1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

mulle sanottii että loki tänne joten täs on mun hjt loki

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Juippi93 21.10.2007.

  1. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    täs tää uus compo fiksi


    ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-27 16:51:07.3 - NTFSx86
    Komentosarjan C:\ComboFix\osid.vbs suoritusaika ylitettiin.
    Komentosarjan suorittaminen p„„ttyi.
    Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\eeplluym.dll
    C:\WINDOWS\system32\ejgqlcsg.dll
    C:\WINDOWS\system32\pfqfcoki.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\eeplluym.dll
    C:\WINDOWS\system32\ejgqlcsg.dll
    C:\WINDOWS\system32\pfqfcoki.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-27 to 2007-10-27 )))))))))))))))))
    .

    2007-10-26 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-25 15:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-10-25 15:19 <KANSIO> d-------- C:\VundoFix Backups
    2007-10-23 17:05 <KANSIO> d-------- C:\ijji
    2007-10-21 19:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
    2007-10-21 19:29 <KANSIO> d-------- C:\Program Files\NHN USA
    2007-10-21 19:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
    2007-10-21 19:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-21 19:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-21 19:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-21 19:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-21 19:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-21 19:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-21 10:46 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-10-11 16:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
    2007-10-10 15:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 08:10 --------- d-----w C:\Program Files\JAM KT v3
    2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
    2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
    2007-09-19 16:39 --------- d-----w C:\Program Files\HP
    2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
    2007-09-18 16:03 --------- d-----w C:\Program Files\MSXML 6.0
    2007-09-17 19:18 --------- d-----w C:\Program Files\MSBuild
    2007-09-17 18:50 --------- d-----w C:\Program Files\Reference Assemblies
    2007-09-11 14:07 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
    2007-09-10 17:45 --------- d-----w C:\Program Files\DivX
    2007-09-09 13:43 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
    2007-09-09 11:19 --------- d-----w C:\Program Files\Vidomi
    2007-09-09 09:34 --------- d-----w C:\Program Files\Apache2
    2007-09-07 14:22 --------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
    2007-09-07 14:06 --------- d-----w C:\Program Files\DVD Decrypter
    2007-09-05 08:46 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
    2007-09-05 08:43 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
    2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
    2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
    2007-09-04 04:57 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
    2007-09-03 15:39 --------- d-----w C:\Program Files\Lavasoft
    2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
    2007-09-03 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-03 14:07 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
    2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
    2007-09-01 18:31 --------- d-----w C:\Program Files\MPEG4 Direct Maker
    2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
    2007-09-01 17:29 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
    2007-09-01 11:33 --------- d-----w C:\Program Files\Audacity
    2007-09-01 10:08 --------- d-----w C:\Program Files\FMV-Extractor
    2007-09-01 09:58 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
    2007-09-01 09:44 --------- d-----w C:\Program Files\RealMedia
    2007-09-01 09:44 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
    2007-09-01 09:44 --------- d-----w C:\Program Files\DScaler5
    2007-09-01 09:44 --------- d-----w C:\Program Files\CD Audio Reader Filter
    2007-09-01 09:43 --------- d-----w C:\Program Files\SHOUTcast Source
    2007-09-01 09:43 --------- d-----w C:\Program Files\Haali
    2007-09-01 09:42 --------- d-----w C:\Program Files\ffdshow
    2007-09-01 09:41 --------- d-----w C:\Program Files\DirectVobSub
    2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
    2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
    2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
    2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
    2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-27 11:39 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\HP
    2007-08-27 09:21 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\HP
    2007-08-27 08:40 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-08-27 08:37 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
    "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 07:14]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 10:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 04:51]
    "F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
    "F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
    "News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
    "nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 18:27]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 20:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
    R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
    R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2007-10-27 14:00:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    "2007-10-27 07:50:04 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-27 16:58:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-27 17:03:33 - machine was rebooted
    .
    --- E O F ---
     
  2.  
  3. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    täs on tää

    KASPERSKY ONLINE SCANNER REPORT
    Saturday, October 27, 2007 7:49:27 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 27/10/2007
    Kaspersky Anti-Virus database records: 447112


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 64917
    Number of viruses found 9
    Number of infected objects 12
    Number of suspicious objects 0
    Duration of the scan process 02:24:59

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12032006-221314.log Object is locked skipped

    C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispn.ini Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispnc.items Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispnr.items Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0E4F6227-C9E4-420D-A1DC-080F3C2C9869} Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Sivuhistoria\History.IE5\MSHist012007102720071028\index.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temp\hpodvd09.log Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\ntuser.dat Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\MARKUS HYNNINEN\Työpöytä\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\e9750716b551743d7aa6\mrtstub.exe Object is locked skipped

    C:\Program Files\Sonera Tietoturva\Anti-Virus\dbupdate.log Object is locked skipped

    C:\Program Files\Sonera Tietoturva\Anti-Virus\Qrt.log Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chandir.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chandir.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chn.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chn.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\D0000000.FCS Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\fsbwupst.log Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\inuse.txt Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\L0000015.FCS Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\main.log Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_die.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_die.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_dnd.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_dnd.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_ext.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_ext.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_rcv.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_rcv.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\storydb.dat Object is locked skipped

    C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\storydb.idx Object is locked skipped

    C:\Program Files\Sonera Tietoturva\Common\admin.pub Object is locked skipped

    C:\Program Files\Sonera Tietoturva\Common\policy.bpf Object is locked skipped

    C:\Program Files\Sonera Tietoturva\Common\policy.ipf Object is locked skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\cmluehih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0002812.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP24\A0004943.dll Object is locked skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004967.dll Object is locked skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004968.dll Object is locked skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004969.dll Object is locked skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004974.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009126.dll Object is locked skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0010305.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vr skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017523.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP38\change.log Object is locked skipped

    C:\VundoFix Backups\vtstq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.vr skipped

    C:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb Object is locked skipped

    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped

    C:\WINDOWS\$NtUninstallQ311542$\pci.sys Object is locked skipped

    C:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.inf Object is locked skipped

    C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped

    C:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ328940$\reg00003 Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\13173mr3.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped

    C:\WINDOWS\system32\4d8861tf.dll Infected: not-a-virus:AdWare.Win32.Sahat.be skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
  4. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    ja vielä löytyy örkkejä :D

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Poista kansio C:\VundoFixBackups

    Lähetä combofix.txt

    laitetaan vielä yksi skanneri,niitä voi olla vielä..

