HJT loki

Joo elikkä täs kaverin konetta fixaillu ja jos joku viisaampi haluiais analysoida tän HJT lokin, päällisin puolin näyttäs olevan kone ny kunnos, en oo varma sainko poistettua Smitfraudin (käytin Smitrem ohjelmaa) ja virtumondon (virtumondobegone ohjelmalla poistin)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:18, on 16.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [{EC-CB-B7-7D-ZN}] C:\windows\system32\mjdsregj.exe OLI001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\swinkndt.exe OLI001
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wspcbijg.dll",realset
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 5584 bytes

 

on siel viel roskoo

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Joo täytyy kokeilla, joku viisas vois viel vähän valaista tosta HJT:n lokin lukemisesta (jos se ei hirveän hankalaa ole) kumminkin oon jonkun verran näitä koneitä käsitelly niin saattasin vaik ymmärtääki jotai

 

http://koti.mbnet.fi/pattaya1/hjt7_ohjeita.htm

tossa jotain perustietoa, sellanen pien pintaraapasu.

 

Eli täs olis nyt combofixin loki

"Timo" - 2007-07-16 21:49:18 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wspcbijg.dll
C:\WINDOWS\system32\eprnxsjp.exe
C:\WINDOWS\system32\gvfjoybe.exe
C:\WINDOWS\system32\gwtiujbw.exe
C:\WINDOWS\system32\jlgrnccs.exe
C:\WINDOWS\system32\losyjmtb.exe
C:\WINDOWS\system32\lotdgijd.exe
C:\WINDOWS\system32\moqdeulv.exe
C:\WINDOWS\system32\qeywnnej.exe
C:\WINDOWS\system32\qniosmaq.exe
C:\WINDOWS\system32\quqonsju.exe
C:\WINDOWS\system32\smmgcphb.exe
C:\WINDOWS\system32\tfnvtlcy.exe
C:\WINDOWS\system32\tvswhivn.exe
C:\WINDOWS\system32\wepvmhpv.exe
C:\WINDOWS\system32\wqgyxwyd.exe
C:\WINDOWS\system32\xlisrqar.exe
C:\WINDOWS\system32\yubdkxmy.exe
C:\WINDOWS\system32\gjibcpsw.ini
C:\WINDOWS\system32\acccf.bak1
C:\WINDOWS\system32\acccf.ini
C:\WINDOWS\system32\acccf.ini2
C:\WINDOWS\system32\acccf.tmp
C:\WINDOWS\system32\jesesawk.ini2
C:\WINDOWS\system32\jesesawk.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\drivers\runtime2.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_CORE
-------\asc3550u


((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


2007-07-16 21:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 20:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
2007-07-16 19:50 66,068 --a------ C:\WINDOWS\system32\queufkwv.exe
2007-07-16 19:43 <DIR> d-------- C:\smitRem
2007-07-16 19:18 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-16 19:18 48,768 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-16 19:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-16 19:18 39,104 --a------ C:\WINDOWS\cmijack.dat
2007-07-16 19:18 22,178 --a------ C:\WINDOWS\cmaudio.dat
2007-07-16 19:18 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-16 19:18 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-16 19:18 135,168 --a------ C:\WINDOWS\cmuninst.dat
2007-07-16 19:18 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-07-16 19:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-07-16 19:17 66,580 --a------ C:\WINDOWS\system32\rpjryphv.dll
2007-07-16 19:14 66,068 --a------ C:\WINDOWS\system32\vwhbascr.exe
2007-07-16 18:37 2,359,296 --a------ C:\DOCUME~1\Timo\ntuser.dat
2007-07-16 18:37 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-16 18:37 <DIR> d-------- C:\Program Files\Realtek AC97
2007-07-16 18:36 66,068 --a------ C:\WINDOWS\system32\yofuevma.exe
2007-07-16 18:04 66,580 --a------ C:\WINDOWS\system32\levvibrc.dll
2007-07-16 18:02 66,068 --a------ C:\WINDOWS\system32\hdyfxmfv.exe
2007-07-15 21:50 66,580 --a------ C:\WINDOWS\system32\xxfehvof.dll
2007-07-15 21:41 66,068 --a------ C:\WINDOWS\system32\yirgxyib.exe
2007-07-15 21:36 66,580 --a------ C:\WINDOWS\system32\fptyofpd.dll
2007-07-15 21:33 66,068 --a------ C:\WINDOWS\system32\jdorexhd.exe
2007-07-15 20:10 66,580 --a------ C:\WINDOWS\system32\hvwnllua.dll
2007-07-15 20:01 66,068 --a------ C:\WINDOWS\system32\nbcrjmci.exe
2007-07-15 19:33 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\AntiVir Workstation
2007-07-15 18:08 66,580 --a------ C:\WINDOWS\system32\iyejgdls.dll
2007-07-15 18:05 66,068 --a------ C:\WINDOWS\system32\wuhwgexn.exe
2007-07-15 17:38 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\Azureus
2007-07-15 17:19 66,580 --a------ C:\WINDOWS\system32\ektuxlhv.dll
2007-07-15 17:19 66,068 --a------ C:\WINDOWS\system32\gqhmeyuv.exe
2007-07-15 16:52 <DIR> d-------- C:\Program Files\Azureus
2007-07-15 12:23 66,580 --a------ C:\WINDOWS\system32\qeqijvgc.dll
2007-07-15 12:17 66,068 --a------ C:\WINDOWS\system32\ssumqphn.exe
2007-07-15 10:37 66,580 --a------ C:\WINDOWS\system32\rlrjrgvv.dll
2007-07-15 10:35 66,068 --a------ C:\WINDOWS\system32\qnwlaubt.exe
2007-07-14 22:11 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-14 21:02 66,580 --a------ C:\WINDOWS\system32\rmbfepji.dll
2007-07-14 20:57 66,068 --a------ C:\WINDOWS\system32\fnwouvki.exe
2007-07-14 14:52 66,580 --a------ C:\WINDOWS\system32\hbqwngdl.dll
2007-07-14 14:44 66,068 --a------ C:\WINDOWS\system32\imjaefml.exe
2007-07-14 01:27 66,580 --a------ C:\WINDOWS\system32\jgcafgef.dll
2007-07-14 01:22 66,068 --a------ C:\WINDOWS\system32\sgrwkwoc.exe
2007-07-13 23:26 66,580 --a------ C:\WINDOWS\system32\abitgcje.dll
2007-07-13 23:20 66,068 --a------ C:\WINDOWS\system32\aseccofy.exe
2007-07-13 22:44 <DIR> d-------- C:\Program Files\GustoSoft
2007-07-13 22:00 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-13 21:44 <DIR> d-------- C:\Program Files\AntiVir Workstation
2007-07-13 21:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir Workstation
2007-07-13 21:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-13 17:54 66,580 --a------ C:\WINDOWS\system32\bgbrtgww.dll
2007-07-13 17:46 66,068 --a------ C:\WINDOWS\system32\veupdnyh.exe
2007-07-12 21:37 66,580 --a------ C:\WINDOWS\system32\jxldfynk.dll
2007-07-12 21:31 66,068 --a------ C:\WINDOWS\system32\ivycopqv.exe
2007-07-12 19:49 66,580 --a------ C:\WINDOWS\system32\atuumjjq.dll
2007-07-12 19:44 66,068 --a------ C:\WINDOWS\system32\drerisev.exe
2007-07-12 18:22 66,580 --a------ C:\WINDOWS\system32\qwhjsier.dll
2007-07-12 18:20 66,068 --a------ C:\WINDOWS\system32\iyvtwtkb.exe
2007-07-12 18:20 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\Comodo
2007-07-12 18:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-12 18:16 <DIR> d-------- C:\Program Files\Comodo
2007-07-12 18:13 66,068 --a------ C:\WINDOWS\system32\dcxyqtwa.exe
2007-07-12 07:38 66,580 --a------ C:\WINDOWS\system32\qxeyxjhp.dll
2007-07-12 07:30 66,068 --a------ C:\WINDOWS\system32\ijxjlnip.exe
2007-07-11 22:09 66,580 --a------ C:\WINDOWS\system32\panpvidf.dll
2007-07-11 22:06 66,068 --a------ C:\WINDOWS\system32\sgqtevkv.exe
2007-07-11 21:37 285,273 --a------ C:\WINDOWS\system32\fccca.dll.vir
2007-07-11 21:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-11 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-11 21:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-11 21:26 <DIR> d-------- C:\Program Files\Dealio
2007-07-11 21:25 53,248 --a------ C:\WINDOWS\system32\oleauth32.dll
2007-07-11 21:25 53,248 --a------ C:\WINDOWS\system32\mstscex.dll
2007-07-11 21:25 3,072 --a------ C:\WINDOWS\system32\drivers\kcp.sys
2007-07-11 21:25 29,206 --a------ C:\WINDOWS\system32\iifcdaa.dll.vir
2007-07-11 21:24 <DIR> d-------- C:\WINDOWS\Web Download
2007-07-11 20:44 <DIR> d-------- C:\=IMURI=
2007-07-11 20:18 <DIR> d-------- C:\Pelit
2007-07-11 20:01 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-07-11 20:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-11 20:01 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-11 20:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-11 20:01 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-11 20:01 <DIR> d-------- C:\Program Files\ffdshow
2007-07-11 20:00 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-07-11 20:00 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-11 20:00 368,640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-07-11 20:00 268,288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-11 20:00 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-11 20:00 2,922,208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-11 20:00 2,155,520 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-11 20:00 1,512,960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-11 19:59 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-11 19:59 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-07-11 19:59 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-07-11 19:57 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-15 15:01:50 502,784 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-06-24 07:48:03 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
2007-06-24 07:48:03 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2007-06-24 07:48:03 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2007-06-24 07:48:03 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2007-06-24 07:48:03 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe
2007-06-24 07:48:03 77,890 ----a-w C:\WINDOWS\system32\usrdpa.dll
2007-06-24 07:48:03 77,883 ----a-w C:\WINDOWS\system32\usrrtosa.dll
2007-06-24 07:48:03 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll
2007-06-24 07:48:03 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll
2007-06-24 07:48:03 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe
2007-06-24 07:48:03 69,699 ----a-w C:\WINDOWS\system32\usrcoina.dll
2007-06-24 07:48:03 69,632 ----a-w C:\WINDOWS\system32\spnike.dll
2007-06-24 07:48:03 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
2007-06-24 07:48:03 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-06-24 07:48:03 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe
2007-06-24 07:48:03 61,500 ----a-w C:\WINDOWS\system32\usrcntra.dll
2007-06-24 07:48:03 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-06-24 07:48:03 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-06-24 07:48:03 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe
2007-06-24 07:48:03 53,305 ----a-w C:\WINDOWS\system32\usrlbva.dll
2007-06-24 07:48:03 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2007-06-24 07:48:03 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2007-06-24 07:48:03 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys
2007-06-24 07:48:03 49,211 ----a-w C:\WINDOWS\system32\usrvpa.dll
2007-06-24 07:48:03 49,211 ----a-w C:\WINDOWS\system32\usrsdpia.dll
2007-06-24 07:48:03 49,209 ----a-w C:\WINDOWS\system32\usrv80a.dll
2007-06-24 07:48:03 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2007-06-24 07:48:03 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2007-06-24 07:48:03 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2007-06-24 07:48:03 45,116 ----a-w C:\WINDOWS\system32\usrvoica.dll
2007-06-24 07:48:03 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2007-06-24 07:48:03 41,019 ----a-w C:\WINDOWS\system32\usrsvpia.dll
2007-06-24 07:48:03 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2007-06-24 07:48:03 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2007-06-24 07:48:03 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2007-06-24 07:48:03 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2007-06-24 07:48:03 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2007-06-24 07:48:03 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2007-06-24 07:48:03 323,641 ----a-w C:\WINDOWS\system32\usrdtea.dll
2007-06-24 07:48:03 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-06-24 07:48:03 3,200 ----a-w C:\WINDOWS\system32\wowfax.dll
2007-06-24 07:48:03 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys
2007-06-24 07:48:03 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2007-06-24 07:48:03 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-06-24 07:48:03 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2007-06-24 07:48:03 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2007-06-24 07:48:03 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-06-24 07:48:03 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2007-06-24 07:48:03 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2007-06-24 07:48:03 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2007-06-24 07:48:03 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2007-06-24 07:48:03 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll
2007-06-24 07:48:03 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2007-06-24 07:48:03 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2007-06-24 07:48:03 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll
2007-06-24 07:48:03 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-06-24 07:48:03 13,824 ----a-w C:\WINDOWS\system32\wowfaxui.dll
2007-06-24 07:48:03 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-06-24 07:48:03 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-24 07:48:03 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys
2007-06-24 07:48:03 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys
2007-06-24 07:48:03 102,457 ----a-w C:\WINDOWS\system32\usrv42a.dll
2007-06-13 19:50:17 43,152 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:46 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-11 16:32:00 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-12 18:16]
"avgnt"="C:\Program Files\AntiVir Workstation\avgnt.exe" [2007-04-02 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 12:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinMedia"=svchost

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 21:52:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 21:54:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 21:54

--- E O F ---

 

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

myös uusi hjtlogi

 

"Timo" - 2007-07-17 21:40:46 - ComboFix 07-07-13.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Timo\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Dealio
C:\WINDOWS\system32\abitgcje.dll
C:\WINDOWS\system32\aseccofy.exe
C:\WINDOWS\system32\atuumjjq.dll
C:\WINDOWS\system32\bgbrtgww.dll
C:\WINDOWS\system32\dcxyqtwa.exe
C:\WINDOWS\system32\drerisev.exe
C:\WINDOWS\system32\drivers\kcp.sys
C:\WINDOWS\system32\ektuxlhv.dll
C:\WINDOWS\system32\fccca.dll.vir
C:\WINDOWS\system32\fnwouvki.exe
C:\WINDOWS\system32\fptyofpd.dll
C:\WINDOWS\system32\gqhmeyuv.exe
C:\WINDOWS\system32\hbqwngdl.dll
C:\WINDOWS\system32\hdyfxmfv.exe
C:\WINDOWS\system32\hvwnllua.dll
C:\WINDOWS\system32\iifcdaa.dll.vir
C:\WINDOWS\system32\ijxjlnip.exe
C:\WINDOWS\system32\imjaefml.exe
C:\WINDOWS\system32\ivycopqv.exe
C:\WINDOWS\system32\iyejgdls.dll
C:\WINDOWS\system32\iyvtwtkb.exe
C:\WINDOWS\system32\jdorexhd.exe
C:\WINDOWS\system32\jgcafgef.dll
C:\WINDOWS\system32\jxldfynk.dll
C:\WINDOWS\system32\levvibrc.dll
C:\WINDOWS\system32\mstscex.dll
C:\WINDOWS\system32\nbcrjmci.exe
C:\WINDOWS\system32\oleauth32.dll
C:\WINDOWS\system32\panpvidf.dll
C:\WINDOWS\system32\qeqijvgc.dll
C:\WINDOWS\system32\qnwlaubt.exe
C:\WINDOWS\system32\queufkwv.exe
C:\WINDOWS\system32\qwhjsier.dll
C:\WINDOWS\system32\qxeyxjhp.dll
C:\WINDOWS\system32\rlrjrgvv.dll
C:\WINDOWS\system32\rmbfepji.dll
C:\WINDOWS\system32\rpjryphv.dll
C:\WINDOWS\system32\sgqtevkv.exe
C:\WINDOWS\system32\sgrwkwoc.exe
C:\WINDOWS\system32\ssumqphn.exe
C:\WINDOWS\system32\veupdnyh.exe
C:\WINDOWS\system32\vwhbascr.exe
C:\WINDOWS\system32\wuhwgexn.exe
C:\WINDOWS\system32\xxfehvof.dll
C:\WINDOWS\system32\yirgxyib.exe
C:\WINDOWS\system32\yofuevma.exe


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-16 21:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 20:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
2007-07-16 19:43 <DIR> d-------- C:\smitRem
2007-07-16 19:18 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-16 19:18 48,768 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-16 19:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-16 19:18 39,104 --a------ C:\WINDOWS\cmijack.dat
2007-07-16 19:18 22,178 --a------ C:\WINDOWS\cmaudio.dat
2007-07-16 19:18 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-16 19:18 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-16 19:18 135,168 --a------ C:\WINDOWS\cmuninst.dat
2007-07-16 19:18 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-07-16 18:37 2,359,296 --a------ C:\DOCUME~1\Timo\ntuser.dat
2007-07-16 18:37 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-16 18:37 <DIR> d-------- C:\Program Files\Realtek AC97
2007-07-15 19:33 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\AntiVir Workstation
2007-07-15 17:38 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\Azureus
2007-07-15 16:52 <DIR> d-------- C:\Program Files\Azureus
2007-07-14 22:11 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-13 22:44 <DIR> d-------- C:\Program Files\GustoSoft
2007-07-13 22:00 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-13 21:44 <DIR> d-------- C:\Program Files\AntiVir Workstation
2007-07-13 21:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir Workstation
2007-07-13 21:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-12 18:20 <DIR> d-------- C:\DOCUME~1\Timo\APPLIC~1\Comodo
2007-07-12 18:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-12 18:16 <DIR> d-------- C:\Program Files\Comodo
2007-07-11 21:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-11 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-11 21:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-11 21:24 <DIR> d-------- C:\WINDOWS\Web Download
2007-07-11 20:44 <DIR> d-------- C:\=IMURI=
2007-07-11 20:18 <DIR> d-------- C:\Pelit
2007-07-11 20:01 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-07-11 20:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-11 20:01 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-11 20:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-11 20:01 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-11 20:01 <DIR> d-------- C:\Program Files\ffdshow
2007-07-11 20:00 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-07-11 20:00 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-11 20:00 368,640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-07-11 20:00 268,288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-11 20:00 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-11 20:00 2,922,208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-11 20:00 2,155,520 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-11 20:00 1,512,960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-11 19:59 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-11 19:59 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-07-11 19:59 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-07-11 19:57 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-11 19:57 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-07-11 19:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-11 19:57 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-11 19:57 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-11 19:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-11 19:57 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-11 19:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-07-11 19:57 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-11 19:57 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-11 19:57 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-07-11 19:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-07-11 19:57 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-07-11 19:57 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-07-11 19:57 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-07-11 19:57 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-07-11 19:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-11 19:57 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-07-11 19:57 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-07-11 19:57 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-07-11 19:57 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-07-11 19:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-11 19:57 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-07-11 19:57 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-15 15:01:50 502,784 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-06-24 07:48:03 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
2007-06-24 07:48:03 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2007-06-24 07:48:03 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2007-06-24 07:48:03 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2007-06-24 07:48:03 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe
2007-06-24 07:48:03 77,890 ----a-w C:\WINDOWS\system32\usrdpa.dll
2007-06-24 07:48:03 77,883 ----a-w C:\WINDOWS\system32\usrrtosa.dll
2007-06-24 07:48:03 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll
2007-06-24 07:48:03 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll
2007-06-24 07:48:03 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe
2007-06-24 07:48:03 69,699 ----a-w C:\WINDOWS\system32\usrcoina.dll
2007-06-24 07:48:03 69,632 ----a-w C:\WINDOWS\system32\spnike.dll
2007-06-24 07:48:03 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
2007-06-24 07:48:03 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-06-24 07:48:03 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe
2007-06-24 07:48:03 61,500 ----a-w C:\WINDOWS\system32\usrcntra.dll
2007-06-24 07:48:03 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-06-24 07:48:03 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-06-24 07:48:03 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe
2007-06-24 07:48:03 53,305 ----a-w C:\WINDOWS\system32\usrlbva.dll
2007-06-24 07:48:03 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2007-06-24 07:48:03 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2007-06-24 07:48:03 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys
2007-06-24 07:48:03 49,211 ----a-w C:\WINDOWS\system32\usrvpa.dll
2007-06-24 07:48:03 49,211 ----a-w C:\WINDOWS\system32\usrsdpia.dll
2007-06-24 07:48:03 49,209 ----a-w C:\WINDOWS\system32\usrv80a.dll
2007-06-24 07:48:03 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2007-06-24 07:48:03 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2007-06-24 07:48:03 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2007-06-24 07:48:03 45,116 ----a-w C:\WINDOWS\system32\usrvoica.dll
2007-06-24 07:48:03 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2007-06-24 07:48:03 41,019 ----a-w C:\WINDOWS\system32\usrsvpia.dll
2007-06-24 07:48:03 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2007-06-24 07:48:03 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2007-06-24 07:48:03 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2007-06-24 07:48:03 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2007-06-24 07:48:03 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2007-06-24 07:48:03 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2007-06-24 07:48:03 323,641 ----a-w C:\WINDOWS\system32\usrdtea.dll
2007-06-24 07:48:03 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-06-24 07:48:03 3,200 ----a-w C:\WINDOWS\system32\wowfax.dll
2007-06-24 07:48:03 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys
2007-06-24 07:48:03 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2007-06-24 07:48:03 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-06-24 07:48:03 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2007-06-24 07:48:03 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2007-06-24 07:48:03 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-06-24 07:48:03 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2007-06-24 07:48:03 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2007-06-24 07:48:03 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2007-06-24 07:48:03 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2007-06-24 07:48:03 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll
2007-06-24 07:48:03 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2007-06-24 07:48:03 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2007-06-24 07:48:03 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll
2007-06-24 07:48:03 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-06-24 07:48:03 13,824 ----a-w C:\WINDOWS\system32\wowfaxui.dll
2007-06-24 07:48:03 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-06-24 07:48:03 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-24 07:48:03 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys
2007-06-24 07:48:03 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys
2007-06-24 07:48:03 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys
2007-06-24 07:48:03 102,457 ----a-w C:\WINDOWS\system32\usrv42a.dll
2007-06-13 19:50:17 43,152 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:46 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-11 16:32:00 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- C:\WINDOWS\system32\winlogon.exe ----

Company: Microsoft Corporation
File Description: Windows NT Logon Application
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoftr Windowsr Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: WINLOGON.EXE

---- Directory of C:\WINDOWS\Web Download ----

2007-07-16 19:57 12288 --ahs---- C:\WINDOWS\Web Download\Thumbs.db
2007-07-11 21:24 8547 --a------ C:\WINDOWS\Web Download\index.html
2007-07-11 21:24 315687 --a------ C:\WINDOWS\Web Download\nature_7.jpg
2007-07-11 21:24 243629 --a------ C:\WINDOWS\Web Download\nature_5.jpg
2007-07-11 21:24 101732 --a------ C:\WINDOWS\Web Download\nature_3.jpg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-12 18:16]
"avgnt"="C:\Program Files\AntiVir Workstation\avgnt.exe" [2007-04-02 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 12:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinMedia"=svchost

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 21:42:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-17 21:42:37
C:\ComboFix-quarantined-files.txt ... 2007-07-17 21:42
C:\ComboFix2.txt ... 2007-07-16 21:54

--- E O F ---
JA sitten vielä HJT loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:59, on 17.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 5121 bytes

 

Lokit puhtaalta näyttääppi

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 18, 2007 11:37:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/07/2007
Kaspersky Anti-Virus database records: 364903
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 23989
Number of viruses found: 14
Number of infected objects: 162
Number of suspicious objects: 0
Duration of the scan process: 00:28:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\cert8.db Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\history.dat Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\key3.db Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\parent.lock Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Timo\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Timo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Timo\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Timo\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Timo\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\Working\database_B264_BF05_64BE_CB7D\dfsr.db Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\Working\database_B264_BF05_64BE_CB7D\fsr.log Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\Working\database_B264_BF05_64BE_CB7D\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Messenger\timppa-@hotmail.com\SharingMetadata\Working\database_B264_BF05_64BE_CB7D\tmp.edb Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Windows Live Contacts\timppa-@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Microsoft\Windows Live Contacts\timppa-@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz1x6d02.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temp\~DF1D00.tmp Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temp\~DF1D14.tmp Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temp\~DF9A41.tmp Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temp\~DF9BE7.tmp Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timo\ntuser.dat Object is locked skipped
C:\Documents and Settings\Timo\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\abitgcje.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\atuumjjq.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bgbrtgww.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\asc3550u.sys.vir Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\kcp.sys.vir Infected: Trojan-PSW.Win32.Agent.lf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.ey skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ektuxlhv.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eprnxsjp.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fccca.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fptyofpd.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gvfjoybe.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gwtiujbw.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hbqwngdl.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hvwnllua.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifcdaa.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iyejgdls.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jgcafgef.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jlgrnccs.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jxldfynk.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\levvibrc.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\losyjmtb.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lotdgijd.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\moqdeulv.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\panpvidf.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qeqijvgc.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qeywnnej.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qniosmaq.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\quqonsju.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qwhjsier.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qxeyxjhp.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rlrjrgvv.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rmbfepji.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rpjryphv.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\smmgcphb.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tfnvtlcy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tvswhivn.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wepvmhpv.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqgyxwyd.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wspcbijg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xlisrqar.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxfehvof.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yubdkxmy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-1659004503-1606980848-1343024091-1003\Dc1\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP12\A0001465.exe Infected: Trojan-Downloader.Win32.Small.euu skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP12\A0001466.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002465.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002474.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002476.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002486.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002487.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002488.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002514.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002515.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002516.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002525.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002526.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP13\A0002527.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP14\A0002538.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP14\A0002539.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP14\A0002540.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002678.dll Infected: Trojan-Proxy.Win32.Dlena.cq skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002686.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002687.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002690.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002756.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002758.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002768.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002770.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002778.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002779.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002780.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0002787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0003787.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP18\A0003788.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP19\A0004787.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP19\A0004788.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP19\A0004789.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP20\A0004798.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP20\A0004799.exe Infected: Trojan-Downloader.Win32.Tiny.gx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004921.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004924.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004967.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004969.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0004982.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0005981.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0005982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0005983.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0006981.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP23\A0006982.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0006989.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0006990.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0006991.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0007066.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0007067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP24\A0007069.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP25\A0007093.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP25\A0007094.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP25\A0008130.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008140.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008142.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008180.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008284.exe Infected: Trojan.Win32.Patched.q skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0008285.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009546.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009551.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009552.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009555.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009556.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009557.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009571.sys Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009579.sys Infected: Rootkit.Win32.Agent.ey skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009580.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009581.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009582.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009583.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009584.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009585.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009586.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009587.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009588.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009589.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009590.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009591.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009592.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009593.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009594.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009595.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009596.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP26\A0009597.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010615.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010618.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010620.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010622.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010624.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010626.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010628.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010630.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010632.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010634.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010636.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010638.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010640.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010642.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010644.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010646.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010648.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010651.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010653.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP27\A0010657.sys Infected: Trojan-PSW.Win32.Agent.lf skipped
C:\System Volume Information\_restore{D98C618B-9426-492E-9918-BC4DCE3B3402}\RP29\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\winlogon.exe Infected: Trojan.Win32.Patched.q skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.q skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!