HJT-LOGI

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Rosterx 22.08.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. Rosterx

    Rosterx Member

    Liittynyt:
    22.08.2006
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    Ongelma on sellainen että koneelle tuli haittaohjelma, minkä mukana tuli sitten myös pari troijalaista ilmeisestikkin.
    NOPEA APU TARPEEN!

    Tässä logi

    Logfile of HijackThis v1.99.1
    Scan saved at 8:53:34, on 22.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\r_server.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\TBPanel.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Razer\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Razer\razerofa.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Media-Codec\pmmon.exe
    C:\Program Files\Media-Codec\isamonitor.exe
    C:\Program Files\Media-Codec\isamini.exe
    C:\Program Files\Media-Codec\pmsngr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\Media-Codec\iesplugin.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Boost XP Service] C:\Program Files\Boost XP\bxservice.exe
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ath.cx
    O17 - HKLM\Software\..\Telephony: DomainName = ath.cx
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ath.cx
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ath.cx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\system32\vwlummc.dll (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
     
    Viimeksi muokattu: 22.08.2006
    Rosterx, 22.08.2006
    #1
  2.  
  3. Rosterx

    Rosterx Member

    Liittynyt:
    22.08.2006
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    C:\Program Files\Media-Codec\pmmon.exe
    C:\Program Files\Media-Codec\isamonitor.exe
    C:\Program Files\Media-Codec\isamini.exe
    C:\Program Files\Media-Codec\pmsngr.exe

    nämä prosessit tiedän että ovat haitallisia, mutta niitä en saa pois tuolta, eikä tuota media-codeccia saa pois.
     
    Rosterx, 22.08.2006
    #2
  4. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ensinnäkin koneessa olisi hyvä olla virustorjunta ja palomuuri
    Kumpaakaan ei näy :)

    Lataa SmitfraudFix (c) S!Ri
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.
     
    -kemisti-, 22.08.2006
    #3
  5. lintukala

    lintukala Member

    Liittynyt:
    29.08.2006
    Viestejä:
    47
    Kiitokset:
    0
    Pisteet:
    16
    en ole Rosterx, mutta mulla on sama ongelma ja tässä on smitfraudfix logi:

    SmitFraudFix v2.81

    Scan done at 17:37:06,60, ti 29.08.2006
    Run from C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\.protected FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\vwlummc.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Security Troubleshooting.url FOUND !
    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Ohjelmat\KYNNIS~1\.protected FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EEMELI~1.KUK\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Media-Codec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{2C1CD3D7-86AC-4068-93BC-A02304BB2234}"="DCOM Server 2234"

    [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
    @="C:\WINDOWS\system32\2234_32.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
    @="C:\WINDOWS\system32\2234_32.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    lintukala, 29.08.2006
    #4
  6. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @lintukala:

    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Lähetä sen sisältö ja HjT-loki tänne, ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/316714



     
    -kemisti-, 29.08.2006
    #5
  7. lintukala

    lintukala Member

    Liittynyt:
    29.08.2006
    Viestejä:
    47
    Kiitokset:
    0
    Pisteet:
    16
    Kiitos avusta =)

    tein ohjeittesi mukaan ja tässä on smitfraudfix logi cleanin jälkeen:


    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\vwlummc.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\.protected Deleted
    C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1.WIN\TYPYT~1\Security Troubleshooting.url Deleted
    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Security Troubleshooting.url Deleted
    C:\DOCUME~1\ALLUSE~1.WIN\KYNNIS~1\Ohjelmat\KYNNIS~1\.protected Deleted
    C:\Program Files\Media-Codec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{2C1CD3D7-86AC-4068-93BC-A02304BB2234}"="DCOM Server 2234"

    [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
    @="C:\WINDOWS\system32\2234_32.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2234}\InProcServer32]
    @="C:\WINDOWS\system32\2234_32.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» End






    ja tässä HJT- logi:


    O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
    O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
    O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
    O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
    O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
    O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
    O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
    O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
    O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
    O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
    O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [rpcc] rpcc.exe
    O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
    O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
    O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
    O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
    O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - E:\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


    Kyllä tämä ainakin jotain auttoi. vieläkin jotain pop-uppeja tuntuu näytölle ilmestyvän.
     
    lintukala, 29.08.2006
    #6
  8. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    HjT-loki ei ole kokonainen. Se alkaa sanoilla "Logfile of HijackThis..."
    Eli lähetäpä uudestaan.