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi
     
    Viimeksi muokattu: 28.10.2007
  5. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    täs tass compo fix


    ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-27 16:51:07.3 - NTFSx86
    Komentosarjan C:\ComboFix\osid.vbs suoritusaika ylitettiin.
    Komentosarjan suorittaminen p„„ttyi.
    Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\eeplluym.dll
    C:\WINDOWS\system32\ejgqlcsg.dll
    C:\WINDOWS\system32\pfqfcoki.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\eeplluym.dll
    C:\WINDOWS\system32\ejgqlcsg.dll
    C:\WINDOWS\system32\pfqfcoki.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-27 to 2007-10-27 )))))))))))))))))
    .

    2007-10-26 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-25 15:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-10-25 15:19 <KANSIO> d-------- C:\VundoFix Backups
    2007-10-23 17:05 <KANSIO> d-------- C:\ijji
    2007-10-21 19:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
    2007-10-21 19:29 <KANSIO> d-------- C:\Program Files\NHN USA
    2007-10-21 19:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
    2007-10-21 19:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-21 19:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-21 19:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-21 19:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-21 19:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-21 19:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-21 10:46 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-10-11 16:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
    2007-10-10 15:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 08:10 --------- d-----w C:\Program Files\JAM KT v3
    2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
    2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
    2007-09-19 16:39 --------- d-----w C:\Program Files\HP
    2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
    2007-09-18 16:03 --------- d-----w C:\Program Files\MSXML 6.0
    2007-09-17 19:18 --------- d-----w C:\Program Files\MSBuild
    2007-09-17 18:50 --------- d-----w C:\Program Files\Reference Assemblies
    2007-09-11 14:07 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
    2007-09-10 17:45 --------- d-----w C:\Program Files\DivX
    2007-09-09 13:43 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
    2007-09-09 11:19 --------- d-----w C:\Program Files\Vidomi
    2007-09-09 09:34 --------- d-----w C:\Program Files\Apache2
    2007-09-07 14:22 --------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
    2007-09-07 14:06 --------- d-----w C:\Program Files\DVD Decrypter
    2007-09-05 08:46 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
    2007-09-05 08:43 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
    2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
    2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
    2007-09-04 04:57 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
    2007-09-03 15:39 --------- d-----w C:\Program Files\Lavasoft
    2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
    2007-09-03 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-03 14:07 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
    2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
    2007-09-01 18:31 --------- d-----w C:\Program Files\MPEG4 Direct Maker
    2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
    2007-09-01 17:29 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
    2007-09-01 11:33 --------- d-----w C:\Program Files\Audacity
    2007-09-01 10:08 --------- d-----w C:\Program Files\FMV-Extractor
    2007-09-01 09:58 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
    2007-09-01 09:44 --------- d-----w C:\Program Files\RealMedia
    2007-09-01 09:44 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
    2007-09-01 09:44 --------- d-----w C:\Program Files\DScaler5
    2007-09-01 09:44 --------- d-----w C:\Program Files\CD Audio Reader Filter
    2007-09-01 09:43 --------- d-----w C:\Program Files\SHOUTcast Source
    2007-09-01 09:43 --------- d-----w C:\Program Files\Haali
    2007-09-01 09:42 --------- d-----w C:\Program Files\ffdshow
    2007-09-01 09:41 --------- d-----w C:\Program Files\DirectVobSub
    2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
    2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
    2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
    2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
    2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-27 11:39 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\HP
    2007-08-27 09:21 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\HP
    2007-08-27 08:40 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-08-27 08:37 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
    "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 07:14]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 10:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 04:51]
    "F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
    "F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
    "News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
    "nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 18:27]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 20:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
    R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
    R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2007-10-27 14:00:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    "2007-10-27 07:50:04 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-27 16:58:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-27 17:03:33 - machine was rebooted
    .
    --- E O F ---
     
  6. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    sit vielä se f-securen loki
     
  7. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    täs tää o


    Scanning Report
    Sunday, October 28, 2007 20:11:10 - 05:18:14
    Computer name: PEKKA
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\


    --------------------------------------------------------------------------------

    Result: 74 malware found
    Trojan.Win32.BHO.hj (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004967.0LL (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004968.0LL (Submitted)
    Trojan.Win32.Pakes.sc (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009126.0LL (Submitted)
    Vundo.dam (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015443.dll (Submitted)
    Vundo.gen38 (virus)
    C:\WINDOWS\system32\gsclqgje.ini (Submitted)
    C:\WINDOWS\system32\kbawhros.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0011422.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0003832.ini (Submitted)
    Vundo.gen39 (virus)
    C:\WINDOWS\system32\apodjjxc.ini (Submitted)
    C:\WINDOWS\system32\etwfvudc.ini (Submitted)
    C:\WINDOWS\system32\ikocfqfp.ini (Submitted)
    C:\WINDOWS\system32\raibkfqs.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP5\A0001163.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017529.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017533.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017534.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP36\A0017490.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015450.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0016454.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017455.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017475.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP34\A0015427.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP32\A0009318.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP30\A0009235.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009183.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0008135.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009157.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP27\A0007058.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP26\A0005055.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0005007.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP24\A0004957.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP23\A0004919.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0004889.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0001737.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0002743.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP16\A0001612.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP16\A0001633.ini (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\gyxsnbry.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\hiheulmc.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\vrexfpmx.ini.vir (Submitted)
    Vundo.gen41 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017523.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017524.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017527.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017528.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015440.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0010305.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0012412.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009169.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009192.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP27\A0006044.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004974.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0005017.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0002724.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP17\A0001639.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\cmluehih.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\kfislpxi.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\xmpfxerv.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\yrbnsxyg.dll.vir (Submitted)
    Vundo.gen44 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015442.dll (Submitted)
    Vundo.gen45 (virus)
    C:\WINDOWS\system32\cktmqcng.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017491.ini (Submitted)
    W32/DLoader.AKWR (virus)
    C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\gsda.dll.vir (Submitted)
    W32/Suspicious_F.gen (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP31\A0009289.exe (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP31\A0009292.exe (Submitted)
    W32/Virtumonde.HZW (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017526.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\uibyoeyl.dll.vir (Submitted)
    W32/Vundo.U (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017525.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\ltvywrgo.dll.vir (Submitted)
    W32/Vundo.dam (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP9\A0001262.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP4\A0000134.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP3\A0000067.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP2\A0000030.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP14\A0001453.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP14\A0001454.dll (Submitted)

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 274288
    System: 5232
    Not scanned: 312
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 0
    None: 74
    Submitted: 74
    Files not scanned:
    &#65533;&#65533;*x&#65533;IBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
    C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
    C:\WINDOWS\$NTUNINSTALLQ328940$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ323172$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ318966$\SPUNINST\Q318966.LOG
    C:\WINDOWS\$NTUNINSTALLQ314862$\QMGR.DLL
    C:\WINDOWS\$NTUNINSTALLQ314862$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ311542$\PCI.SYS
    C:\WINDOWS\$NTUNINSTALLQ311542$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ309521$\LSASRV.DLL
    C:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\BROWSER.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
    C:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL
    C:\WINDOWS\$NTUNINSTALLKB829558$\DAO360.DLL
    C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
    C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
    C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
    C:\WINDOWS\$NTUNINSTALLKB824141$\SYSMAIN.SDB
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017454.NEW
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0013415.INI
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\CHANDIR.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\L0000015.FCS
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\PRS.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\STORYDB.DAT
    C:\PROGRAM FILES\METAL GEAR SOLID\MGSVIDEO.CFG
    stagevr/selectvr/replay.con
    stagevr/vab_cfr/replay.con
    stagevr/vab_clm/replay.con
    stagevr/vab_fms/replay.con
    stagevr/vab_grn/replay.con
    stagevr/vab_nkt/replay.con
    stagevr/vab_psg/replay.con
    stagevr/vab_scm/replay.con
    stagevr/vab_stg/replay.con
    stagevr/vab_sud/replay.con
    stagevr/vcd_n01/replay.con
    stagevr/vcd_n02/replay.con
    stagevr/vcd_n03/replay.con
    stagevr/vcd_n04/replay.con
    stagevr/vcd_n05/replay.con
    stagevr/vcd_n06/replay.con
    stagevr/vefgh_01/replay.con
    stagevr/vefgh_02/replay.con
    stagevr/vefgh_03/replay.con
    stagevr/vefgh_04/replay.con
    stagevr/vefgh_05/replay.con
    stagevr/vefgh_06/replay.con
    stagevr/vefgh_07/replay.con
    stagevr/vefgh_08/replay.con
    stagevr/vefgh_09/replay.con
    stagevr/vefgh_10/replay.con
    stagevr/vijkl_01/replay.con
    stagevr/vijkl_02/replay.con
    stagevr/vijkl_03/replay.con
    stagevr/vijkl_04/replay.con
    stagevr/vijkl_05/replay.con
    stagevr/vijkl_06/replay.con
    stagevr/vijkl_07/replay.con
    stagevr/vijkl_08/replay.con
    stagevr/vijkl_09/replay.con
    stagevr/vijkl_10/replay.con
    stagevr/vr_cfr01/replay.con
    stagevr/vr_cfr02/replay.con
    stagevr/vr_cfr03/replay.con
    stagevr/vr_cfr04/replay.con
    stagevr/vr_cfr05/replay.con
    stagevr/vr_clm01/replay.con
    stagevr/vr_clm02/replay.con
    stagevr/vr_clm03/replay.con
    stagevr/vr_clm04/replay.con
    stagevr/vr_clm05/replay.con
    stagevr/vr_fms01/replay.con
    stagevr/vr_fms02/replay.con
    stagevr/vr_fms03/replay.con
    stagevr/vr_fms04/replay.con
    stagevr/vr_fms05/replay.con
    stagevr/vr_grn01/replay.con
    stagevr/vr_grn02/replay.con
    stagevr/vr_grn03/replay.con
    stagevr/vr_grn04/replay.con
    stagevr/vr_grn05/replay.con
    stagevr/vr_nkt01/replay.con
    stagevr/vr_nkt02/replay.con
    s&#65533;&#65533;W

    --------------------------------------------------------------------------------

    Options
    Scanning engines:
    F-Secure AVP: 7.0.171, 2007-10-27
    F-Secure Blacklight: 1.0.64
    F-Secure Draco: 1.0.35, 2007-10-15
    F-Secure Libra: 2.4.2, 2007-10-26
    F-Secure Orion: 1.2.37, 2007-10-28
    F-Secure Pegasus: 1.19.0, 2007-09-18
    Scanning options:
    Scan all files
    Scan inside archives
    Use Advanced heuristics

    --------------------------------------------------------------------------------

    Copyright © 1998-2006 Product support |Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
  8. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    ja vielä löytyy....

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    ja f-secure uusiks...

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi

    Lähetä combofix-loki ja f-secure-loki
     
  9. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    täs on tää combo mut ajan sen f -securen huomen ammuna ku viimeks siin menii se 8 tuntii et se oli valmis ni ei sitte tarvi oottaa


    ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-30 15:02:11.5 - NTFSx86
    Komentosarjan C:\ComboFix\osid.vbs suoritusaika ylitettiin.
    Komentosarjan suorittaminen p„„ttyi.
    Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MARKUS HYNNINEN\Ty”p”yt„\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\apodjjxc.ini
    C:\WINDOWS\system32\cktmqcng.ini
    C:\WINDOWS\system32\etwfvudc.ini
    C:\WINDOWS\system32\gsclqgje.ini
    C:\WINDOWS\system32\ikocfqfp.ini
    C:\WINDOWS\system32\kbawhros.ini
    C:\WINDOWS\system32\raibkfqs.ini
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\apodjjxc.ini
    C:\WINDOWS\system32\cktmqcng.ini
    C:\WINDOWS\system32\etwfvudc.ini
    C:\WINDOWS\system32\gsclqgje.ini
    C:\WINDOWS\system32\ikocfqfp.ini
    C:\WINDOWS\system32\kbawhros.ini
    C:\WINDOWS\system32\raibkfqs.ini

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-28 to 2007-10-30 )))))))))))))))))
    .

    2007-10-27 16:09 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-26 13:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-25 14:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-10-23 16:05 <KANSIO> d-------- C:\ijji
    2007-10-21 18:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
    2007-10-21 18:29 <KANSIO> d-------- C:\Program Files\NHN USA
    2007-10-21 18:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
    2007-10-21 18:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-21 18:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-21 18:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-21 18:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-21 18:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-21 18:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-21 09:46 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-10-11 15:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
    2007-10-10 14:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-09-19 18:41 <KANSIO> d-------- C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
    2007-09-19 18:41 <KANSIO> d-------- C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
    2007-09-18 18:03 <KANSIO> d-------- C:\Program Files\MSXML 6.0
    2007-09-17 21:18 <KANSIO> d-------- C:\Program Files\MSBuild
    2007-09-17 20:59 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
    2007-09-17 20:50 <KANSIO> d-------- C:\Program Files\Reference Assemblies
    2007-09-17 20:45 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-09-12 07:50 <KANSIO> d-------- C:\e9750716b551743d7aa6
    2007-09-09 11:26 <KANSIO> d-------- C:\Program Files\Vidomi
    2007-09-07 16:05 <KANSIO> d-------- C:\Program Files\DVD Decrypter
    2007-09-07 14:23 <KANSIO> d-------- C:\Program Files\Apache2
    2007-09-07 13:46 <KANSIO> d-------- C:\Program Files\CD_DVD-ROM Generator 1.20
    2007-09-05 12:31 <KANSIO> d-------- C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
    2007-09-05 10:46 <KANSIO> d-------- C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
    2007-09-05 10:43 <KANSIO> d-------- C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
    2007-09-03 17:39 <KANSIO> d-------- C:\Program Files\Lavasoft
    2007-09-03 17:38 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-03 16:07 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
    2007-09-03 06:47 <KANSIO> d-------- C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
    2007-09-02 16:27 <KANSIO> d-------- C:\Program Files\DivX
    2007-09-02 13:33 <KANSIO> d-------- C:\Program Files\JAM KT v3
    2007-09-02 13:33 5,992,448 --a------ C:\WINDOWS\system32\JAMktSetup_uninstall.exe
    2007-09-02 13:33 429,568 --a------ C:\WINDOWS\system32\fmod64.dll
    2007-09-02 13:33 161,280 --a------ C:\WINDOWS\system32\fmod.dll
    2007-09-02 08:36 996,648 --a------ C:\WINDOWS\system32\ShellManager10E2D762.dll
    2007-09-02 01:45 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
    2007-09-01 22:49 <KANSIO> d-------- C:\whitepaper
    2007-09-01 20:23 <KANSIO> d-------- C:\Program Files\MPEG4 Direct Maker
    2007-09-01 20:23 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
    2007-09-01 20:23 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
    2007-09-01 19:29 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
    2007-09-01 12:06 <KANSIO> d-------- C:\Program Files\FMV-Extractor
    2007-09-01 11:58 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
    2007-09-01 11:44 <KANSIO> d-------- C:\Program Files\RealMedia
    2007-09-01 11:44 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
    2007-09-01 11:44 <KANSIO> d-------- C:\Program Files\DScaler5
    2007-09-01 11:44 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
    2007-09-01 11:43 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
    2007-09-01 11:43 <KANSIO> d-------- C:\Program Files\Haali
    2007-09-01 11:42 <KANSIO> d-------- C:\Program Files\ffdshow
    2007-09-01 11:42 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-09-01 11:41 <KANSIO> d-------- C:\Program Files\DirectVobSub
    2007-09-01 11:32 <KANSIO> d-------- C:\Program Files\Audacity

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-19 16:39 --------- d-----w C:\Program Files\HP
    2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
    2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
    2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
    2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
    2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
    2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
    2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
    2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
    2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
    2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
    2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 09:59 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 09:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 09:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-20 09:58 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 09:58 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 09:58 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 09:58 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 09:58 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 09:58 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 09:58 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 09:58 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 09:58 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 09:58 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 09:58 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 09:58 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 09:58 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 09:58 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 09:58 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 09:58 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-17 10:21 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:21 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-07-30 16:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 16:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 16:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 16:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 16:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 16:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 16:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 16:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 16:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 16:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 16:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 16:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 16:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 16:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 16:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-09 13:19 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-26_14.53.26.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-20 03:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2007-09-17 18:57:16 68,980 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-10-28 06:53:40 68,980 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-09-17 18:57:19 82,246 ----a-w C:\WINDOWS\system32\perfc00B.dat
    + 2007-10-28 06:53:40 82,246 ----a-w C:\WINDOWS\system32\perfc00B.dat
    - 2007-09-17 18:57:17 434,382 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-10-28 06:53:40 434,382 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-09-17 18:57:19 408,300 ----a-w C:\WINDOWS\system32\perfh00B.dat
    + 2007-10-28 06:53:41 408,300 ----a-w C:\WINDOWS\system32\perfh00B.dat
    - 2007-04-02 11:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-04-02 12:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01]
    "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 12:40]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 15:45]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 06:14]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 09:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 03:51]
    "F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 16:51]
    "F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 10:29]
    "News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 14:45]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
    "nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 17:27]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
    "NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 19:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:40]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
    R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
    R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2007-10-30 12:52:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    "2007-10-30 12:51:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-30 15:06:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-30 15:07:36
    C:\ComboFix2.txt ... 2007-10-28 19:28
    C:\ComboFix3.txt ... 2007-10-27 16:03
    .
    --- E O F ---
     
  10. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    juu ajan sen vast viikon loppuna ku porukat sano et en saa jättää sit tänne yksin päälle ku ei oo ketää kotona
     
  11. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    vi*** kesti taas kauan, ja sitte??


    Scanning Report
    Friday, November 02, 2007 14:22:16 - 20:21:30
    Computer name: PEKKA
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\


    --------------------------------------------------------------------------------

    Result: 81 malware found
    Trojan.Win32.BHO.hj (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004967.0LL (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004968.0LL (Submitted)
    Trojan.Win32.Pakes.sc (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009126.0LL (Submitted)
    Vundo.dam (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015443.dll (Submitted)
    Vundo.gen38 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020823.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020825.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0011422.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0003832.ini (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\gsclqgje.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\kbawhros.ini.vir (Submitted)
    Vundo.gen39 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP5\A0001163.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020820.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020822.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020824.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020826.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017529.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017533.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017534.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP36\A0017490.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015450.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0016454.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017455.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017475.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP34\A0015427.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP32\A0009318.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP30\A0009235.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009183.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0008135.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009157.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP27\A0007058.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP26\A0005055.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0005007.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP24\A0004957.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP23\A0004919.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0004889.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0001737.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0002743.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP16\A0001612.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP16\A0001633.ini (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\apodjjxc.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\etwfvudc.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\gyxsnbry.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\hiheulmc.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\ikocfqfp.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\raibkfqs.ini.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\vrexfpmx.ini.vir (Submitted)
    Vundo.gen41 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017523.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017524.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017527.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017528.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015440.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0010305.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0012412.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009169.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009192.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP27\A0006044.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004974.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0005017.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP19\A0002724.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP17\A0001639.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\cmluehih.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\kfislpxi.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\xmpfxerv.dll.vir (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\yrbnsxyg.dll.vir (Submitted)
    Vundo.gen44 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015442.dll (Submitted)
    Vundo.gen45 (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP40\A0020821.ini (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017491.ini (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\cktmqcng.ini.vir (Submitted)
    W32/DLoader.AKWR (virus)
    C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\gsda.dll.vir (Submitted)
    W32/Suspicious_F.gen (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP31\A0009289.exe (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP31\A0009292.exe (Submitted)
    W32/Virtumonde.HZW (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017526.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\uibyoeyl.dll.vir (Submitted)
    W32/Vundo.U (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017525.dll (Submitted)
    C:\qoobox\Quarantine\C\WINDOWS\system32\ltvywrgo.dll.vir (Submitted)
    W32/Vundo.dam (virus)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP9\A0001262.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP4\A0000134.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP3\A0000067.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP2\A0000030.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP14\A0001453.dll (Submitted)
    C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP14\A0001454.dll (Submitted)

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 275995
    System: 5248
    Not scanned: 312
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 0
    None: 81
    Submitted: 81
    Files not scanned:
    &#65533;R(IBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
    C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
    C:\WINDOWS\$NTUNINSTALLQ328940$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ323172$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ318966$\SPUNINST\Q318966.LOG
    C:\WINDOWS\$NTUNINSTALLQ314862$\QMGR.DLL
    C:\WINDOWS\$NTUNINSTALLQ314862$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ311542$\PCI.SYS
    C:\WINDOWS\$NTUNINSTALLQ311542$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ309521$\LSASRV.DLL
    C:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\BROWSER.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
    C:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL
    C:\WINDOWS\$NTUNINSTALLKB829558$\DAO360.DLL
    C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
    C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
    C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
    C:\WINDOWS\$NTUNINSTALLKB824141$\SYSMAIN.SDB
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017454.NEW
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0013415.INI
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\CHANDIR.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\L0000016.FCS
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\PRS.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\STORYDB.DAT
    C:\PROGRAM FILES\METAL GEAR SOLID\MGSVIDEO.CFG
    stagevr/selectvr/replay.con
    stagevr/vab_cfr/replay.con
    stagevr/vab_clm/replay.con
    stagevr/vab_fms/replay.con
    stagevr/vab_grn/replay.con
    stagevr/vab_nkt/replay.con
    stagevr/vab_psg/replay.con
    stagevr/vab_scm/replay.con
    stagevr/vab_stg/replay.con
    stagevr/vab_sud/replay.con
    stagevr/vcd_n01/replay.con
    stagevr/vcd_n02/replay.con
    stagevr/vcd_n03/replay.con
    stagevr/vcd_n04/replay.con
    stagevr/vcd_n05/replay.con
    stagevr/vcd_n06/replay.con
    stagevr/vefgh_01/replay.con
    stagevr/vefgh_02/replay.con
    stagevr/vefgh_03/replay.con
    stagevr/vefgh_04/replay.con
    stagevr/vefgh_05/replay.con
    stagevr/vefgh_06/replay.con
    stagevr/vefgh_07/replay.con
    stagevr/vefgh_08/replay.con
    stagevr/vefgh_09/replay.con
    stagevr/vefgh_10/replay.con
    stagevr/vijkl_01/replay.con
    stagevr/vijkl_02/replay.con
    stagevr/vijkl_03/replay.con
    stagevr/vijkl_04/replay.con
    stagevr/vijkl_05/replay.con
    stagevr/vijkl_06/replay.con
    stagevr/vijkl_07/replay.con
    stagevr/vijkl_08/replay.con
    stagevr/vijkl_09/replay.con
    stagevr/vijkl_10/replay.con
    stagevr/vr_cfr01/replay.con
    stagevr/vr_cfr02/replay.con
    stagevr/vr_cfr03/replay.con
    stagevr/vr_cfr04/replay.con
    stagevr/vr_cfr05/replay.con
    stagevr/vr_clm01/replay.con
    stagevr/vr_clm02/replay.con
    stagevr/vr_clm03/replay.con
    stagevr/vr_clm04/replay.con
    stagevr/vr_clm05/replay.con
    stagevr/vr_fms01/replay.con
    stagevr/vr_fms02/replay.con
    stagevr/vr_fms03/replay.con
    stagevr/vr_fms04/replay.con
    stagevr/vr_fms05/replay.con
    stagevr/vr_grn01/replay.con
    stagevr/vr_grn02/replay.con
    stagevr/vr_grn03/replay.con
    stagW&#65533;&#65533;b
    C:\HIBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
    C:\WINDOWS\$aISx@ (26$\MSDXM.OCX
    C:\WINDOWS\$NTUNINSTALLQ328940$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ323172$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ318966$\SPUNINST\Q318966.LOG
    C:\WINDOWS\$NTUNINSTALLQ314862$\QMGR.DLL
    C:\WINDOWS\$NTUNINSTALLQ314862$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ311542$\PCI.SYS
    C:\WINDOWS\$NTUNINSTALLQ311542$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ309521$\LSASRV.DLL
    C:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\BROWSER.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
    C:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL
    C:\WINDOWS\$NTUNINSTALLKB829558$\DAO360.DLL
    C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
    C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
    C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
    C:\WINDOWS\$NTUNINSTALLKB824141$\SYSMAIN.SDB
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017454.NEW
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0013415.INI
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\CHANDIR.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\L0000016.FCS
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\PRS.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\STORYDB.DAT
    C:\PROGRAM FILES\METAL GEAR SOLID\MGSVIDEO.CFG
    stagevr/selectvr/replay.con
    stagevr/vab_cfr/replay.con
    stagevr/vab_clm/replay.con
    stagevr/vab_fms/replay.con
    stagevr/vab_grn/replay.con
    stagevr/vab_nkt/replay.con
    stagevr/vab_psg/replay.con
    stagevr/vab_scm/replay.con
    stagevr/vab_stg/replay.con
    stagevr/vab_sud/replay.con
    stagevr/vcd_n01/replay.con
    stagevr/vcd_n02/replay.con
    stagevr/vcd_n03/replay.con
    stagevr/vcd_n04/replay.con
    stagevr/vcd_n05/replay.con
    stagevr/vcd_n06/replay.con
    stagevr/vefgh_01/replay.con
    stagevr/vefgh_02/replay.con
    stagevr/vefgh_03/replay.con
    stagevr/vefgh_04/replay.con
    stagevr/vefgh_05/replay.con
    stagevr/vefgh_06/replay.con
    stagevr/vefgh_07/replay.con
    stagevr/vefgh_08/replay.con
    stagevr/vefgh_09/replay.con
    stagevr/vefgh_10/replay.con
    stagevr/vijkl_01/replay.con
    stagevr/vijkl_02/replay.con
    stagevr/vijkl_03/replay.con
    stagevr/vijkl_04/replay.con
    stagevr/vijkl_05/replay.con
    stagevr/vijkl_06/replay.con
    stagevr/vijkl_07/replay.con
    stagevr/vijkl_08/replay.con
    stagevr/vijkl_09/replay.con
    stagevr/vijkl_10/replay.con
    stagevr/vr_cfr01/replay.con
    stagevr/vr_cfr02/replay.con
    stagevr/vr_cfr03/replay.con
    stagevr/vr_cfr04/replay.con
    stagevr/vr_cfr05/replay.con
    stagevr/vr_clm01/replay.con
    stagevr/vr_clm02/replay.con
    stagevr/vr_clm03/replay.con
    stagevr/vr_clm04/replay.con
    stagevr/vr_clm05/replay.con
    stagevr/vr_fms01/replay.con
    stagevr/vr_fms02/replay.con
    stagevr/vr_fms03/replay.con
    stagevr/vr_fms04/replay.con
    stagevr/vr_fms05/replay.con
    stagevr/vr_grn01/replay.con
    stagevr/vr_grn02/replay.con
    stagevr/vr_grn03/replay.con
    stagevr/vr_grn04/replay.con
    stagevr/vr_grn05/replay.con
    stagevr/vr_nkt01/replay.con
    stagevr/vr_nkt02/replay.con
    s&#65533;&#65533;W
    C:\HIBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
    C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
    C:\WINDOWS\$NTUNINSTALLQ328940$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ323172$\REG00003
    C:\WINDOWS\$NTUNINSTALLQ318966$\SPUNINST\Q318966.LOG
    C:\WINDOWS\$NTUNINSTALLQ314862$\QMGR.DLL
    C:\WINDOWS\$NTUNINSTALLQ314862$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ311542$\PCI.SYS
    C:\WINDOWS\$NTUNINSTALLQ311542$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLQ309521$\LSASRV.DLL
    C:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.EXE
    C:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\BROWSER.DLL
    C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
    C:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL
    C:\WINDOWS\$NTUNINSTALLKB829558$\DAO360.DLL
    C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
    C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
    C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
    C:\WINDOWS\$NTUNINSTALLKB824141$\SYSMAIN.SDB
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0017454.NEW
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0013415.INI
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
    C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\CHANDIR.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\L0000016.FCS
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\PRS.DAT
    C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4653381\USERS\DEFAULT\DATA\STORYDB.DAT
    C:\PROGRAM FILES\METAL GEAR SOLID\MGSVIDEO.CFG
    stagevr/selectvr/replay.con
    stagevr/vab_cfr/replay.con
    stagevr/vab_clm/replay.con
    stagevr/vab_fms/replay.con
    stagevr/vab_grn/replay.con
    stagevr/vab_nkt/replay.con
    stagevr/vab_psg/replay.con
    stagevr/vab_scm/replay.con
    stagevr/vab_stg/replay.con
    stagevr/vab_sud/replay.con
    stagevr/vcd_n01/replay.con
    stagevr/vcd_n02/replay.con
    stagevr/vcd_n03/replay.con
    stagevr/vcd_n04/replay.con
    stagevr/vcd_n05/replay.con
    stagevr/vcd_n06/replay.con
    stagevr/vefgh_01/replay.con
    stagevr/vefgh_02/replay.con
    stagevr/vefgh_03/replay.con
    stagevr/vefgh_04/replay.con
    stagevr/vefgh_05/replay.con
    stagevr/vefgh_06/replay.con
    stagevr/vefgh_07/replay.con
    stagevr/vefgh_08/replay.con
    stagevr/vefgh_09/replay.con
    stagevr/vefgh_10/replay.con
    stagevr/vijkl_01/replay.con
    stagevr/vijkl_02/replay.con
    stagevr/vijkl_03/replay.con
    stagevr/vijkl_04/replay.con
    stagevr/vijkl_05/replay.con
    stagevr/vijkl_06/replay.con
    stagevr/vijkl_07/replay.con
    stagevr/vijkl_08/replay.con
    stagevr/vijkl_09/replay.con
    stagevr/vijkl_10/replay.con
    stagevr/vr_cfr01/replay.con
    stagevr/vr_cfr02/replay.con
    stagevr/vr_cfr03/replay.con
    stagevr/vr_cfr04/replay.con
    stagevr/vr_cfr05/replay.con
    stagevr/vr_clm01/replay.con
    stagevr/vr_clm02/replay.con
    stagevr/vr_clm03/replay.con
    stagevr/vr_clm04/replay.con
    stagevr/vr_clm05/replay.con
    stagevr/vr_fms01/replay.con
    stagevr/vr_fms02/replay.con
    stagevr/vr_fms03/replay.con
    stagevr/vr_fms04/replay.con
    stagevr/vr_fms05/replay.con
    stagevr/vr_grn01/replay.con
    stagevr/vr_grn02/replay.con
    stagevr/vr_grn03/replay.con
    stagevr/vr_grn04/replay.con
    stagevr/vr_grn05/replay.con
    stagevr/vr_nkt01/replay.con
    stagevr/vr_nkt02/replay.con
    stagevr/vr_nkt03/replay.con
    stagevr/vr_nkt04/replay.con
    stagevr/vr_nkt05/replay.con
    stagevr/vr_psg01/replay.con C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_DANGER14.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_DANGER15.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_DANGER16.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_EARTH.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FANFARE01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FANFARE02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FANFARE03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY09.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY10.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY11.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY12.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY13.MP3JINGLE_FIGHT_EASY13.mp3JINGLE_FIGHT_EASY13.mp3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_EASY16.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD09.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD10.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD11.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD12.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD13.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD14.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD15.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_HARD16.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL09.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL10.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL11.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL12.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL13.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL14.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL15.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_NORMAL16.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER09.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER10.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER11.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER12.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER13.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER14.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER15.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIGHT_OVER16.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_FIRE.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE09.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_MAINQUEST_DONE10.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_SPACE.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\JINGLE_WATER.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_ARENA01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_BEFORE_ENDFIGHT.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DEATH.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DEMON_ENDFIGHT.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DESERT01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DUNGEON01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DUNGEON02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DUNGEON03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_DUNGEON04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_ENTER_KHORADNUR.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT04.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT05.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT06.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT07.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT08.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_FIGHT_GIANTSPIDER.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_ICE01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_KILLING_DEMORDEY.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_LAVA01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_MASCARELL.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_MENU.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_PUB.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_VILLAGE01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_VILLAGE_SIEGE_MILITARY.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_VILLAGE_SIEGE_UNDEAD.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_WOOD01.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_WOOD02.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_WOOD03.MP3C:\PROGRAM FILES\ASCARON ENTERTAINMENT\SACRED UNDERWORLD\MP3\MUSIC_WRONGLEVEL.MP3C:\MTG BATTLE\(PC.GAME).MAGIC.THE.GATHERING.-.BATTLEGROUNDS.(CD.ITA.1.OF.2)(BY.SANDRONE)(LOSTSOUL.HOMEIP.NET).ISOC:\MTG BATTLE\(PC.GAME).MAGIC.THE.GATHERING.-.BATTLEGROUNDS.(CD.ITA.2.OF.2)(BY.SANDRONE)(LOSTSOUL.HOMEIP.NET).ISObios1.romC:\E9750716B551743D7AA6\MRTSTUB.EXEC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\NTUSER.DATC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\HANREPORTFORCLIENT.DLLC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\MSVCP71.DLLC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\MSVCR71.DLLC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\INTERFACE\DEFAULT.MRSC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\INTERFACE\LOGIN.MRSC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\TY&#65533;P&#65533;YT&#65533;\IJJI\ENGLISH\GUNZ\INTERFACE\MONSTERILLUST.MRSC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\OMAT TIEDOSTOT\DOWNLOADS\COUNTER-STRIKE-SOURCE[NOCD][NOSTEAM]\CSS FULL.EXEC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{3B9346BF-7500-4341-8817-8083B2857EA0}C:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\MARKUS HYNNINEN\APPLICATION DATA\ISPNEWS\ISPN.INIC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric3.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric4.zip\sbRecovery.reg

