1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Your computer is infected - teksti

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi ceecee 05.12.2005.

  1. risuaita

    risuaita Member

    Liittynyt:
    18.07.2006
    Viestejä:
    3
    Kiitokset:
    0
    Pisteet:
    11
    Samaa ongelmaa pukkaa ku ifinlandilla. Eli sama kuva näkyy välillä tuolla. Lisäksi windows ei käynnisty joka kerta. Toivoisin apua ongelmaani.

    Tässä hijacklog ja tän alla smitfraudfix:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:24:17, on 18.7.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {2A2A833D-01E5-4B56-AE6D-95218AA23F61} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {35258323-B5B6-4805-AD5A-325DD70C90A6} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22821b74e80a001f2e05/netzip/RdxIE601.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

    Smitfraudfix:

    SmitFraudFix v2.73

    Scan done at 20:25:49,62, ti 18.07.2006
    Run from D:\Hijackthis\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ld???.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\mzoeut.dll FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ronny Malmberg\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\RONNYM~1\KYNNIS~1\Ohjelmat\SpywareStrike FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RONNYM~1\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"

    [HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
    @="C:\WINDOWS\system32\wiatwain.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
    @="C:\WINDOWS\system32\wiatwain.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @risuaita:

    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Lähetä sen sisältö ja uusi HjT-loki tänne.
     
  4. risuaita

    risuaita Member

    Liittynyt:
    18.07.2006
    Viestejä:
    3
    Kiitokset:
    0
    Pisteet:
    11
    noniin. tässä nää nyt.

    Se boksi hävis tuolta että kiitos jo nyt.

    SmitFraudFix v2.73

    Scan done at 22:39:34,07, ti 18.07.2006
    Run from D:\Hijackthis\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"

    [HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
    @="C:\WINDOWS\system32\wiatwain.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
    @="C:\WINDOWS\system32\wiatwain.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\wiatwain.dll -> Missing File

    C:\WINDOWS\system32\mzoeut.dll ->
    C:\WINDOWS\system32\mzoeut.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\ld???.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\RONNYM~1\Suosikit\Antivirus Test Online.url Deleted
    C:\DOCUME~1\RONNYM~1\KYNNIS~1\Ohjelmat\SpywareStrike Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of HijackThis v1.99.1
    Scan saved at 22:46:00, on 18.7.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\Cacheman\Cacheman.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {2A2A833D-01E5-4B56-AE6D-95218AA23F61} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {35258323-B5B6-4805-AD5A-325DD70C90A6} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22821b74e80a001f2e05/netzip/RdxIE601.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

     
  5. Foba

    Foba Guest

    Sama ongelma kuin aloitusviestissä

    [bold]Hijack logi[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 3:18:20, on 19.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\WINNT\system32\sstray.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\Program Files\EPOX\USDM\USDM.EXE
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\temp\salm.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Media Gateway\MediaGateway.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    G:\Villen kansio\Tiedostoja\mIrc\mirc.exe
    G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
    C:\Program Files\Firefox\firefox.exe
    C:\Program Files\Media-Codec\isamonitor.exe
    C:\Program Files\Media-Codec\isamini.exe
    C:\Program Files\Media-Codec\pmsngr.exe
    C:\Program Files\Media-Codec\pmmon.exe
    C:\WINNT\system32\rundll32.exe
    F:\OMAT OHJELMAT\VIRUS\NORTON\VPC32.EXE
    G:\Villen kansio\Tiedostoja\EasyCleaner\EasyClea.exe
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\Media-Codec\isaddon.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [tybmzwf] C:\WINNT\tybmzwf.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [] /s
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm338
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINNT\system32\yephk.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

    [bold]SmitFraudFix clean[/bold]

    SmitFraudFix v2.73

    Scan done at 3:45:01,15, ke 19.07.2006
    Run from C:\Documents and Settings\ville\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows 2000 [Versio 5.00.2195] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINNT\system32\yephk.dll ->
    C:\WINNT\system32\yephk.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    Problem while deleting C:\Program Files\Media-Codec\

