Menee hermo

Heips,

Mitäs kummaa nyt tehdään.. AVG:n normaali virustorjunta toimii, AVG:n anti-spyware kaatuu ja sammuttaa koko vehkeen kun löytää sen yhden pöpön joka täällä riehuu. Samoin kaatuu Kapersky ja koko vekotin pimenee. CCcleaneri on ajettu noin tuhanteen kertaan ja Spybottikin heittää pimeäksi.. Joku Troijalainen tai siis ilmeisesti parikin on touhuamassa kaikkee kivaa. Jos joku onnistuisi jelppaamaan, vaikka kaikki toimii näennäisesti nyt kunnolla, niin pakkohan se olis puhtaaksi saada... Kiittäen jo etukäteen.. =) Niin ja muuten smitfraudfix tai mikä olikaan heitti vekottimen nurin vikasietotilassa... Kivaa =(

Logfile of HijackThis v1.99.1
Scan saved at 18:13:21, on 28.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\ladatut\pakatut\HijackThis_v1.99.1.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Linkit
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6F9E6897-AE96-E5FA-BFBA-04F29139D9EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop

Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org

2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -

http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -

http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://software-dl.real.com/2568e81563b02f66ad05/netzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s

ite.cab?1156152028343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1158039912937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner

3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -

https://spinpalace.microgaming.com/freeplay/FlashAX.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{3F4C8EC3-C666-4845-8F80-E98FFC53EFF2}:

NameServer = 85.194.193.94,85.194.193.90
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,

Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Moi!

Lataa SmitfraudFix (by S!Ri) työpöydällesi.

Tuplaklikkaa tiedostoa SmitfraudFix.exe

Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

>>>

* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

*Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
*Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
*Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
*Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
*Klikaa vihreää nuolta oikealla ja scan alkaa.
*Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
*Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
*Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
*Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
*Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
*Sulje Dr.Web Cureit.
*Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
*Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.


Lähetä seuraavaan viestiisi:

1. uusi HijackThis loki
2. C:/rapport.txt
3. DrWeb.csv

 

Tässä logit paitsi että se pöpö kaato koneen Dr.Web CureIt aikana, eikä se pääse loppuun asti... Koitan nyt vielä uudestaan..

SmitFraudFix v2.158

Scan done at 19:20:20,35, ke 28.03.2007
Run from C:\Documents and Settings\Niemel„\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe



Logfile of HijackThis v1.99.1
Scan saved at 19:35:55, on 28.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\ladatut\pakatut\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6F9E6897-AE96-E5FA-BFBA-04F29139D9EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2568e81563b02f66ad05/netzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156152028343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158039912937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/freeplay/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4C8EC3-C666-4845-8F80-E98FFC53EFF2}: NameServer = 85.194.193.94,85.194.193.90
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Laita toi Smitfraud raportti kokonaisena.

 

Tän löysin

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-03-28, 19:21:53 [Niemelä]
Command-line: "C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 533 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 460 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 331 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 185598
Key file: C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\niemelä\työpöytä\drweb-cureit.exe
[Scan path] c:\program files\7-zip\7-zip.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\ahead\incd\incd.exe
[Scan path] c:\program files\ahead\incd\incdshx.dll
[Scan path] c:\program files\ahead\incd\incdsrv.exe
[Scan path] c:\program files\ati technologies\ati control panel\atiptaxx.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar2.dll
[Scan path] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg free\avgcc.exe
[Scan path] c:\program files\grisoft\avg free\avgemc.exe
[Scan path] c:\program files\grisoft\avg free\avgse.dll
[Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
[Scan path] c:\program files\internet explorer\iexplore.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\jusched.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\ssv.dll
[Scan path] c:\program files\openoffice.org 2.0\program\quickstart.exe
[Scan path] c:\program files\openoffice.org 2.0\program\shlxthdl.dll
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.bin
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
[Scan path] c:\program files\sony ericsson\mobile2\file manager\fmgrgui.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\ati2sgag.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\amdk7.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmuda.sys
[Scan path] c:\windows\system32\drivers\co_mon.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\dot4.sys
[Scan path] c:\windows\system32\drivers\dot4prt.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\fetnd5.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gameenum.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\incdpass.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irda.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\irsir.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\msmpu401.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pcntn5hl.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasirda.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\se2cbus.sys
[Scan path] c:\windows\system32\drivers\se2cmdfl.sys
[Scan path] c:\windows\system32\drivers\se2cmdm.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\sfdrv01.sys
[Scan path] c:\windows\system32\drivers\sfhlp02.sys
[Scan path] c:\windows\system32\drivers\sfvfs02.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uagp35.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvse.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuauclt.exe
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system\cmicnfg.cpl
[Scan path] d:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 310
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3370 Kb/s
Scan time: 00:00:26
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\ntuser.dat - read error
C:\Documents and Settings\Niemelä\NTUSER~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{33198~1 - read error
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-03-28, 19:40:28 [Niemelä]
Command-line: "C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwtoday.cdb - 533 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwrtoday.cdb - 460 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwntoday.cdb - 331 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwnasty.cdb - 4867 virus records
Total virus records: 185598
Key file: C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx1\_start.exe
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx1\cureit.exe
[Scan path] c:\documents and settings\niemelä\työpöytä\drweb-cureit.exe
[Scan path] c:\program files\7-zip\7-zip.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\ahead\incd\incd.exe
[Scan path] c:\program files\ahead\incd\incdshx.dll
[Scan path] c:\program files\ahead\incd\incdsrv.exe
[Scan path] c:\program files\ati technologies\ati control panel\atiptaxx.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\common files\teleca shared\capabilitymanager.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar2.dll
[Scan path] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg free\avgcc.exe
[Scan path] c:\program files\grisoft\avg free\avgemc.exe
[Scan path] c:\program files\grisoft\avg free\avgse.dll
[Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\jusched.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\ssv.dll
[Scan path] c:\program files\openoffice.org 2.0\program\quickstart.exe
[Scan path] c:\program files\openoffice.org 2.0\program\shlxthdl.dll
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.bin
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
[Scan path] c:\program files\sony ericsson\mobile2\file manager\fmgrgui.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\ati2sgag.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\amdk7.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmuda.sys
[Scan path] c:\windows\system32\drivers\co_mon.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\dot4.sys
[Scan path] c:\windows\system32\drivers\dot4prt.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\fetnd5.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gameenum.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\incdpass.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irda.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\irsir.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\msmpu401.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pcntn5hl.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasirda.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\se2cbus.sys
[Scan path] c:\windows\system32\drivers\se2cmdfl.sys
[Scan path] c:\windows\system32\drivers\se2cmdm.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\sfdrv01.sys
[Scan path] c:\windows\system32\drivers\sfhlp02.sys
[Scan path] c:\windows\system32\drivers\sfvfs02.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uagp35.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 257
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 4748 Kb/s
Scan time: 00:00:14
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\ntuser.dat - read error
C:\Documents and Settings\Niemelä\NTUSER~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{96034~1 - read error
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11


Sorry pätkä tosiaan jäi pois...

SmitFraudFix v2.158

Scan done at 19:20:20,35, ke 28.03.2007
Run from C:\Documents and Settings\Niemel„\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Niemel„


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Niemel„\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NIEMEL~1\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Access ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Tän löysin

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-03-28, 19:21:53 [Niemelä]
Command-line: "C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 533 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 460 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 331 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 185598
Key file: C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\niemelä\työpöytä\drweb-cureit.exe
[Scan path] c:\program files\7-zip\7-zip.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\ahead\incd\incd.exe
[Scan path] c:\program files\ahead\incd\incdshx.dll
[Scan path] c:\program files\ahead\incd\incdsrv.exe
[Scan path] c:\program files\ati technologies\ati control panel\atiptaxx.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar2.dll
[Scan path] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg free\avgcc.exe
[Scan path] c:\program files\grisoft\avg free\avgemc.exe
[Scan path] c:\program files\grisoft\avg free\avgse.dll
[Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
[Scan path] c:\program files\internet explorer\iexplore.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\jusched.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\ssv.dll
[Scan path] c:\program files\openoffice.org 2.0\program\quickstart.exe
[Scan path] c:\program files\openoffice.org 2.0\program\shlxthdl.dll
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.bin
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
[Scan path] c:\program files\sony ericsson\mobile2\file manager\fmgrgui.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\ati2sgag.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\amdk7.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmuda.sys
[Scan path] c:\windows\system32\drivers\co_mon.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\dot4.sys
[Scan path] c:\windows\system32\drivers\dot4prt.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\fetnd5.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gameenum.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\incdpass.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irda.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\irsir.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\msmpu401.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pcntn5hl.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasirda.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\se2cbus.sys
[Scan path] c:\windows\system32\drivers\se2cmdfl.sys
[Scan path] c:\windows\system32\drivers\se2cmdm.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\sfdrv01.sys
[Scan path] c:\windows\system32\drivers\sfhlp02.sys
[Scan path] c:\windows\system32\drivers\sfvfs02.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uagp35.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvse.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuauclt.exe
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system\cmicnfg.cpl
[Scan path] d:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 310
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3370 Kb/s
Scan time: 00:00:26
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\ntuser.dat - read error
C:\Documents and Settings\Niemelä\NTUSER~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{33198~1 - read error
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-03-28, 19:40:28 [Niemelä]
Command-line: "C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwtoday.cdb - 533 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43377.cdb - 1031 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwrtoday.cdb - 460 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwntoday.cdb - 331 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\crwnasty.cdb - 4867 virus records
Total virus records: 185598
Key file: C:\DOCUME~1\NIEMEL~1\LOCALS~1\Temp\RarSFX1\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx1\_start.exe
[Scan path] c:\documents and settings\niemelä\local settings\temp\rarsfx1\cureit.exe
[Scan path] c:\documents and settings\niemelä\työpöytä\drweb-cureit.exe
[Scan path] c:\program files\7-zip\7-zip.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\ahead\incd\incd.exe
[Scan path] c:\program files\ahead\incd\incdshx.dll
[Scan path] c:\program files\ahead\incd\incdsrv.exe
[Scan path] c:\program files\ati technologies\ati control panel\atiptaxx.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\common files\teleca shared\capabilitymanager.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar2.dll
[Scan path] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg free\avgcc.exe
[Scan path] c:\program files\grisoft\avg free\avgemc.exe
[Scan path] c:\program files\grisoft\avg free\avgse.dll
[Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\jusched.exe
[Scan path] c:\program files\java\jre1.5.0_11\bin\ssv.dll
[Scan path] c:\program files\openoffice.org 2.0\program\quickstart.exe
[Scan path] c:\program files\openoffice.org 2.0\program\shlxthdl.dll
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.bin
[Scan path] c:\program files\openoffice.org 2.0\program\soffice.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
[Scan path] c:\program files\sony ericsson\mobile2\file manager\fmgrgui.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\ati2sgag.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\amdk7.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmuda.sys
[Scan path] c:\windows\system32\drivers\co_mon.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\dot4.sys
[Scan path] c:\windows\system32\drivers\dot4prt.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\fetnd5.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gameenum.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\incdpass.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irda.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\irsir.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\msmpu401.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pcntn5hl.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasirda.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\se2cbus.sys
[Scan path] c:\windows\system32\drivers\se2cmdfl.sys
[Scan path] c:\windows\system32\drivers\se2cmdm.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\sfdrv01.sys
[Scan path] c:\windows\system32\drivers\sfhlp02.sys
[Scan path] c:\windows\system32\drivers\sfvfs02.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uagp35.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 257
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 4748 Kb/s
Scan time: 00:00:14
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\ntuser.dat - read error
C:\Documents and Settings\Niemelä\NTUSER~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Niemelä\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{96034~1 - read error
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Niemelä\Työpöytä\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11


Sorry pätkä tosiaan jäi pois...

SmitFraudFix v2.158

Scan done at 19:20:20,35, ke 28.03.2007
Run from C:\Documents and Settings\Niemel„\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Niemel„


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Niemel„\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NIEMEL~1\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Access ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

Lähetä C:\rapport.txt ja uusi HJT

 

Ei tule mitään, menee koko kone pimeeks kun ohjelma löytää sen pöpön... Tämä onkin vähän sitkeämpää laatua. Jossain vaiheessa näin, että siinä vilahti joku reboot, jonka jälkeen pimeni. Yritin sitä etsiä, mutta sitten kun se löytyi, laite pimeni taas... Ei tajua ja kaikki virusohjelmat menee nurin ja pimentää. Koitan nyt paukuttaa ohjelmia läpi asema kerrallaan, jos sais edes jotain poistettua. Katotaan kuinka sitten käy. Jos keksit jotain niin laita tietoa. Laitan ite jossain välissä logeja.

 

Tässä uusi HJT

Edelleen kaatuu, mutta AVG-scan meni loppuun asti..

Logfile of HijackThis v1.99.1
Scan saved at 17:32:56, on 29.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Outlook Express\msimn.exe
D:\ladatut\pakatut\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6F9E6897-AE96-E5FA-BFBA-04F29139D9EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2568e81563b02f66ad05/netzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156152028343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158039912937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/freeplay/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4C8EC3-C666-4845-8F80-E98FFC53EFF2}: NameServer = 85.194.193.94,85.194.193.90
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Löysikös AVG jotain?

Lataa ja tallenna Blacklight työpöydällesi;

Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

====================================

Mene vikasietotilaan ja poista käsin kansio:

C:\Program Files\Video Access ActiveX Object

Käynnistä koneesi takaisin normaalitilaan.

Normaalitilassa käynnistä Hjt, merkkaa seuraavat rivit ja paina Fix Checked:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6F9E6897-AE96-E5FA-BFBA-04F29139D9EF} - (no file)
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

 

No niin...

Eli AVG löysi downloader zlob atl, sama päätteellä asv ja obfuscated ev ja pari hassua adwarea ja poisti ne samantien.

Tässä näitä logeja nyt taas olis

03/29/07 18:23:39 [Info]: BlackLight Engine 1.0.55 initialized
03/29/07 18:23:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/29/07 18:23:39 [Note]: 7019 4
03/29/07 18:23:39 [Note]: 7005 0
03/29/07 18:23:40 [Note]: 7006 0
03/29/07 18:23:40 [Note]: 7011 424
03/29/07 18:23:40 [Note]: 7026 0
03/29/07 18:23:40 [Note]: 7026 0
03/29/07 18:23:45 [Note]: FSRAW library version 1.7.1021
03/29/07 18:28:44 [Note]: 2000 1012
03/29/07 18:28:44 [Note]: 2000 1012
03/29/07 18:28:44 [Note]: 7007 0

Logfile of HijackThis v1.99.1
Scan saved at 18:36:40, on 29.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
D:\ladatut\pakatut\HijackThis_v1.99.1.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2568e81563b02f66ad05/netzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156152028343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158039912937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/freeplay/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4C8EC3-C666-4845-8F80-E98FFC53EFF2}: NameServer = 85.194.193.94,85.194.193.90
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Fixataan vielä tämä pois:

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

Lokisi on muuten puhdas.

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi: Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi: Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

Löytyykös sulta sitä AVG raporttia ? Nähtäisiin missä ne örkit majaili.

 

Aivan mahtava, että tämmönen tohvelo saa täältä apuja. Pennut kun pyörii kaikilla mahdollisilla sivuilla mistä kaikki tunkee tänne. Olisko mitään vinkkejä, mitkä olis hyviä ohjelmia tän suojaukseen... Kiitos vielä ja taas kerran =))))

Tässä se AVG logi

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:55:29 29.3.2007

+ Scan result:



C:\WINDOWS\system32\tsdqvkwp\tsdqvkwp1.exe -> Adware.Ultimate : Cleaned.
C:\WINDOWS\system32\tsdqvkwp\tsdqvkwp2.exe -> Adware.Ultimate : Cleaned.
C:\WINDOWS\system32\tsdqvkwp\tsdqvkwp3.exe -> Adware.Ultimate : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP259\A0087413.exe -> Downloader.Zlob.asv : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP259\A0087412.exe -> Downloader.Zlob.atl : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP259\A0087414.exe -> Downloader.Zlob.atl : Cleaned.
C:\Documents and Settings\Niemelä\Cookies\niemelä@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\vanhac\Documents and Settings\Aleksi\Cookies\aleksi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\vanhac\Documents and Settings\Eetu\Cookies\eetu@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP260\A0092458.dll -> Trojan.Obfuscated.ev : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP260\A0092474.dll -> Trojan.Obfuscated.ev : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP260\A0092475.exe -> Trojan.Obfuscated.ev : Cleaned.
C:\System Volume Information\_restore{712A4DC3-FEEF-48E7-B4D5-91EF1E41AC77}\RP260\A0092485.exe -> Trojan.Obfuscated.ev : Cleaned.


::Report end

 

Muutama örvelö oli järjestelmänpalautus kansiossa.

Poista tämä kansio vielä: (joudut ehkä poistamaan vikasiedossa)
C:\WINDOWS\system32\tsdqvkwp\

===========================

Tyhjennä järjestelmän palautus:

1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta.
2. Valitse Properties/ominaisuudet.
3. Valitse System Restore/järjestelmän palauttaminen välilehti.
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa.
5. Paina Apply/käytä.
6. Paina OK.
7. Käynnistä kone uudelleen.
8. Laita järjestelmän palautus takaisin päälle (muuten samanlailla, mutta teet kohdan neljä käänteisesti).

======================================

Nyt kun olet puhdas, seuraavaksi pari vinkkiä kuinka pienennetään saastumisriskiä. Kaikista on saatavilla joko suomenkielinen versio sekä/tai suomenkielinen opas.

-> Taistele vastaan!!-> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!

-> Tyhjennä järjestelmänpalautus -> Ohjeet
Tyhejnnä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Käytä Ad-Awarea -> Ad-Aware
Lataa ja asenna Ad-Aware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Käytä AVG Anti-Spywarea -> AVG Anti-Spyware
Lataa ja asenna AVG Anti-Spyware. Päivitä se ja skannaa konettasi sillä säännöllisesti
Opas saatavilla suomeksi! (Ewido ulkoasulla) Nimimerkki Axelin opas

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

Pysy puhtaana

 

-> Taistele vastaan!!-> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!

tänne ehdottomasti - kuukausi sitten edellinen hyökkäys

-> Tyhjennä järjestelmänpalautus -> Ohjeet
Tyhejnnä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

Tää oli hyvä, ei ajatellut

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

käytössä easy cleanerin kanssa

-> Käytä Ad-Awarea -> Ad-Aware
Lataa ja asenna Ad-Aware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

ladattu =)

-> Käytä AVG Anti-Spywarea -> AVG Anti-Spyware
Lataa ja asenna AVG Anti-Spyware. Päivitä se ja skannaa konettasi sillä säännöllisesti
Opas saatavilla suomeksi! (Ewido ulkoasulla) Nimimerkki Axelin opas

Ei tehonnut vaikka kuinka yritti, mutta aikansa kun takoo, niin vihdoin toimi veivauksen jälkeen

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas


asennettu =)

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
Asennettu

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
Kumpi parempi ( pennut pyörii runessa ja tommosissa opera vaiko firefox ?

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
automaattinen

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
päivittäinen AVG


Tänks, jos nyt tää takkuaminen loppuis ja alkais uusi elämä - kunnes taas huudan kuukauden päästä täällä apua =) Kiitos mielenkiinnosta ja avusta..