    --------------------------------------------------------------------------------

    Options
    Scanning engines:
    F-Secure AVP: 7.0.171, 2007-11-02
    F-Secure Blacklight: 1.0.64
    F-Secure Draco: 1.0.35, 0603-150-72
    F-Secure Libra: 2.4.2, 2007-10-30
    F-Secure Orion: 1.2.37, 2007-11-02
    F-Secure Pegasus: 1.19.0, 2007-10-01
    Scanning options:
    Scan all files
    Scan inside archives
    Use Advanced heuristics

    --------------------------------------------------------------------------------

    Copyright © 1998-2006 Product support |Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
  12. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    huoh....

    poista kansio C:\qoobox ja samalla voit poistaa combofix.exe:n

    niin paljon tiedostoja jättii skannaamatta että pakko vielä yhellä skannerilla tarkistaa ennen kun puhistetaan järjestelmän palautus

    Tarkista koneesi Panda Online Skannerilla:

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    [*] Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta
    [*]Uusi ikkuna aukeaa...klikkaa Check Now-painiketta
    [*]Valitse maa, Country
    [*]Syötä kaupunki, State/Province
    [*]Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta
    [*]Valitse joko kotikäyttäjä Home User tai yritys Company
    [*]Klikkaa suurta Scan Now-painiketta
    [*]Jos ActiveX-komponentin asentamista kysytään, salli se.
    [*]Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja)
    [*]Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen
    [*]Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).[/list]

    Liitä Pandan skannausraportin sisältö vastaukseesi uuden HijackThis-lokin kera.
     