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [bold]Uudempi Hijack logi[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 4:23:53, on 19.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\WINNT\system32\sstray.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\Program Files\EPOX\USDM\USDM.EXE
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\temp\salm.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Media Gateway\MediaGateway.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    F:\OMAT OHJELMAT\VIRUS\NORTON\VPC32.EXE
    C:\Program Files\Firefox\firefox.exe
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [tybmzwf] C:\WINNT\tybmzwf.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [] /s
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm338
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

    [bold]Afterall[/bold]

    Hmm tuo "koneesi on saanut tartunnan"-huijaus ongelma poistui, mutta kone hidastelee vielä jonkin verran. EasyCleaner jne ei auta. Mitä tehdä? Scannailen tässä konetta viiruksilta vielä kerran.
     
    Moderaattorin viimeksi muokkaama: 19.07.2006
  6. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @risuaita: Näyttäisi olevan kunnossa. Vielä ongelmia?

    @Foba: Koneesi on täynnä roskaa :(

    Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

    Media Gateway
    Lycos tms.
    Search Relevancy
    Webhancer tms.
    New.net tai NewDotNet tms.

    Käynnistä uudelleen ja lähetä uusi HjT-loki.
     
  7. risuaita

    risuaita Member

    Liittynyt:
    18.07.2006
    Viestejä:
    3
    Kiitokset:
    0
    Pisteet:
    11
    eipä ole enää ongelmia. kiitos
     
  8. Foba

    Foba Guest

    Kemisti, kaiken muun sain poistettua, mutta Lycosia en löytänyt. Poistin myös muuta roskaa. Koneen normaalikäytössä ei ole kummoista hidastelua, mutta käynnistys vie tuhottoman kauan aikaa. Jotain on vielä pielessä, se on varma. Koneen lämmöt ovat myös suht. korkealla.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:18:32, on 19.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\WINNT\system32\sstray.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\Program Files\EPOX\USDM\USDM.EXE
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\temp\salm.exe
    C:\winnt\tybmzwf.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [tybmzwf] c:\winnt\tybmzwf.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [] /s
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

     
  9. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Foba:

    Jep, niin on

    Fixaa HjT:llä:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [tybmzwf] c:\winnt\tybmzwf.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [] /s


    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

    Poista, jos löytyy:

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools
    C:\Program Files\Media-Codec
    c:\temp\salm.exe
    c:\winnt\tybmzwf.exe
    wuamgrd.exe

    Käynnistä uudelleen.

    Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
    Kaspersky Online Skannerilla

    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    [*] Klikkaa nyt asetuksia, Scan Settings
    [*] Tarkista asetuksista, että seuraavat ovat valittuina:

    o Scan using the following Anti-Virus database:

    + Extended (Jos valittavissa, muuten valitse Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

    [*] Klikkaa OK
    [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    [*] Klikkaa nyt Save as Text-painiketta.
    [*] Tallenna tiedosto työpöydällesi.
    [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

    Lähetä myös uusi HjT-loki.
     
  10. Foba

    Foba Guest

    Tämä kone on täysin saasteen tukkima:

    [bold]Kaspersky[/bold]