    Tuolla bottiarmeijalla ym. sanoisin kyllä melkeen format C:
    Nuo kaikki örkkejä:


    O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
    O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
    O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
    O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
    O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
    O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
    O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
    O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
    O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
    O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
    O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
    O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
    O4 - HKLM\..\Run: [rpcc] rpcc.exe
    O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
    O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
    O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
    O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
    O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
    O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
    O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Mutta itse teet päätöksesi :)

     
    Viimeksi muokattu: 29.08.2006
    -kemisti-, 29.08.2006
    #7
  9. lintukala

    lintukala Member

    Liittynyt:
    29.08.2006
    Viestejä:
    47
    Kiitokset:
    0
    Pisteet:
    16
    tässä uudestaan tuo hjt-logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:30, on 29.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    E:\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\D-Tools\daemon.exe
    D:\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\3ff2ab07.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\$NtUninstallKB5470665$\kavss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\DC++\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {681DB8F4-4401-0D8F-8A12-03AD07435D9E} - C:\WINDOWS\system32\hfjwwel.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
    O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
    O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
    O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
    O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
    O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
    O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
    O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
    O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
    O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
    O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [rpcc] rpcc.exe
    O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
    O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
    O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
    O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
    O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - E:\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


    Niin. En tiedä miten tuo formatointi tapahtuu, mutta koitan etsiä ohjeita. :) Eikö ole muuta tehtävissä kuin formatointi? Monet noista örkeistä on mielestäni jo pitkään ollut koneessa, enkä ole huomannut että niistä hirveästi haittaa olisi ollut.
    Viimeaikoina tehtävienhallinnan prosesseissa explorer.exen muistin käyttö on ollut aina jotain 40-90 000 kt, vaikka ei mitään netti ohjelmaa ole ollut päällä.. mistäköhän tämä voisi johtua?
     
    lintukala, 29.08.2006
    #8
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Siis kyllä voin puhdistaa koneesi, mutta siellä on vaan näköjään yks backdoor, yksi keylogger ja botteja, niin itse en käyttäisi tuota enää ilman forkkausta...

    Tässä puhdistusohjeet:

    Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
    tai täältä >
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.

    Fixaa nämä:

    R3 - Default URLSearchHook is missing
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {681DB8F4-4401-0D8F-8A12-03AD07435D9E} - C:\WINDOWS\system32\hfjwwel.dll
    O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
    O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
    O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
    O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
    O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
    O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
    O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
    O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
    O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
    O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
    O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
    O4 - HKLM\..\Run: [Blondes]C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
    O4 - HKLM\..\Run: [rpcc] rpcc.exe
    O4 - HKLM\..\Run: [3ff2ab07.exe] C:\WINDOWS\system32\3ff2ab07.exe
    O4 - HKLM\..\Run: [yxphhml.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxphhml.dll,ptrvdfc
    O4 - HKCU\..\Run: [3ff2ab07.exe] C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
    O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
    O16 - DPF: {174EA75A-71FE-0366-0A4D-15B211408337} - http://85.255.114.166/1/rdgFI2507.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
    O16 - DPF: {6E303873-F427-2926-3677-3DE4500ECCCC} - http://85.255.114.166/1/rdgFI2507.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36608DF3-36B4-4E89-90B4-41D67E6C96A3}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E91F0C67-8265-4C4F-8BFB-B5F0785CEC57}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
    O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\system32\2234_32.dll
    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Sitten käynnistä -> suorita
    kirjoita sc stop mousecrm ja klikkaa ok
    sitten sc delete mousecrm ja klikkaa ok
    sitten sc stop PowerManager ja klikkaa ok
    sitten sc delete PowerManager ja klikkaa ok

    Lataa Killbox Option^Explicitiltä.

    Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

    [*]Tallenna työpöydällesi.
    [*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
    [*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
    [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

    C:\WINDOWS\system32\hfjwwel.dll
    C:\windows\mrjj.exe
    C:\WINDOWS\bykih.exe
    C:\WINDOWS\addlc.exe
    C:\WINDOWS\sdkro.exe
    C:\WINDOWS\system32\d3yj.exe
    C:\WINDOWS\sdkun.exe
    C:\WINDOWS\sdkkn32.exe
    C:\WINDOWS\iphy.exe
    C:\WINDOWS\system32\apihc.exe
    C:\WINDOWS\system32\atlit32.exe
    C:\WINDOWS\system32\iewb.exe
    C:\WINDOWS\system32\ipec32.exe
    C:\WINDOWS\system32\3ff2ab07.exe
    C:\WINDOWS\system32\yxphhml.dll
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Application Data\3ff2ab07.exe
    C:\DOCUME~1\EEMELI~1.KUK\LOCALS~1\Temp\3.tmp5120.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe
    C:\WINDOWS\system32\2234_32.dll
    C:\WINDOWS\System32\mousecrm.exe
    C:\WINDOWS\svchost.exe



    [*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

    [*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).[/list]
    Käynnistä koneesi itse jos se ei sitä automaattisesti tee.

    Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta


    [*]Käynnistä Ewido Anti-Spyware.
    [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    • Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    • Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    • Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    • Sitten "Reports" valikon alta:
      • Laita täppi kohtaan "Automatically generate report after every scan"
      • Ota täppi pois kohdasta"Only if threats were found"
      • Sulje ohjelma, ÄLÄ skannaa vielä.
        Käynnistä koneesi vikasietotilaan, Ohje!

        HUOM! Älä käytä muita ohjelmia Ewidon skannauksen aikana, tämä saattaa häiritä skannausta.
      • Kun vikasietotilassa, käynnistä Ewido Anti-Spyware.
      • Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
      • Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

        Kun skannaus on valmis:
        TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
      • Varmistu, että Set all elements to: näyttää Quarantine(1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
      • Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
        [​IMG]
      • Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
      • Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
      • Sulje ohjelma, käynnistä kone normaalisti ja lähetä Ewidon raportti viestikejuusi.

        Lähetä:

        - uusi HjT-loki
        - c:\fixwareout\report.txt
        - ewidon raportti
     
    Viimeksi muokattu: 30.08.2006
    -kemisti-, 30.08.2006
    #9
  11. lintukala

    lintukala Member

    Liittynyt:
    29.08.2006
    Viestejä:
    47
    Kiitokset:
    0
    Pisteet:
    16
    HJT-logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:30, on 30.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    E:\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\D-Tools\daemon.exe
    D:\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    E:\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    E:\DC++\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
    O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] E:\Creative Zen Nano Plus\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




    fixwareout logi:

    Fixwareout ver 1.003
    Last edited 8/11/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes
    ...

    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»
    Search five digit cs, dm and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.
    Directory of C:\WINDOWS\system32
    {BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.





    ewidon logi:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 13:13:11 30.8.2006

    + Scan result:



    HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Error during cleaning.
    C:\WINDOWS\system32\{BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe -> Adware.Casino : Cleaned with backup (quarantined).
    D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf -> Adware.Comet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Error during cleaning.
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/10a.exe -> Adware.WinAD : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mscdaux.dll -> Backdoor.Delf.aml : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\2234_28.dll -> Backdoor.Dsrv : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\6.tmp -> Downloader.Agent.aly : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\E367EH2R\miniclipGameLoader[1].dll -> Downloader.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp3072.exe -> Downloader.Small.dcj : Cleaned with backup (quarantined).
    F:\My Received Files\My Received Files\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp -> Downloader.Tiny.bo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[35].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[36].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\339FFXKS\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[35].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[36].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[37].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[38].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[39].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[40].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[41].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNNJ2SLL\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[30].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[31].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[32].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[33].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[34].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\U5VKLKB6\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\4.tmp5120.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJM7QXQB\script-20[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
    E:\DC++\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
    C:\winstall.exe.tcf -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ipod.raw.exe -> Proxy.Lager.ce : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Cookies\maarit@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Cookies\eemeli@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Cookies\eemeli@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\SK@J:exsglm -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    C:\WINDOWS\SK@J:vqsazq -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\2234_27.dll -> Trojan.Agent.pk : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YGJN98T\UDefender_Installer[1].exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\4DIBC5AV\UDefender_Installer[1].exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\msn.exe -> Trojan.Sinowal.al : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.an : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00014.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\$_3472452.EXE -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).


    ::Report end


     
    lintukala, 30.08.2006
    #10
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Poista tuo -> C:\WINDOWS\system32\{BA9CA5BE-9234-4DB9-92B9-7CBB8B50BDCE}.exe

    Tyhjennä roskis

    Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

    Lähetä myös uusi HjT-loki.
     
    Viimeksi muokattu: 30.08.2006
    -kemisti-, 30.08.2006
    #11
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu