16:58:31 75,610 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-11 16:58:31 375,602 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-03 14:02:33 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-07-02 15:31:34 -------- d-----w C:\DOCUME~1\---\APPLIC~1\OpenOffice.org2
2007-07-02 10:44:33 -------- d-----w C:\DOCUME~1\---\APPLIC~1\Zen Puzzle Garden
2007-06-28 21:27:22 -------- d-----w C:\Program Files\Soulseek
2007-06-27 12:15:11 -------- d-----w C:\Program Files\ffdshow
2007-06-25 19:20:20 -------- d-----w C:\Program Files\EphPod
2007-06-23 09:50:49 -------- d-----w C:\Program Files\Google
2007-06-20 18:40:36 -------- d-----w C:\Program Files\EA SPORTS
2007-06-20 18:39:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 18:39:02 -------- d-----w C:\Program Files\Shiny
2007-06-19 20:23:34 -------- d-----w C:\Program Files\Euroword2004
2007-06-17 08:54:38 -------- d-----w C:\Program Files\URUSoft
2007-06-17 08:33:09 -------- d-----w C:\Program Files\Electronic Arts
2007-06-16 12:11:55 -------- d-----w C:\DOCUME~1\---\APPLIC~1\BSplayer
2007-06-12 18:35:22 -------- d-----w C:\DOCUME~1\---\APPLIC~1\BSplayer Pro
2007-06-06 16:44:34 -------- d-----w C:\Program Files\TVUPlayer
2007-06-06 16:40:53 -------- d-----w C:\DOCUME~1\---\APPLIC~1\SopCast
2007-06-06 16:40:02 -------- d-----w C:\Program Files\SopCast
2007-06-05 20:22:15 19 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-04 19:01:54 -------- d-----w C:\Program Files\Warcraft III
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 16:07:19 -------- d-----w C:\Program Files\PPLive
2007-06-02 15:57:00 -------- d-----w C:\DOCUME~1\---\APPLIC~1\PPLive
2007-06-02 15:56:23 -------- d-----w C:\Program Files\MSN Messenger
2007-05-31 20:13:52 -------- d-----w C:\DOCUME~1\---\APPLIC~1\Hamachi
2007-05-18 14:20:08 389,120 ------w C:\WINDOWS\Setup1.exe
2007-05-18 14:20:03 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-17 11:15:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 19:08:31 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-04-30 19:08:31 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-03-02 01:18:00 2,616,321 ----a-w C:\Program Files\FairyTreasure.exe
2006-12-10 17:35:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-26 15:18:22 20,294,259 ----a-w C:\Program Files\fm.exe
2006-07-21 00:37:52 4,277,249 ----a-w C:\Program Files\HidExpTitanic.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-28 19:27 69184 --a------ C:\WINDOWS\system32\lhavwfib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD806F40-8F1B-40EE-AFF9-1AE03B28FC0E}]
C:\WINDOWS\system32\pmnlj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 11:31 C:\WINDOWS\SOUNDMAN.EXE]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" []
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 00:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-29 23:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-02 14:09]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"pviever"="C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LemmingsRevolutionSetup.exe"="C:\DOCUME~1\---\TYPYT~1\LEMMIN~1.exe" []
"ProbassSetup.exe"="C:\DOCUME~1\---\TYPYT~1\PROBAS~1.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll

R0 uagp35;Microsoft AGPv3.5 -suodatin;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
R3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
R3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
R3 HidUsb;Microsoft HID -luokkaohjain;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 dot4;MS IEEE-1284.4 -ohjain;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print-luokan ohjain IEEE-1284.4:?? varten;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB-massamuistiohjain;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6621e95e-e30d-11d9-ac87-0011099159b9}]
AutoRun\command- F:\AutoRunMorrowind.exe
install\command- F:\Setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 15:37:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 15:38:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-29 15:38

--- E O F ---






======







SDFix: Version 1.94

Run by --- on su 29.07.2007 at 15:19

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\DOCUME~1\---\TYPYT~1\SDFix

Safe Mode:
Checking Services:


Patched Winlogon.exe Found!

Winlogon File Locations:

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dllcache\winlogon.exe

Modified Files Are Listed Below:

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dllcache\winlogon.exe

Note: SDFix Does Not Repair This File!
Please Scan All Files Above At VirusTotal!