    C:\WINNT\system32\SahAgent.exe Infected: not-a-virus:AdWare.Win32.ShopAtHome.b skipped
    C:\WINNT\system32\SahHtml.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
    C:\WINNT\Downloaded Program Files\UGO20.exe Infected: Trojan-Downloader.Win32.Small.fe skipped
    C:\WINNT\Downloaded Program Files\jao.dll Infected: Trojan-Spy.Win32.Briss.g skipped
    C:\WINNT\Downloaded Program Files\lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.f skipped
    C:\WINNT\Downloaded Program Files\SAHAgent_.exe Infected: not-a-virus:AdWare.Win32.ShopAtHome.b skipped
    C:\WINNT\Downloaded Program Files\SAHUninstall_.exe Infected: not-a-virus:AdWare.Win32.Sahat.p skipped
    C:\WINNT\Downloaded Program Files\SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
    C:\WINNT\tybmzwf.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
    C:\WINNT\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
    C:\WINNT\whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03CC0000.VBN Infected: Net-Worm.Win32.Lovesan.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04440000.VBN Infected: Email-Worm.Win32.Mimail.r skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04600000.VBN Infected: Email-Worm.Win32.Mimail.r skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: Trojan-Clicker.VBS.Krepper.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03C00000.VBN Infected: Backdoor.Win32.SdBot.jg skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN Infected: Backdoor.Win32.Rbot.gen skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00000.VBN Infected: Backdoor.Win32.Agobot.vm skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04380000.VBN Infected: Virus.Win32.Parite.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\043C0000.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340001.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04400000.VBN Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300002.VBN Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04400001.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04480000.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0001.VBN Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340002.VBN Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04380001.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06AC0000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Suspicious: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A80000.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06AC0001.VBN Infected: Trojan-Downloader.JS.Small.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04580000.VBN Infected: Backdoor.Win32.SdBot.aap skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04CC0000.VBN Infected: Backdoor.Win32.SdBot.aap skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00000.VBN Suspicious: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00000.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00001.VBN Infected: Trojan-Downloader.JS.Small.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00001.VBN Suspicious: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00002.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B40000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D40000.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00001.VBN Infected: Trojan-Downloader.Win32.Small.yx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C80000.VBN Infected: Trojan-Downloader.JS.Small.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80001.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80002.VBN Infected: Trojan-Downloader.Win32.Small.pp skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80001.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00002.VBN Infected: Exploit.HTML.ObjData skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00002.VBN Infected: Trojan-Downloader.Win32.Small.pp skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: Trojan.Win32.StartPage.ku skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05280000.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05300000.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/BB.class Infected: Trojan.Java.ClassLoader.o skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.k skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05880000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05940000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05340000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05440000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\058C0000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05800000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0009.VBN Infected: Backdoor.Win32.Rbot.l skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000B.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000D.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000F.VBN Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0011.VBN Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0013.VBN Infected: Trojan-Downloader.Win32.Small.amb skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500001.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0001.VBN Infected: Trojan.Java.ClassLoader.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05840000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05700000.VBN Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07380000.VBN Infected: P2P-Worm.Win32.VB.dz skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05600000.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05440001.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05600001.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540002.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500002.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640001.VBN Infected: Virus.Win32.Tenga.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN/data0006 Infected: Trojan-Downloader.Win32.Zlob.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN NSIS: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN UPX: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN CryptZ: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN ZIP: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN CryptZ: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Setup\Setup.dll Infected: Trojan.Win32.StartPage.ku skipped
    C:\Documents and Settings\All Users\Application Data\Setup\tools.exe Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    C:\Documents and Settings\All Users\Application Data\Tools\tools.exe Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    C:\Documents and Settings\All Users\Application Data\Tools\tools.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab/f3Setup1.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab CAB: infected - 1 skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[4].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[5].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[2].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB/MulDist.ocx Infected: Trojan-Downloader.Win32.Dyfuca.o skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB CAB: infected - 1 skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\mc-dubs2[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Program Files\AdStatus Service\AdStatComm.dll Infected: not-a-virus:AdWare.Win32.WinAD.s skipped
    C:\Program Files\E2G\IeBHOs.dll Infected: not-a-virus:AdWare.Win32.BHO.g skipped
    C:\Program Files\whInstall\whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\Program Files\whInstall\whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Program Files\whInstall\whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Program Files\whInstall\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Program Files\whInstall\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Program Files\webHancer\Programs\whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\temp\salm.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
    C:\temp\salmhook.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
    E:\pelit\Flatout\crack\[PC] - Flat Out Crack [p2p-11066].exe Infected: not-a-virus:porn-Dialer.Win32.Intexdial skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32hk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32wb.dll Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar RAR: infected - 5 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe NSIS: infected - 10 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe NSIS: infected - 10 skipped
    G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe mIRC: infected - 1 skipped
    G:\Villen kansio\Tiedostoja\mIrc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar Infected: VirTool.Win32.Patcher.a skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip ZIP: infected - 2 skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip/Warelex.Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked -BiNPDA/BiN-1980/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip ZIP: infected - 1 skipped
    G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-121758-966.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip/[PC] - Flat Out Crack [p2p-11066].exe Infected: not-a-virus:porn-Dialer.Win32.Intexdial skipped
    O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip ZIP: infected - 1 skipped
    Scan process completed.