 

Ad aware taas löysi kivaa =)) Tässä tulee oikeesti hulluksi ;-))

Pikkupentu oli ollut runessa tänään ja tässä saalis

ArchiveData(auto-quarantine- 2007-03-30 17-55-43.bckp)
Referencefile : SE1R163 26.03.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Niemelä\recent\Desktop.ini
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\internet explorer download directory
obj[4]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[5]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\mediaplayer\player\settings opendir
obj[6]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\mediaplayer\preferences cdrecordpath
obj[7]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[8]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\exe
obj[10]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[11]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[12]=MRU RegReference : S-1-5-21-1078081533-1202660629-725345543-1004\software\microsoft\windows media\wmsdk\general computername

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[12]=IECache Entry : Cookie:niemelä@revsci.net/
obj[13]=IECache Entry : Cookie:niemelä@zedo.com/
obj[14]=IECache Entry : Cookie:niemelä@atdmt.com/

WIN32.TROJANDOWNLOADER.ZLOB
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[15]=Regkey : videoaccess
obj[16]=Regkey : videoaxobject.chl
obj[17]=RegValue : software\microsoft\windows\currentversion\policies\explorer\run "user32.dll"

Ei kun taas kaikki veivaukset alusta - mikä hit** tässä oikein on Eiks sygaten palomuuri jotensakkin toimi - onko parempia ideoita...

 

tracking cookiet eivät ole vaarallisia ja nuokin näyttävät olevan vain rekisterimerkintöjä. vetele viikoittain ccleaner ja easycleaner

 

Kiittää ja kumartaa =) Eikä vielä onneksi ole hullu - hyvää viikonloppua =)

 

Juu sitä samaa

 

Osuin sattumalta Afterdawn uutisia lukiessani tälle viestiketjulle. Kun huomasin, miten ystävällisesti nim. treeltaa opastitte, rohkenen minäkin kääntyä kysymyksineni asiaa tuntevien puoleen. Huom. olen huomattavasti kokemattomampi käyttäjä kuin em.nimimerkki, sen voinee päätellä iästäni, joka puolestaan näkyy omassa nimimerkissäni. Nyt asiaan:
Itsellani on PC:ssä ( HP iextreme, ikä 4v.) oluut koko ajan F-securen täysohjelmisto ja olen suhteellisen hyvin selvinnyt örkeistä. Nyt viimeisen ohjelmiston asennuksen jälkeen se (siis FS) alkoi temppuilla ja kun sitä yhdessä FS:n tuen henkilöiden kanssa setvittiin ja poistettiin asennusta lisää ja poista ohjelman lisäksi muistakin kohteista (ilmeisesti lähinnä varmuuden vuoksi) poistui samalla Firefox ja Thunderbird, ilmeisesti koko Mic.office paketti (ainakin Word, Works ja Photo Editor, joita käytän säännöllisesti)sekä mm. Spywre Blaster ja jopa Mru Blaster. Helpotus oli suuri, kun sain Mozillat pelaamaan niin, että mitään kirjanmerkkejä, osoitteita tai viestejä ei ollut poistunut. Fs:n täysskannauksessa löytyi yksi eristetty haittaohjelma ja kaksi riskiohjelmaa, joista toinen on hallinnassa (siis tiedossa), mutta toista (NetTool.Win32.PsKill) en tunnista (tulee esille ainakin silloin, kun avaan PC:ni apuohjelman SmartRestoren, jolla ohjekirjan mukaan voisi asentaa ainakin Wordin uudelleen). Mainittakoon, että Mic.office ohjelmat olivat ostohetkellä asennettuna eikä mitään erillista Mic. office asennuspakettia CD:llä ei tullut mukana. Itse kuitenkin tein heti uutena Master levyt.
Minulla oli aikaisemmin Lavasoftin suomenkielinen Ad-Aware, mutta Fs:n tukikäski sen poistamaan ja käyttämään heidän vastaavaa omaansa (joka mielestäni on yksi yhteen vastaava Lsoftin kanssa). Se ei kuitenkaan ole suomenkielinen ja pitkän saksan lukijana varsinkin tietokonenglantini on todella heikko, joten ohjelman kustomointi ei ole ehkä kohdallaan. Käytän sitä kuitenkin viikottain. Muuta ei ole löytynyt kuin 5-15 kpl mru-list:ja, jotka olen aina poistanut. Voinko kustomoida Fs:n ad-awaren LSoftin suomenkielisen ohjeen mukaan ? vai voinko peräti ottaa sen käyttöön vaikka Fs:n vastaava on koneella.