Hjt Loki, Virtumonde ainakin plus paljon muuta pöpöö

joujou22 · Jul 24, 2006

Logfile of HijackThis v1.99.1
Scan saved at 12:17:08, on 24.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Torremolinos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [canary] rundll32.exe C:\WINDOWS\System32\canary.dll,start
O4 - HKLM\..\Run: [WinDLL (tock24.dll)] rundll32.exe C:\WINDOWS\System32\tock24.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153653955124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153654249890
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Idle Process - Unknown owner - C:\WINDOWS\system32\smsc.exe (file missing)

-kemisti- · Jul 24, 2006

Uudelleennimeä HijackThis.exe -> HJT.exe ja lähetä uusi HjT-loki. Vundo(Virtumonde) ei näy muuten lokissa

joujou22 · Jul 24, 2006

Logfile of HijackThis v1.99.1
Scan saved at 13:05:44, on 24.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Torremolinos\HjT_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {516B3CCA-857C-4D1F-95AC-6F1743FCA85C} - C:\WINDOWS\system32\ddayw.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\pmnno.dll
O2 - BHO: MSEvents Object - {77DC06AF-1549-4FF8-804E-8C98645275A3} - C:\WINDOWS\System32\ssqro.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [canary] rundll32.exe C:\WINDOWS\System32\canary.dll,start
O4 - HKLM\..\Run: [WinDLL (tock24.dll)] rundll32.exe C:\WINDOWS\System32\tock24.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153653955124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153654249890
O20 - Winlogon Notify: ddayw - C:\WINDOWS\system32\ddayw.dll
O20 - Winlogon Notify: geebc - geebc.dll (file missing)
O20 - Winlogon Notify: geebx - geebx.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\SYSTEM32\pmnno.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\System32\ssqro.dll (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Idle Process - Unknown owner - C:\WINDOWS\system32\smsc.exe (file missing)

-kemisti- · Jul 24, 2006

Siellä ei onneks olekaan vaan yks vundo, vaan monta

Fixaa nämä:

O2 - BHO: MSEvents Object - {77DC06AF-1549-4FF8-804E-8C98645275A3} - C:\WINDOWS\System32\ssqro.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [implib] rundll32.exe C:\WINDOWS\System32\implib.dll,start
O4 - HKLM\..\Run: [canary] rundll32.exe C:\WINDOWS\System32\canary.dll,start
O4 - HKLM\..\Run: [WinDLL (tock24.dll)] rundll32.exe C:\WINDOWS\System32\tock24.dll,start
O20 - Winlogon Notify: geebc - geebc.dll (file missing)
O20 - Winlogon Notify: geebx - geebx.dll (file missing)
O20 - Winlogon Notify: ssqro - C:\WINDOWS\System32\ssqro.dll (file missing)
O23 - Service: Windows Idle Process - Unknown owner - C:\WINDOWS\system32\smsc.exe (file missing)

Sitten käynnistä -> suorita
kirjoita sc stop "Windows Idle Process" ja klikkaa ok
sitten sc delete "Windows Idle Process" ja klikkaa ok

Poista jos löytyy:

C:\WINDOWS\system32\smsc.exe
C:\Program Files\ToolBar888\
C:\WINDOWS\System32\implib.dll
C:\dfndred_7.exe
C:\WINDOWS\System32\tock24.dll
C:\WINDOWS\System32\canary.dll

Lataa http://www.atribune.org/ccount/click.php?id=4
VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Rastita boksi Run VundoFix as a task.
[*]Saat viestin joka sanoo "Vundofix will close and re-open in a minute or less". Klikkaa OK.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 4 riviä neljään ylimmäiseen boksiin
[*]C:\WINDOWS\system32\ddayw.dll
[*]C:\WINDOWS\system32\wyadd.*
[*]C:\WINDOWS\SYSTEM32\pmnno.dll
[*]C:\WINDOWS\system32\onnmp.*

[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

joujou22 · Jul 24, 2006

Kun yritin lisätä ne neljä riviä niin mikään ei menny sinne vundofix ikkunaan, siellä oli jo valmiina kaksi noista jotka se oli löytäny

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 13:52:05 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll
C:\windows\system32\wyadd.ini

Beginning removal...

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 14:04:03 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll
C:\windows\system32\wyadd.ini

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Could not be deleted.

Attempting to delete C:\windows\system32\wyadd.ini
C:\windows\system32\wyadd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 14:09:02 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 14:17:58, on 24.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Torremolinos\HjT_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\pmnno.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153653955124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153654249890
O20 - Winlogon Notify: pmnno - C:\WINDOWS\SYSTEM32\pmnno.dll
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jul 24, 2006

Ok, sitten aja VundoFix uudestaan ja tällä kertaa lisää nämä sinne. Muuten tee kuten edellä.

[*]C:\WINDOWS\SYSTEM32\pmnno.dll
[*]C:\WINDOWS\system32\onnmp.*

Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis-lokin kera.

joujou22 · Jul 24, 2006

Edelleenkään ei anna lisätä tai ainakaan mitään ei tapahdu kun painan "add files", oli löytänyt kuitenkin kaks jotain muuta

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 13:52:05 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll
C:\windows\system32\wyadd.ini

Beginning removal...

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 14:04:03 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll
C:\windows\system32\wyadd.ini

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Could not be deleted.

Attempting to delete C:\windows\system32\wyadd.ini
C:\windows\system32\wyadd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 14:09:02 24.7.2006

Listing files found while scanning....

C:\windows\system32\ddayw.dll

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 14:32:02 24.7.2006

Listing files found while scanning....

C:\windows\system32\jkhhg.dll
C:\windows\system32\ghhkj.ini

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\jkhhg.dll
C:\windows\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\windows\system32\ghhkj.ini
C:\windows\system32\ghhkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 14:39:53, on 24.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Torremolinos\HjT_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure\BackWeb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153653955124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153654249890
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jul 24, 2006

Noita Vundoja näkyy olevan sen verran, että ajapa tämä:

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html[b]Kaspersky Online Skannerilla[/b]

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi

joujou22 · Jul 25, 2006

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, July 25, 2006 11:28:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/07/2006
Kaspersky Anti-Virus database records: 209690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 129573
Number of viruses found: 24
Number of infected objects: 203
Number of suspicious objects: 0
Duration of the scan process: 01:32:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip ZIP: infected - 3 skipped
C:\Documents and Settings\Antzza\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3db5e6b9-392f3dde.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Antzza\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3db5e6b9-392f3dde.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Antzza\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3db5e6b9-392f3dde.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Antzza\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3db5e6b9-392f3dde.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Antzza\DRMANA.0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\Antzza.ANTZAH\AOH1.0XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\Documents and Settings\Antzza.ANTZAH\AOH1.1XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\Documents and Settings\Antzza.ANTZAH\dotd Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\Antzza.ANTZAH\DOTDR.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\Antzza.ANTZAH\DOTRM.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\temp.fr2190 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\temp.fr8E57 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp00006a23 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp00007acd Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp000095e7 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp00009df5 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp0000becb Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\Local Settings\Temp\tmp00018eae Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\moot32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\Antzza.ANTZAH\moot32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\Antzza.ANTZAH\moot32.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Antzza.ANTZAH\ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Antzza.ANTZAH\ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\Antzza.ANTZAH\ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\Antzza.ANTZAH\ww32.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\DRSMARTLOAD195A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\KYBRDED_7[1].0XE Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD45A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD849A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\DFNDRED_7[1].0XE Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\NWNMED_7[1].0XE Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\Z2X3Q4H1\DRSMARTLOAD195A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\themexp\Themexp.org File\HLSETUP2.0XE Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0009777.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010425.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010425.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010425.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010425.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010442.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010442.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010442.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010442.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010446.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010449.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010450.0XE Infected: Backdoor.Win32.PoeBot.c skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010579.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010579.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010579.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010579.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP11\A0010583.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP12\A0011478.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP12\A0011478.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP12\A0011478.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP12\A0011478.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP12\A0011486.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011731.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011731.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011731.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011731.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011750.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011767.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011767.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011767.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011767.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP13\A0011780.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012157.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012157.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012157.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012157.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012158.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012158.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP14\A0012158.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP15\A0012482.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP15\A0012496.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP15\A0012497.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP3\A0000847.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000892.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000892.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000892.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000892.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000893.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000897.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000900.dll Infected: Trojan-Spy.Win32.Agent.nv skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000901.0XE Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000908.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000908.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000908.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000908.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000909.0XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000910.0XE Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000911.0XE Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000917.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000917.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000917.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000917.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000918.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000919.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000943.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000949.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000949.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000949.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000949.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000962.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000962.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000962.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000962.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000964.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000966.0XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000967.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000968.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000997.0XE Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0000998.0XE Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001110.0XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001111.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001111.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001111.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001111.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001112.dll Infected: Trojan-Spy.Win32.Agent.nv skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001163.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001163.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001163.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001163.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001168.dll Infected: Trojan-Spy.Win32.Agent.nv skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001181.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001181.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001181.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001181.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001185.dll Infected: Trojan-Spy.Win32.Agent.nv skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001190.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001200.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001200.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001200.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001200.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001203.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001209.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001226.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001238.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001238.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001238.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP4\A0001238.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001241.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001241.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001241.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001241.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001242.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP5\A0001248.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001523.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001524.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001525.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001526.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001527.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001528.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001529.0XE Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0001531.0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002238.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002238.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002238.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002238.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002255.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002260.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002273.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002273.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002273.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002273.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002277.0XE Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP6\A0002282.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP8\A0006277.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP8\A0006277.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP8\A0006277.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP8\A0006277.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP8\A0006278.0XE Infected: IM-Worm.Win32.Opanki.ao skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP9\A0009767.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP9\A0009767.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP9\A0009767.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP9\A0009767.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{11DC1E8A-DEC8-4411-8DDB-8379CA13D750}\RP9\A0009772.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\VundoFix Backups\ddayw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\VundoFix Backups\jkhhg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\WINDOWS\system32\AWRRIG.0XE Infected: Backdoor.Win32.Rbot.bci skipped
C:\WINDOWS\system32\AWVVW.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\BVZVH.0XE Infected: Backdoor.Win32.PoeBot.c skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I5O54TU7\DRSMARTLOAD849A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\WINDOWS\system32\DDCCA.0LL Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\I.0 Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\implib.dll Infected: Trojan-Spy.Win32.Agent.nv skipped
C:\WINDOWS\system32\SPOOISV.0XE Infected: Backdoor.Win32.PoeBot.c skipped
C:\WINDOWS\system32\VNWR.0XE Infected: Backdoor.Win32.Rbot.bci skipped
C:\WINDOWS\system32\ww32.0xe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.0xe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.0xe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.0xe RarSFX: infected - 3 skipped
C:\WINDOWS\system32\YBWXYCNU.0XE Infected: Backdoor.Win32.PoeBot.c skipped
C:\WINDOWS\system32\ZHHOKOK.0XE Infected: Backdoor.Win32.Rbot.bci skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe Inno: infected - 1 skipped

Scan process completed.

-kemisti- · Jul 25, 2006

Lataa Atribunen http://www.atribune.org/ccount/click.php?id=1[b]ATF Cleaner[/b]

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main-sivulla merkkaa Select All-laatikko
Klikkaa Empty Selected-valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\Documents and Settings\Antzza\DRMANA.0XE
C:\Documents and Settings\Antzza.ANTZAH\AOH1.0XE
C:\Documents and Settings\Antzza.ANTZAH\AOH1.1XE
C:\Documents and Settings\Antzza.ANTZAH\dotd
C:\Documents and Settings\Antzza.ANTZAH\DOTDR.0XE
C:\Documents and Settings\Antzza.ANTZAH\DOTRM.0LL
C:\Documents and Settings\Antzza.ANTZAH\moot32.exe
C:\Documents and Settings\Antzza.ANTZAH\ww32.exe
C:\Program Files\themexp\Themexp.org File\HLSETUP2.0XE
C:\VundoFix Backups\ddayw.dll
C:\VundoFix Backups\jkhhg.dll
C:\WINDOWS\system32\AWRRIG.0XE
C:\WINDOWS\system32\AWVVW.0LL
C:\WINDOWS\system32\BVZVH.0XE I
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I5O54TU7\DRSMARTLOAD849A[1].0XE
C:\WINDOWS\system32\DDCCA.0LL
C:\WINDOWS\system32\I.0
C:\WINDOWS\system32\implib.dll
C:\WINDOWS\system32\SPOOISV.0XE
C:\WINDOWS\system32\VNWR.0XE
C:\WINDOWS\system32\ww32.0xe
C:\WINDOWS\system32\YBWXYCNU.0XE
C:\WINDOWS\system32\ZHHOKOK.0XE

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tyhjennä tämä hakemisto:

C:\!Killbox

Tyhjennä järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Aja kaspersky uudelleen ja lähetä sen raportti tänne.

joujou22 · Jul 25, 2006

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, July 25, 2006 1:44:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/07/2006
Kaspersky Anti-Virus database records: 209704
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 117355
Number of viruses found: 10
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:28:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip ZIP: infected - 3 skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\DRSMARTLOAD195A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\KYBRDED_7[1].0XE Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD45A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD849A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\DFNDRED_7[1].0XE Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\NWNMED_7[1].0XE Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\Z2X3Q4H1\DRSMARTLOAD195A[1].0XE Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\WINDOWS\system32\BVZVH.0XE Infected: Backdoor.Win32.PoeBot.c skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe Inno: infected - 1 skipped

Scan process completed.

-kemisti- · Jul 25, 2006

Jaaha, eipä lähtenyt tempit pois. Ajoithan sen ATF Cleanerin?

Avaa Killbox ja täppi kohtaan Delete on Reboot

Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\Documents and Settings\Antero\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-187c3e01.0ip
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\DRSMARTLOAD195A[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\HJZ4HZL3\KYBRDED_7[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD45A[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\OWVM3V8P\DRSMARTLOAD849A[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\DFNDRED_7[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\QZLWTUXM\NWNMED_7[1].0XE
C:\Documents and Settings\LocalService.NT-HALLINTA.001\Local Settings\Temporary Internet Files\Content.IE5\Z2X3Q4H1\DRSMARTLOAD195A[1].0XE
C:\WINDOWS\system32\BVZVH.0XE

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tyhjennä -> c:\!KillBox

Aja kaspersky uudelleen ja lähetä sen raportti tänne.

joujou22 · Jul 26, 2006

Vieläkös siellä jotain olis.. .

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, July 26, 2006 6:18:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 26/07/2006
Kaspersky Anti-Virus database records: 209969
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 122525
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:27:36

Infected Object Name / Virus Name / Last Action
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
D:\Ohjelmia\vnc-4_1_1-x86_win32.exe Inno: infected - 1 skipped

Scan process completed.

-kemisti- · Jul 26, 2006

Eipä ole. Vielä ongelmia?

joujou22 · Jul 26, 2006

Eipä juuri, suuri kiitos jälleen kerran avusta (pari kuukautta sitten postailin lokejani tänne myös).
Laitoin ton spywareblasterin, ewido löytyy ja asennan f-securen tästä lähtien netti KIINNI.

-kemisti- · Jul 26, 2006

Juu näin kannattaa toimia. Ole hyvä

Log in or Sign up

Hjt Loki, Virtumonde ainakin plus paljon muuta pöpöö

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

Share This Page

Log in or Sign up

Hjt Loki, Virtumonde ainakin plus paljon muuta pöpöö

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

joujou22 Member

-kemisti- Active member

Share This Page

Useful Searches