    [bold]Hijack[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 15:02:19, on 20.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\WINNT\system32\sstray.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
    C:\PROGRA~1\FIREFOX\FIREFOX.EXE
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [] /s
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

    Tuota logia kun katsoin niin siinä on tullut uudelleen muutama mitkä poistin. Apua mitä tehdä? Mieluusti haluaisin kokeilla kaikkia keinoja ennen formatointia.

    [bold]Edit:[/bold] kone on perheen yhteisessä käytössä joten tavaraa on kertynyt myös muiden perheenjäsenten toimesta. :(
     
    Moderaattorin viimeksi muokkaama: 20.07.2006
  11. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Foba:

    Ei tilanne nyt niin paha ole, suurin osa noista oli Norton karanteenissa.

    Tyhjennä tämä hakemisto(poista kaikki tiedostot):

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

    Lataa Atribunen http://www.atribune.org/ccount/click.php?id=1[b]ATF Cleaner[/b]

    Ohjeet;

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
    Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi
    Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi
    Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

    Fixaa nämä:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
    O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
    O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
    O4 - HKCU\..\Run: [] /s


    Hae KillBox

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Pura,avaa ja täppi kohtaan Delete on Reboot
    Sitte kopioi rivit tosta alapuolelta yhellä kertaa

    C:\WINNT\system32\SahAgent.exe
    C:\WINNT\system32\SahHtml.exe
    C:\WINNT\Downloaded Program Files\UGO20.exe
    C:\WINNT\Downloaded Program Files\jao.dll
    C:\WINNT\Downloaded Program Files\lsp_.dll
    C:\WINNT\Downloaded Program Files\SAHAgent_.exe
    C:\WINNT\Downloaded Program Files\SAHUninstall_.exe
    C:\WINNT\Downloaded Program Files\SahHtml_.exe I
    C:\WINNT\tybmzwf.exe
    C:\WINNT\NDNuninstall7_22.exe
    C:\WINNT\whInstaller.exe
    C:\Documents and Settings\All Users\Application Data\Setup\Setup.dll
    C:\Documents and Settings\All Users\Application Data\Setup\tools.exe
    C:\Documents and Settings\All Users\Application Data\Tools\tools.exe
    C:\Documents and Settings\All Users\Application Data\Tools\tools.dll
    C:\Program Files\AdStatus Service\AdStatComm.dll
    C:\Program Files\E2G\IeBHOs.dll
    C:\Program Files\whInstall\whAgent.exe
    C:\Program Files\whInstall\whInstaller.exe
    C:\Program Files\whInstall\whSurvey.exe
    C:\Program Files\whInstall\webhdll.dll
    C:\Program Files\whInstall\whiehlpr.dll
    C:\Program Files\webHancer\Programs\whSurvey.exe
    C:\temp\salm.exe
    C:\temp\salmhook.dll
    E:\pelit\Flatout\crack\[PC] - Flat Out Crack [p2p-11066].exe
    F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe
    F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip
    O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip

    Sitten KillBoxissa ylhäältä File > Paste from Clipboard
    Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
    Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

    Tyhjennä tämä hakemisto:

    c:\!Killbox

    Skannaa uudelleen kasperskyllä.

    Lähetä sen jälkeen uus Hijack-logi ja kasperskyn raportti.
     
  12. Foba

    Foba Guest

    [bold]Kaspersky[/bold]

    Scan Statistics
    Total number of scanned objects 182152
    Number of viruses found 8
    Number of infected objects 26
    Number of suspicious objects 0
    Duration of the scan process 01:26:18

    C:\WINNT\Downloaded Program Files\SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
    C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab/f3Setup1.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab CAB: infected - 1 skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[4].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[5].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[2].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB/MulDist.ocx Infected: Trojan-Downloader.Win32.Dyfuca.o skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB CAB: infected - 1 skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\mc-dubs2[1].htm Infected: Trojan.JS.NoClose.r skipped
    C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
    G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe mIRC: infected - 1 skipped
    G:\Villen kansio\Tiedostoja\mIrc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip/Warelex.Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked -BiNPDA/BiN-1980/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip ZIP: infected - 1 skipped
    G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-121758-966.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-154200-801.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
    Scan process completed.

    [bold]Hijack[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 17:35:36, on 20.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\WINNT\system32\sstray.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
    G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
    C:\Program Files\Firefox\firefox.exe
    C:\WINNT\system32\NOTEPAD.EXE
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
     
  13. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Foba:

    Näyttää jo aikas hyvältä :)

    Tyhjennä Internet Explorerin väliaikaistiedostot eli:

    Kirjaudu sisään "pia":na ja "ppu":na ja tee tuo molemmilla käyttäjätileillä.

    Työkalut -> internet-asetukset -> väliaikaiset internet-tiedostot -> poista tiedostot , merkkaa poista kaikki offline-sisältö ja ok.

    Poista:

    G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip
    C:\WINNT\Downloaded Program Files\SahHtml_.exe

    Vielä ongelmia?
     
  14. Foba

    Foba Guest

    ^Tein nuo ja boottasin 2 kertaa.

    Pääongelma ei ole kuitenkaan vielä lähtenyt. Käynnistäessä konetta ensimmäinen asia mikä ruudulle tulee on:

    Phoenix Award Bios v6.00 jne
    08/27/2003 nForce2-st Chipset

    *tyhjää*

    Press DEL to enter SETUP
    08/27/2003-nVidia-nForce-6AG1BPAAC-00


    Tuo kuva säilyy n. 5 minuuttia ennenkö käynnistys jatkuu. Normaalisti sen pitäisi olla muutamia sekunteja.

    Tämä ongelma on esiintynyt sen jälkeen kun latasin Media Codecs haittaohjelman joka kerta. Joskus harvoin aikaisemminkin. Kone taitaa kuitenkin olla nyt aika puhdas joten tuo häikkä ei välttämättä liity siihen ollenkaan. Mutta kiitos avusta kemisti.

    Ainiin unohtui yksi pikku juttu: EasyCleanerilla kun katson mitä ohjelmia avautuu Käynnistäessä, siellä on /s ohjelma joka tässä aikaisemmin käskettiin poistamaankin (muistaakseni). Noh kuitenki ainakun poistan sen niin uudelleen käynnistettäessä se tulee uudelleen Käynnistys listaan. Tuossa screenshotti siitä: http://img481.imageshack.us/my.php?image=kauttasmi1.png

    [bold]Hijack[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 19:15:15, on 20.7.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\CTsvcCDA.EXE
    F:\OMATOH~1\Virus\norton\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINNT\system32\hidserv.exe
    F:\OMATOH~1\Virus\norton\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\Program Files\EPOX\USDM\USDM.EXE
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    G:\Villen kansio\Tiedostoja\Messenger Plus!\MsgPlus.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\FIREFOX\FIREFOX.EXE
    G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
    G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "G:\Villen kansio\Tiedostoja\Messenger Plus!\MsgPlus.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [] /s
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
    O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
     
    Moderaattorin viimeksi muokkaama: 20.07.2006
  15. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Foba:

    Tuohon BIOS-juttuun en osaa sanoa mitään ja tämä -> O4 - HKCU\..\Run: [] /s vaikuttaa hyvin ihmeelliseltä. Tuskin kuitenkaan on kovin haitallinen, ehkä vaan joku bugi. Ja ole hyvä :)
     
  16. Foba

    Foba Guest

    Hyvän kuvan ainakin sain tästä foorumista, kun heti autettiin ja vastauksia sai ripeästi. En ole täällä aikaisemmin ollut, mutta hyvän kuvan kun sain niin taidan tonkia täältä enemmänkin keskusteluja.

    Minun case on nyt closed tässä aiheessa. Kiitokset vielä tuhannesti kemistille. Ehkä löydän BIOS ongelmaani vastauksen jostain muualta täältä!
     

Jaa tämä sivu