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Service asc3550u - Deleted after Reboot
Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\-59571~1 - Deleted
C:\WINDOWS\Temp\win10C.tmp.exe - Deleted
C:\WINDOWS\Temp\win20F.tmp.exe - Deleted
C:\WINDOWS\Temp\win21C.tmp.exe - Deleted
C:\WINDOWS\Temp\win270.tmp.exe - Deleted
C:\WINDOWS\Temp\win275.tmp.exe - Deleted
C:\WINDOWS\Temp\win2A8.tmp.exe - Deleted
C:\WINDOWS\Temp\win2AC.tmp.exe - Deleted
C:\WINDOWS\Temp\win10C.tmp.exe - Deleted
C:\WINDOWS\Temp\win20F.tmp.exe - Deleted
C:\WINDOWS\Temp\win21C.tmp.exe - Deleted
C:\WINDOWS\Temp\win270.tmp.exe - Deleted
C:\WINDOWS\Temp\win275.tmp.exe - Deleted
C:\WINDOWS\Temp\win2A8.tmp.exe - Deleted
C:\WINDOWS\Temp\win2AC.tmp.exe - Deleted
C:\Documents and Settings\---\Application Data\Install.dat - Deleted
C:\Documents and Settings\---\install.exe - Deleted
C:\DOCUME~1\---\LOCALS~1\Temp\hdg2.tmp - Deleted
C:\DOCUME~1\---\LOCALS~1\Temp\temp.exe - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted
C:\WINDOWS\system32\drivers\kcp.sys - Deleted
C:\WINDOWS\system32\mstscex.dll - Deleted
C:\WINDOWS\system32\oleauth32.dll - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\backWeb-4476822.exe"="C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\backWeb-4476822.exe:*:Enabled:backWeb-4476822"
"C:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe:*:Enabled:SoF2MP-Test"
"C:\\Documents and Settings\\---\\Ty?p?yt?\\RagdollMatrixReloadedv102lite\\RMR.exe"="C:\\Documents and Settings\\---\\Ty?p?yt?\\RagdollMatrixReloadedv102lite\\RMR.exe:*:Enabled:RMR"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE"="C:\\Program Files\\Codemasters\\Colin McRae Rally 2005 Multiplayer Demo\\CMR5.EXE:*:Enabled:Colin McRae Rally 2005 Application"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Q3Ademo\\quake3.exe"="C:\\Q3Ademo\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Computer Artworks\\Evolva Demo\\Evolva.exe"="C:\\Program Files\\Computer Artworks\\Evolva Demo\\Evolva.exe:*:Enabled:Evolva"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe"="C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe:*:Enabled:Worms 4 Mayhem Demo"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Team17\\Worms Armageddon\\WA.exe"="C:\\Team17\\Worms Armageddon\\WA.exe:*:Enabled:Worms Armageddon"
"C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\---\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\---\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\nxkxjxcm.exe"="C:\\WINDOWS\\system32\\nxk"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\---\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\My Games\Flying Leo\FlyingLeo.exe
C:\Program Files\Turtle Odyssey 2\Turtle Odyssey 2.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Program Files\Microsoft Office\Office\Pikavalintapalkki\Off2.tmp
C:\Program Files\Microsoft Office\Office\Pikavalintapalkki\Off3.tmp

Finished
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 12:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa hjt:llä merkkaa paina Fix checked

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab


=================

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:


3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

=============

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

==============

Juuh, laita sitten viimisenä uusi hjt loki scannaten
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 13:22
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 15:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo, laitan nyt ensin eScan login ja uuden HJT-login eScan skannauksen jälkeen:


eScan logi:

File C:\WINDOWS\system32\drvrag.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\hlpsrv.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\iiksgokx.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kz. No Action Taken.
File C:\WINDOWS\system32\ld3664.tmp infected by "Trojan-Downloader.Win32.Zlob.iv" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\rjvvwctg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kz. No Action Taken.
File C:\WINDOWS\system32\winlogon.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File to be deleted on reboot.
File C:\ButtonShyMouse.dll infected by "not-virus:BadJoke.Win32.MouseShy.a" Virus. Action Taken: File Renamed.
File C:\ButtonShyMouse.exe infected by "not-virus:BadJoke.Win32.MouseShy.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\---\3.tmp infected by "Trojan.Win32.Pakes.ag" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\---\Application Data\Sun\Java\Deployment\cache\6.0\23\1c3a7917-425886ff infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\---\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-37b8b49d.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\---\Omat tiedostot\Downloads\quake_3_arena_keygen.exe infected by "Trojan-Downloader.Win32.LoadAdv.gen" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\---\Työpöytä\SDFix\backups\backups.zip infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject8.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Tiedostot\setup.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\16power.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\16sys.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\3232.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\3264.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\6464.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\64syn.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\agent32.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\agent64.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\agentserver.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\agentsyn.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\agentwin.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\host32.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\kbyhrwtp.exe infected by "Trojan-Downloader.Win32.Zlob.aja" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\look16.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\lookagent.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\lookmon.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\monmon.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\powermon.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\powerserver.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\sv16.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\syn16.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\synhost.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\synsyn.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\syssv.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\winagent.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Local Settings\Temp\winhost.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Työpöytä\setup.exe infected by "Trojan-Downloader.Win32.Zlob.brx" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ari Alsio\Työpöytä\SVideoCodec4_01a.exe infected by "Trojan-Clicker.Win32.Agent.gy" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temp\agentsyn.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\6O87E9CW\anti4[1].exe tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\6O87E9CW\kcehc_eicooc20070702[1] infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\8NSJORK9\antzom[1].exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\8NSJORK9\L2[1].exe infected by "Trojan-Downloader.Win32.Small.dod" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\8NSJORK9\xc60[1].exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\UZ2RWH8P\xc23[1].exe infected by "Trojan-Downloader.Win32.Alphabet.h" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\UZ2RWH8P\xc29[1].exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\JakE\Local Settings\Temporary Internet Files\Content.IE5\YY1XOX58\adfcook[1] infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temp\agfrbusc.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temp\mllji.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken.
File C:\Documents and Settings\Vieras\Local Settings\Temp\mxksxxay.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temp\tetnhkjh.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\8COPCK0N\_jnvm[1] infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\E1656RGR\adfcook[1] infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\E1656RGR\css4[1] tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken.
File C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\E1656RGR\masiyxanidi[1] infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\hhhhhh\setup.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\paska\setup.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\PILKKI\setup.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\Program Files\codec_setup.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\Program Files\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\aiwkkcji.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bmodipgp.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\csqntwcf.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\cthgtooy.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\cyhqjwby.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\etjqoqnk.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\hguuyjrm.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\qcepxbvo.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\rimictjl.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\rrmalshj.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\rtcjqrrj.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\syswin.exe.vir infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\tgurnebf.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\tjjokqbr.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\venbwkjh.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\wjxiqamd.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\wkeiqeun.exe.vir infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP668\A0184747.exe infected by "Trojan-Downloader.Win32.Zlob.iv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP677\A0188889.dll tagged as not-a-virus:AdTool.Win32.WhenU.i. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP677\A0188890.exe tagged as not-a-virus:AdTool.Win32.WhenU.i. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0206848.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0206885.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0206887.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0207885.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0207887.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0208885.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0208887.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209079.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209081.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209093.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209095.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209109.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0209111.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0210109.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0210110.exe infected by "Trojan-Downloader.Win32.Small.evn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0210112.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0210121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP692\A0210123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0210142.exe infected by "Trojan.Win32.Agent.aoy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0211121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0211122.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0211123.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0211125.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0212121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0212123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0213121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0213123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0214121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0215121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0215123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0216121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0216123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0217121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0217123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0218121.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP693\A0218123.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219161.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219250.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219255.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219637.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219638.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219639.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219640.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219643.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219645.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0219647.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0220766.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP694\A0220769.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220786.dll tagged as not-a-virus:AdTool.Win32.Toolbar.a. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220787.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220789.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220811.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220813.dll tagged as not-a-virus:AdTool.Win32.Toolbar.a. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220815.exe infected by "Trojan-Downloader.Win32.Alphabet.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220816.exe infected by "Trojan-Downloader.Win32.Alphabet.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220818.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220836.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220837.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220838.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220839.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP695\A0220841.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221010.exe infected by "Trojan-Downloader.Win32.Alphabet.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221018.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221019.exe infected by "Trojan-Downloader.Win32.Alphabet.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221021.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221023.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221036.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221037.exe infected by "Trojan-Downloader.Win32.Alphabet.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0221039.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0222036.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0223036.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0223037.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0223038.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0223039.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP697\A0223041.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP698\A0223058.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP698\A0223060.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP698\A0223062.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP698\A0223070.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP698\A0224060.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224071.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224073.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224074.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224080.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224081.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224082.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224088.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224092.exe infected by "Trojan-Clicker.Win32.Delf.fz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224103.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224108.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.bq. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224575.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224576.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224577.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224580.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224582.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP699\A0224584.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP700\A0224772.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP700\A0224774.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP700\A0224785.exe infected by "Trojan-Clicker.Win32.Delf.fz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP700\A0224791.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP700\A0224793.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224811.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224812.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224813.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224815.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224823.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224825.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224827.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224835.exe infected by "Trojan-Downloader.Win32.Alphabet.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224836.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224846.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224847.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224849.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224858.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224859.exe infected by "Trojan-Downloader.Win32.Alphabet.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224860.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224862.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224864.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224881.dll tagged as not-a-virus:AdWare.Win32.Mostofate.e. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224883.dll infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224888.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP701\A0224890.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224901.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224903.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224923.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224925.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224956.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224958.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0224967.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0225956.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0225958.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0226956.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0226958.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0227956.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP702\A0227958.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0228956.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0228957.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0228959.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0228999.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0229007.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP703\A0229009.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230007.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230008.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230009.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230010.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230012.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230014.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP704\A0230016.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230043.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230047.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230048.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230049.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230053.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230055.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230063.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230086.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230087.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230106.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230146.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230147.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230158.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230166.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230167.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230354.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230356.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230357.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230358.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230360.exe infected by "Trojan-Clicker.Win32.Delf.fz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230369.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.bq. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230823.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230826.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230828.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230830.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230841.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230843.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0230854.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0231841.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0231842.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0231844.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0231857.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP705\A0231859.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP706\A0231885.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP706\A0231886.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP706\A0231887.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP706\A0231889.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP707\A0231946.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP707\A0231947.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP707\A0231948.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP707\A0231950.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0232966.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0232968.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0232969.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233009.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233014.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233015.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233023.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233025.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233026.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233029.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233032.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233033.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233035.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233036.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233061.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233062.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233080.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233120.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233121.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233132.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233140.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233141.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233329.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233330.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233331.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233333.exe infected by "Trojan-Clicker.Win32.Delf.fz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233342.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.bq. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233796.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233799.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233801.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233803.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0233811.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0234801.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0234802.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0234804.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235801.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235803.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235821.exe infected by "Trojan-Downloader.Win32.Tiny.gx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235826.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235827.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235828.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235829.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP708\A0235831.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP709\A0235856.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP709\A0235857.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP709\A0235860.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP709\A0235873.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0235881.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0235882.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0235884.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0235892.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0236881.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP710\A0236883.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP711\A0236892.exe infected by "Trojan-Downloader.Win32.Zlob.bxl" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP711\A0236902.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP711\A0236905.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP711\A0236913.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP711\A0236915.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0236930.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0236931.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0236934.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0236943.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0236944.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0237930.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0237933.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0237950.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0237952.exe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP712\A0237954.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237971.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237972.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237976.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237977.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.bq. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237978.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237979.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237980.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237982.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237986.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237988.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237992.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237993.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237997.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237998.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0237999.dll infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238007.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238009.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238014.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238015.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238017.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238019.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238029.exe infected by "Trojan-Downloader.Win32.Small.eqn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238030.exe infected by "Trojan-Downloader.Win32.Alphabet.f" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238031.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238032.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238033.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238040.sys infected by "Trojan-Proxy.Win32.Agent.mx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238041.exe infected by "Trojan-Downloader.Win32.Alphabet.f" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238042.exe infected by "Trojan-Downloader.Win32.Small.eqn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238043.sys infected by "Trojan-PSW.Win32.Agent.lf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238044.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238049.exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238050.exe infected by "Trojan-Downloader.Win32.Alphabet.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238051.exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238052.exe infected by "Trojan-Downloader.Win32.Alphabet.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238053.exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238054.exe infected by "Trojan-Downloader.Win32.Alphabet.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238055.exe infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238087.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238088.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238089.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238090.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238091.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238092.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238093.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238094.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238095.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238096.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238097.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238098.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238099.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238100.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238101.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238102.exe infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238104.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238175.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238176.exe infected by "Trojan-Clicker.Win32.Small.mv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238177.dll infected by "not-virus:BadJoke.Win32.MouseShy.a" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238178.exe infected by "not-virus:BadJoke.Win32.MouseShy.a" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238184.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238185.exe infected by "Trojan-Downloader.Win32.Zlob.brx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238186.exe infected by "Trojan-Clicker.Win32.Agent.gy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238187.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238188.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238189.exe infected by "Trojan-Downloader.Win32.Agent.aii" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EEA1A33-3942-4889-9570-8466E932FEA7}\RP713\A0238190.exe infected by "Trojan-Downloader.Win32.Zlob.bxn" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\afcsblga.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken.
File C:\VundoFix Backups\cmsqdjvn.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\fccbcyx.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken.
File C:\VundoFix Backups\hluwfsju.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\lqtkpfao.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\mjmmtsef.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\pmnlj.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken.
File C:\VundoFix Backups\ptvguoyb.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\rbvmwakc.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\rgavitka.dll.bad infected by "Trojan.Win32.BHO.bd" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\dllcache\winlogon.exe infected by "Trojan.Win32.Patched.q" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\system32\iiksgokx.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kz. No Action Taken.
File C:\WINDOWS\system32\rjvvwctg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kz. No Action Taken.




=====




Logfile of HijackThis v1.99.1
Scan saved at 19:06:11, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Nyt buuttaan koneen ja teen seuraavat korjaukset ja laitan logeja kohta.
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 15:31 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juuh. Se buutaus tekee välillä terää :)

Lataa KillBox http://www.killbox.net/downloads/KillBox.exe

Tallenna työpöydälle. Jolloin ilmestyy kuvake KillBox.exe

Avaa KillBox ja laita "täppi" kohtaan Delete on Reboot sekä paina kohdasta All Files niin ,että se alkaa "vilkkumaan" vihreänä.

Kopioi tuosta alta kaikki yhtäaikkaa

C:\WINDOWS\system32\lhavwfib.dll

Valitse ylhäältä valikosta File ja sitten Paste from Clipboard.

Riville Full Path of File to Delete ilmestyy jokin annetuista poluista ja tiedosto näkyy rivin alapuolella sinisellä merkittynä jos se löytyy koneelta.Paina tämän jälkeen oikealla olevaa punaista ympyrää jossa on valkoinen rasti.

Haluatko buutata nyt ? Vastaa tähän Kyllä

Tämän jälkeen kone buuttaa itsensä. Jos ei buuttaa niin suorita toimenpide itse "käsin".


Scannaa hjt:llä merkka paina Fix checked

O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
[ + lainaa]
Voiko tietsikka koskaan toimia?
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 15:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Paljonko on hyvä määrä tuota Disc Spacea? maksimi on 1000, pienennin sitä 800:n.
Poistin kaikki Javat kahvikuppi ikonilla, mutta poistanko tämän: "Java 2 SDK, SE v1.4.2_13"?

Ja tässä vielä tietoja tuosta eScan logista:

Total Number of Files Scanned: 162322
Total Number of Virus(es) Found: 422
Total Number of Disinfected Files: 67
Total Number of Files Renamed: 6
Total Number of Deleted Files: 301
Total Number of Errors: 11
Time Elapsed: 03:06:40
Virus Database Date: 2007/07/29
Virus Database Count: 369291

HJT-logi CCleanerin jne. jälkeen:

Logfile of HijackThis v1.99.1
Scan saved at 19:37:30, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
[ + lainaa]
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 15:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juu.

HJT-logi KillBoxin jälkeen (O4 - HKCU\..\Run: [ProbassSetup.exe] C:\DOCUME~1\---\TYPYT~1\PROBAS~1.EXE /r ei löytynyt):

Logfile of HijackThis v1.99.1
Scan saved at 19:45:18, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 15:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tän lokin yläpuolella on lisää ohjeita

Ota sitten taas uusi hjt:n loki

Mennään vähän ristiin mutta eiköhän se siintä :D

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lhavwfib.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)

================================================================

juuh, ei taho oikeen vauhdisa pysyä :D

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 16:02
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 15:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jep heh :)

O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing) ei löytynyt.

Logfile of HijackThis v1.99.1
Scan saved at 19:55:28, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 16:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

====================

Onkos siinä ulkoinen modeemi mihkä tämä kone on kiinitetty
=================


[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 16:05
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 16:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En saa tuota toimimaan. Ainakaan vielä. Yritin ladata tuon activex komponentin, mutta pienen latauksen jälkeen tulee tämä sivu http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html ilman noita accept/decline nappeja.

En tiedä heh, tuohon toiseen koneeseen tulee johto tuolta jostain seinän toiselta puolelta. En ole oikein mikään asiantuntija näissä asioissa.
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 16:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Käytä tossa ie selainta

ja paina accpet yritä vain uudestaan.

laita sille koneelle joku virusohjelma
Linkki

ja sieltä löytyy myös palomuurit
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 16:31
lintukala
Junior Member
_ 		29. heinäkuuta 2007 @ 16:31 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Käytin IE:tä. Nyt kokeilin eri tavalla ja ootin kun se latas jotain, nyt se sanoi että userilla pitäisi olla "administration rights" tai jotain, ja minulla on ne. Hmm.
[ + lainaa]
Hujo
Suspended permanently
_ 		29. heinäkuuta 2007 @ 16:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
järjestelmänvalvojan oikeudet hmmmm.....

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:

Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:


Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2007 @ 16:51
lintukala
Junior Member
_ 		3. elokuuta 2007 @ 19:34 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juu, eipä nuo viimeset jutut oikein toiminut, mutta kone tuntuu toimivan täydellisesti.. ei kuulu mitään ylimääräistä raksutusta jne. joten tämä taitaa riittää.

kiitos! =)
[ + lainaa]
Hujo
Suspended permanently
_ 		3. elokuuta 2007 @ 19:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tyhjennä kansio

C:\QooBox\Quarantine

tyhjennä roskakori

============================

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. elokuuta 2007 @ 20:00
Auttaja
Suspended permanently
_ 		4. elokuuta 2007 @ 05:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Miks logissa ei näy virustorjuntaa tai palomuuria?

======

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
lintukala
Junior Member
_ 		13. elokuuta 2007 @ 13:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt ¤#Z$#:ttaa. Sori, jouduin laittamaan koneen vähäksi aikaa suoraan nettiin ilman kunnon palomuuria ja virussuojaa ja kone on sekaisin. Älkää kysykö miksi, ei tule toistumaan heh.

Toistin jotkut noista Hujon edellisistä ohjeista ja kone on nyt vähän paremmassa kunnossa mutta vieläkin tulee pop-uppeja ja outpost palomuuri blokkaa firefoxin käytön lähes koko ajan yms.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:54:06, on 13.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\owylksos.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\---\Local Settings\Temporary Internet Files\Content.IE5\P4M7DQZF\hijackthis_self[1].exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5E78EACB-B424-4BA0-A5F8-446E2788DF0B} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\xhmvhrdj.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\tuvwvut.dll
O2 - BHO: (no name) - {EE6C6C36-17B0-4402-A0AE-B2BFE08E36F2} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\mdmovqjk.dll",forkonce
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E6E7DE9-75A1-446A-B6B7-EAB4B235FC41}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: tuvwvut - C:\WINDOWS\SYSTEM32\tuvwvut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\owylksos.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
[ + lainaa]
Auttaja
Suspended permanently
_ 		13. elokuuta 2007 @ 14:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
http://www.download.fi/tyopoytaohjelmat/...sto/antivir.cfm

Asenna toi tietokoneelle.. ja laita sitten uusi hijackthis logi.. sitten vasta puhistetaan :)
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
lintukala
Junior Member
_ 		13. elokuuta 2007 @ 15:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lainaus, alkuperäisen viestin kirjoitti Auttaja:
 http://www.download.fi/tyopoytaohjelmat/haittaohjelmien_poisto/antivir.cfm

Asenna toi tietokoneelle.. ja laita sitten uusi hijackthis logi.. sitten vasta puhistetaan :)

No asensin, mutta se on demoversio. Katsoin tuolta samalta lataus-sivulta että joku Avast oli saanut parempaa palautetta, eikö se olis hyvä? :D No kokeilen nyt tätä Aviraa.
En vielä skannannut mitään mutta tässä uusi hjt:

Logfile of HijackThis v1.99.1
Scan saved at 19:16:44, on 13.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntiVir Workstation\avscan.exe
C:\Program Files\AntiVir Workstation\avcenter.exe
C:\HJT\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\xhmvhrdj.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\tuvwvut.dll
O2 - BHO: (no name) - {EE6C6C36-17B0-4402-A0AE-B2BFE08E36F2} - (no file)
O2 - BHO: (no name) - {F11FFA48-6982-4324-A035-017C238789CB} - C:\WINDOWS\system32\awvvs.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\mdmovqjk.dll",forkonce
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1113135111304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1166809837250
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E6E7DE9-75A1-446A-B6B7-EAB4B235FC41}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: tuvwvut - C:\WINDOWS\SYSTEM32\tuvwvut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
[ + lainaa]
Auttaja
Suspended permanently
_ 		13. elokuuta 2007 @ 15:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
AntiVir Personal Edition on ilmainen virustorjuntaohjelma, joka tarjoaa luotettavan suojan viruksia vastaan. Eli kyll se toimii... ei oo mikään demo...

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
Mainos
_ 		__
 
_
lintukala
Junior Member
_ 		13. elokuuta 2007 @ 16:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kyllä tuo on demo versio, kokoversioon tarviaa jonkin lisenssikoodin. Tai sitten en nyt oikein osannut asentaa sitä oikein, on niin kuuma :D