  13. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    ekana tulee... HIjackthis



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:41:59, on 3.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
    C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\JAM KT v3\JAMktv3.exe
    C:\Program Files\Trend Micro\HijackThis\Juippi.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c336.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095593698578
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 11503 bytes
     
  14. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    ja nyt scanner



    Incident Status Location

    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\MARKUS HYNNINEN\Cookies\markus_hynninen@burstnet[2].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\MARKUS HYNNINEN\Cookies\markus_hynninen@yadro[1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MARKUS HYNNINEN\Työpöytä\SmitfraudFix\Process.exe
    Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\MARKUS HYNNINEN\Työpöytä\SmitfraudFix\Reboot.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\MARKUS HYNNINEN\Työpöytä\SmitfraudFix\restart.exe
    Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    Adware:adware/ncase Not disinfected C:\temp\salmau.dat
    Virus:Generic Malware Disinfected C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
     
  15. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    lokit ok
    vielä ongelmia ??
     
  16. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    no nyt on pakko muokata viestiä sillä löysin ongelman aina ku pelaan jotain suht vanhoja pelejä esim. magic the gathering battlegrounds, metal gear solid 1, tai gunz the duel(joka on lempi pelini) ni alkaa tapahtua aika hatuttavia juttuja ku pleaan metal gearia tai mtg battle groundsia niin peli hahmo alkaa juosta suoraan ylös päin ja kun pelaan gunzia tyyppi katsoo suraan ylös eikä hiirtä voi kontrolloida

    eli jos tähä vielä vastaus löytyis ni hyvä on jos ei ni ei voi minkää muuten ei oo mitää vikaa
     
    Viimeksi muokattu: 04.11.2007
  17. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    moi
    tuohon ongelmaan en tiedä vastausta :)
    putsaa pölyt?
    eheytä levy ?
    nämä toimenpiteet voi auttaa....
    päivitä java...

    Javan päivitys ja välimuistin tyhjennys:

    1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
    2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
    Niissä pitäisi olla seuraava kuva vieressä: [​IMG]
    3. Valitse kaikki entiset Java versiosi ja valitse Poista.
    4. Asenna uusin Java päivitys seuraavasta linkistä..
    5. Käynnistä kone uudelleen asennuksen jälkeen:

    http://java.sun.com/javase/downloads/index.jsp

    Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

    Paina Download

    Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

    6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

    7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

    (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
    Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle
    ).

    8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

    *Applications and Applets

    *Trace and Log Files



    Ja paina OK -nappia

    9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

    10. Klikkaa OK jättääksesi Java asetusikkunasi.

    putsaa kone...

    Lataa CCleaner tästä
    *Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    *Asennuksen jälkeen aukaise CCleaner.
    *Valitse vasemmalta pystyrivistä Options.
    *Valitse viereisestä pystyrivistä Settings.
    *Language kohtaan valitse Suomi.
    Puhdistaja
    *Valitse vasemmalta pystyrivistä Puhdistaja.
    *Paina alhaalta Tutki.
    Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
    *Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
    Rekisterin virheiden korjaus
    *Valitse vasemmalta pystyrivistä Virheet.
    *Paina alhaalta Etsi rekisterin virheitä.
    *Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
    *Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
    *Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
    *Saat vielä varmistus kysymyksen, paina Ok.
    *Kun virheet on korjattu, paina Sulje.
    *Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

    putsaa järjestelmän palautus

    Putsaa järjestelmän palautus:
    1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
    2. Valitse Properties/ominaisuudet
    3. Valitse System Restore/järjestelmän palauttaminen välilehti
    4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
    5. Paina Apply/käytä
    6. Paina OK
    7. Käynnistä kone uudelleen
    8. Palauta asetukset takaisin
     
  18. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    juu oon ny tehny kaiken mitä sanoit/kirjotit mutta kun eheytin levyn tossa viimesenä niin toi kone hidastu iha prkleesti ja se eheytys ikkunakii sammu noin 1 minuuttii sitten mä pätin sammuttaa sen koneen joten painoin sammuta sielt käynnistä valikosta kone sammu sitten mä myöhemmin päätin mennä takasin siihen koneelle ni ku mä käynnistin sen se heitti siihe ruutuun just ennen ku rupes lataan windowsia tällsen messagen

    Non-system disc or disc error replace and strike any key when ready

    enkä mä pysty enää käynnistää konettaettä oonko mä ny jotenki sählänny (vaikka en iedä onko tämä mahdollista) sen eheytyksen kans sillee et mä oon jotenkin helvetissä saanu ton koneen formatoimaa ittesä. siis aika vitun lame jumalauta miten ton saa korjattua

    by the way kirjoitin tän viestin isoveljen kannettavalla
     
  19. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46
    käynnistä vikasietotilassa jos pystyt ja sitten teet järjestelmän palautuksen viimeseen toimivaan päivään
     
  20. Juippi93

    Juippi93 Regular member

    Liittynyt:
    10.10.2007
    Viestejä:
    305
    Kiitokset:
    0
    Pisteet:
    26
    oon yrittäny tota jo ei pysty käynnistää vikasietotilassa ku painan f8 se heittää sen tekstin siihe uudestaa

    eli muita ehdotuksia??
     
  21. tomato71

    tomato71 Regular member

    Liittynyt:
    30.04.2006
    Viestejä:
    1,151
    Kiitokset:
    0
    Pisteet:
    46

Jaa tämä sivu