"---" - 2007-08-13 19:27:01 [GMT 3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bmaqghpa.exe
C:\WINDOWS\system32\fpgrxmox.exe
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\awvvs.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-13 18:50 72,462 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\firstlsp.reg.dat
2007-08-13 16:42 69,184 --a------ C:\WINDOWS\system32\xhmvhrdj.dll
2007-08-13 16:39 125,504 --a------ C:\WINDOWS\system32\mdmovqjk.dll
2007-08-12 22:18 d-------- C:\Program Files\CDBurnerXP Pro 3
2007-08-12 19:54 d--hs---- C:\found.002
2007-08-12 16:10 d--hs---- C:\found.001
2007-08-12 14:02 d-------- C:\Program Files\Common Files\Agnitum Shared
2007-08-12 14:02 d-------- C:\Program Files\Agnitum
2007-08-12 13:45 13,312 --a------ C:\Program Files\s2f.exe
2007-08-11 21:06 7,168 --a------ C:\Program Files\crack.exe
2007-08-11 21:06 43 --a------ C:\Program Files\RUNME.bat
2007-08-11 21:06 38,925 --a------ C:\Program Files\keygen.exe
2007-08-11 21:06 0 --a------ C:\Program Files\install.exe
2007-08-11 21:02 31,254 --a------ C:\WINDOWS\system32\qomjghh.dll
2007-08-11 21:02 31,254 --a------ C:\WINDOWS\system32\gebabby.dll
2007-08-11 21:02 20,480 --a------ C:\WINDOWS\system32\wineak32.dll
2007-08-11 20:58 31,254 --a------ C:\WINDOWS\system32\tuvwvut.dll
2007-07-30 20:21 d-------- C:\DOCUME~1\ARIALS~1\.netbeans
2007-07-29 19:39 d-------- C:\!KillBox
2007-07-29 19:25 d-------- C:\Program Files\CCleaner
2007-07-29 15:47 d-------- C:\Bases
2007-07-29 15:44 d-------- C:\Kaspersky
2007-07-29 15:39 212 --a------ C:\delete.bat
2007-07-29 15:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 15:18 d-------- C:\WINDOWS\ERUNT
2007-07-29 15:04 d-------- C:\VundoFix Backups
2007-07-29 14:59 d-------- C:\HJT
2007-07-29 13:22 d-------- C:\WINDOWS\pss
2007-07-29 13:06 d-------- C:\Program Files\InterMute
2007-07-28 19:41 615 --a------ C:\WINDOWS\eReg.dat
2007-07-28 19:41 d-------- C:\Program Files\EA Games
2007-07-28 19:30 126,016 --a------ C:\WINDOWS\system32\tjlckxln.dll
2007-07-26 20:57 69,184 --a------ C:\WINDOWS\system32\agttpdid.dll
2007-07-23 18:04 126,016 --a------ C:\WINDOWS\system32\iiksgokx.dll
2007-07-23 17:57 126,016 --a------ C:\WINDOWS\system32\rjvvwctg.dll
2007-07-20 18:17 dr------- C:\DOCUME~1\JRJEST~1.000\K?ynnist?-valikko
2007-07-20 18:17 d--h----- C:\DOCUME~1\JRJEST~1.000\Tulostinymp?rist?
2007-07-20 18:17 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 18:17 d-------- C:\DOCUME~1\JRJEST~1.000\Ty?p?yt?
2007-07-20 18:17 d-------- C:\DOCUME~1\JRJEST~1.000\.netbeans
2007-07-20 18:16 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 19:18:58 -------- d-----w C:\DOCUME~1\---\APPLIC~1\uTorrent
2007-08-05 10:03:52 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-29 12:12:34 503,296 ------w C:\WINDOWS\system32\winlogon.exe
2007-07-29 05:50:41 -------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-07-20 15:17:06 -------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
2007-07-20 15:17:06 -------- d-----w C:\Program Files\QuickTime
2007-07-20 15:16:25 -------- d-----w C:\Program Files\bfgclient
2007-07-20 15:15:59 -------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-07-20 15:15:56 -------- d-----w C:\Program Files\Truck Dismount
2007-07-20 15:15:30 -------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2007-07-11 16:58:31 75,610 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-11 16:58:31 375,602 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-08 15:02:28 -------- d-----w C:\Program Files\Lavasoft
2007-07-03 14:02:33 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-07-02 15:31:34 -------- d-----w C:\DOCUME~1\---\APPLIC~1\OpenOffice.org2
2007-07-02 10:44:33 -------- d-----w C:\DOCUME~1\---\APPLIC~1\Zen Puzzle Garden
2007-06-28 21:27:22 -------- d-----w C:\Program Files\Soulseek
2007-06-27 12:15:11 -------- d-----w C:\Program Files\ffdshow
2007-06-25 19:20:20 -------- d-----w C:\Program Files\EphPod
2007-06-23 09:50:49 -------- d-----w C:\Program Files\Google
2007-06-20 18:40:36 -------- d-----w C:\Program Files\EA SPORTS
2007-06-20 18:39:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 18:39:02 -------- d-----w C:\Program Files\Shiny
2007-06-19 20:23:34 -------- d-----w C:\Program Files\Euroword2004
2007-06-17 08:54:38 -------- d-----w C:\Program Files\URUSoft
2007-06-17 08:33:09 -------- d-----w C:\Program Files\Electronic Arts
2007-06-16 12:11:55 -------- d-----w C:\DOCUME~1\---\APPLIC~1\BSplayer
2007-06-05 20:22:15 19 ----a-w C:\WINDOWS\popcinfo.dat
2007-05-18 14:20:08 389,120 ------w C:\WINDOWS\Setup1.exe
2007-05-18 14:20:03 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-17 11:15:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-03-02 01:18:00 2,616,321 ----a-w C:\Program Files\FairyTreasure.exe
2006-12-10 17:35:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-26 15:18:22 20,294,259 ----a-w C:\Program Files\fm.exe
2006-07-21 00:37:52 4,277,249 ----a-w C:\Program Files\HidExpTitanic.exe
2005-03-03 14:40:49 309 ----a-w C:\Program Files\Windows_XP_Professional_SP1_and_SP2_serial_number.txt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
2007-08-13 16:42 69184 --a------ C:\WINDOWS\system32\xhmvhrdj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
2007-08-11 20:58 31254 --a------ C:\WINDOWS\system32\tuvwvut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE6C6C36-17B0-4402-A0AE-B2BFE08E36F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 11:31 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 00:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-29 23:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-02 14:09]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" [2006-03-30 10:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}"= C:\WINDOWS\system32\tuvwvut.dll [2007-08-11 20:58 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvut]
tuvwvut.dll 2007-08-11 20:58 31254 C:\WINDOWS\system32\tuvwvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll

R0 uagp35;Microsoft AGPv3.5 -suodatin;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL
R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL
R3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
R3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
R3 HidUsb;Microsoft HID -luokkaohjain;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 dot4;MS IEEE-1284.4 -ohjain;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print-luokan ohjain IEEE-1284.4:?? varten;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB-massamuistiohjain;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6621e95e-e30d-11d9-ac87-0011099159b9}]
AutoRun\command- F:\AutoRunMorrowind.exe
install\command- F:\Setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 19:33:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 19:35:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 19:34
C:\ComboFix2.txt ... 2007-08-12 19:57
C:\ComboFix3.txt ... 2007-07-29 15:38

--- E O F ---
[ + lainaa]
 
Sivu:12>
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logini. kone täynnä viruksia.
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy