Mainoksia virustorjunnoista, Troijan Hevonen yrittää tulla koko ajan!!!

djteme · Jul 18, 2006

Logfile of HijackThis v1.99.1
Scan saved at 22:53:11, on 18.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\TEEMUH~1\APPLIC~1\SMANTE~1\fast.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.op.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {118A5843-E78C-8F76-A345-9A2B53CE8496} - C:\WINDOWS\System32\bbzm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tdas] "C:\DOCUME~1\TEEMUH~1\APPLIC~1\SMANTE~1\fast.exe" -vt yazr
O4 - HKCU\..\Run: [Sway] C:\Documents and Settings\Teemu Haka\Application Data\M?crosoft.NET\w?auboot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152012107960
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)

-kemisti- · Jul 18, 2006

Etsi lisää/poista sovelluksesta PuritySCAN By OIN, OuterInfo, OIN tai ohjelma jolla samantapainen nimi , ja poista sen asennus.

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Jos ohjelmaa ei löydy, lataa ja aja tämä
http://www.outerinfo.com/OiUninstaller.exe
Uninstaller

http://www.outerinfo.com/howto.html
Ohje englanniksi uninstallerin käyttöön, jos tarvis

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Poista ohjauspaneelista:

Toolbar888

Lataa tuosta http://www.merijn.org/files/bfu.zipBrute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfuOIKEA-KLIKKAA TÄSTÄ ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.
Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi.

djteme · Jul 19, 2006

En tiedä mikä, mutta toi linkki ei toimi http://metallica.geekstogo.com/alcanshorty.bfuOIKEA-KLIKKAA

spertti · Jul 19, 2006

http://metallica.geekstogo.com/alcanshorty.bfu OIKEA-KLIKKAA TÄSTÄ ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Kokeilepa uudestaan nyt

-ReapeR- · Jul 19, 2006

siinä on vaan tullu kämmi..
kokeiles tätä
http://metallica.geekstogo.com/alcanshorty.bfu

Edit:
spertti on nopeempi

djteme · Jul 19, 2006

Logfile of HijackThis v1.99.1
Scan saved at 0:12:52, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/367776#2189878
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152012107960
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)

-kemisti- · Jul 19, 2006

Fixaa nämä(do a system scan only, merkkaa ja paina fix checked):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)

Sitten käynnistä -> suorita
kirjoita sc stop UpdateManagerTool ja klikkaa ok
sitten sc delete UpdateManagerTool ja klikkaa ok

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\WINDOWS\update
C:\kybrdc_4.exe
C:\dfndrc_4a.exe
C:\nwnmc_4.exe
C:\WINDOWS\System32\spnsvc.dll
C:\Program Files\ToolBar888[/b]
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe

Käynnistä uudelleen.

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Lähetä myös uusi HjT-loki.

djteme · Jul 20, 2006

KASPERSKY ON-LINE SCANNER REPORT
Thursday, July 20, 2006 12:36:24 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208609
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 35784
Number of viruses found 13
Number of infected objects 206
Number of suspicious objects 0
Duration of the scan process 00:28:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8BCF062C-1ACA-456D-AB15-4BE0A0\D9299912-5584-4CED-B46C-FE5B87 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A5AED7E7-D0F9-40F8-AF57-4141BF\14A6A80F-6304-4E45-8856-7320C2 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A5AED7E7-D0F9-40F8-AF57-4141BF\9B38BB16-6EA5-4FFA-9F86-E3BBF6 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AE6FFE4A-2041-4FBE-96D5-46F931\3A12B8B5-1380-4F27-A68D-FFCD56 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AE6FFE4A-2041-4FBE-96D5-46F931\4FF0284F-B3EF-476E-9CDE-0BDE4A Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\temp.frE75B Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000cbac Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000d60c Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000e0bb Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000e4a3 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f27e Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f424 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f4b0 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f712 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000fe55 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00012594 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00013c58 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp000147a3 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0001bfa1 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00028dfd Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0002b963 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0003afe8 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00050900 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0041a116 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00493797 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp01458f43 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\CF0RY9MX\!update-4095[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\OH2LK1O5\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N85M0307NetInstaller.exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\OH2LK1O5\WinAntiVirusPro2006FreeInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002575.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002576.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP15\A0002596.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP15\A0002617.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002704.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002789.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002795.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002912.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003919.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003927.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003940.dll Infected: Backdoor.Win32.Agent.vc skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003957.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003964.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003981.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004097.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004123.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004222.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004253.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004287.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004304.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004322.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0005368.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0005369.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005411.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005412.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005413.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP31\A0005789.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP31\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006406.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006415.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006415.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP44\A0006474.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
C:\WINDOWS\system32\awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\WINDOWS\system32\cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Temp\tmp0007b256 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 12:40:20, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.op.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152012107960
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jul 20, 2006

Eikös se fixaaminen onnistunut?

1. Klikkaa hiiren oikella CounterSpy-kuvaketta tehtäväpalkissa.
2. Liikuta hiirtä yli Active Protection-kohdan
3. Valikko ilmestyy ja klikkaa "Disable Active Protection oikealla".

Avaa HijackThis, klikkaa do a system scan only, laita rasti näiden rivien eteen ja paina fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll

Lataa Atribunen http://www.atribune.org/ccount/click.php?id=1
ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
]Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
]Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Putsaa järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Tyhjennä tämä hakemisto:

C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ckrpol.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000
C:\WINDOWS\system32\cqc.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\dvcprop.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\k4jsle171h.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\mgndex.dll
C:\WINDOWS\system32\MJVCRTD.DLL
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mxdtctm.dll
C:\WINDOWS\system32\myminst.dll
C:\WINDOWS\system32\ondbse32.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ww32.exe

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tyhjennä hakemisto:

C:\!Killbox

Skannaa uudestaan kasperskyllä

Lähetä sen jälkeen uus Hijack-logi ja kasperskyn raportti.

djteme · Jul 20, 2006

Ei tässä ole sitä CounterSpy juttua.

-kemisti- · Jul 20, 2006

Ainakin on ollut:

Running processes:

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

Jos ei enää ole, niin ohita se kohta. Ajattelin vaan, että jos se estää nuo fixit

djteme · Jul 20, 2006

KASPERSKY ON-LINE SCANNER REPORT
Thursday, July 20, 2006 11:22:35 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208777
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 27373
Number of viruses found 7
Number of infected objects 74
Number of suspicious objects 0
Duration of the scan process 00:16:46

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000008.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000009.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000010.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000011.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000012.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000013.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000014.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000015.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000016.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000017.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000018.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000019.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000020.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000021.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000022.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000023.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000024.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000025.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000026.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000027.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000028.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000029.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000030.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000031.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000032.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000033.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000034.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000035.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000036.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000037.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\WINDOWS\system32\awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\WINDOWS\system32\cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe RarSFX: infected - 3 skipped
Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 23:23:23, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152012107960
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jul 20, 2006

Jaaha, kovemmat työkalut käyttöön kun ei lähde.

Tyhjennä ensin se järjestelmänpalautus antamieni ohjeiden mukaan. tehdä.

Sen jälkeen:

Fixaa tämä:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com[/b]

1. Lataa http://swandog46.geekstogo.com/avenger.zip[b]The Avenger (c)työpöydällesi.
[*]Klikkaa Avenger.zip filua avataksesi sen.
[*]Pura Avenger.exe työpöydällesi.

2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:

Files to delete:
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ckrpol.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000
C:\WINDOWS\system32\cqc.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\dvcprop.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\k4jsle171h.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\mgndex.dll
C:\WINDOWS\system32\MJVCRTD.DLL
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mxdtctm.dll
C:\WINDOWS\system32\myminst.dll
C:\WINDOWS\system32\ondbse32.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ww32.exe

Click to expand...

Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.
[*]"Script file to execute" alapuolelta valitse "Input Script Manually".
[*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
[*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
[*] Klikkaa Done.
[*] Nyt klikkaa ]vihreää valoa aloittaaksesi skriptin.
[*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.

Avenger tekee automaattisesti seuraavat:
[*] Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa)
[*] Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
[*] Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
[*] Avenger on myös ]ehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa], ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.
5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HJT lokin mukana].

djteme · Jul 21, 2006

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxyvhuqh

*******************

Script file located at: \??\C:\WINDOWS\System32\oprwtoqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe deleted successfully.
File C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\system32\awtqq.dll deleted successfully.
File C:\WINDOWS\system32\awtsr.dll deleted successfully.
File C:\WINDOWS\system32\awvtr.dll deleted successfully.
File C:\WINDOWS\system32\awvvw.dll deleted successfully.
File C:\WINDOWS\system32\ckrpol.dll deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 deleted successfully.
File C:\WINDOWS\system32\cqc.dll deleted successfully.
File C:\WINDOWS\system32\ddabb.dll deleted successfully.
File C:\WINDOWS\system32\ddccc.dll deleted successfully.
File C:\WINDOWS\system32\ddcyx.dll deleted successfully.
File C:\WINDOWS\system32\dvcprop.dll deleted successfully.
File C:\WINDOWS\system32\gebcb.dll deleted successfully.
File C:\WINDOWS\system32\geebx.dll deleted successfully.
File C:\WINDOWS\system32\jkhfd.dll deleted successfully.
File C:\WINDOWS\system32\jkkjg.dll deleted successfully.
File C:\WINDOWS\system32\k4jsle171h.dll deleted successfully.
File C:\WINDOWS\system32\k826lifs1826.dll deleted successfully.
File C:\WINDOWS\system32\mgndex.dll deleted successfully.
File C:\WINDOWS\system32\MJVCRTD.DLL deleted successfully.
File C:\WINDOWS\system32\mljjk.dll deleted successfully.
File C:\WINDOWS\system32\mlljj.dll deleted successfully.
File C:\WINDOWS\system32\mv8ql9l51.dll deleted successfully.
File C:\WINDOWS\system32\mxdtctm.dll deleted successfully.
File C:\WINDOWS\system32\myminst.dll deleted successfully.
File C:\WINDOWS\system32\ondbse32.dll deleted successfully.
File C:\WINDOWS\system32\pmkhi.dll deleted successfully.
File C:\WINDOWS\system32\pmnlj.dll deleted successfully.
File C:\WINDOWS\system32\pmnno.dll deleted successfully.
File C:\WINDOWS\system32\ssttq.dll deleted successfully.
File C:\WINDOWS\system32\vtutt.dll deleted successfully.
File C:\WINDOWS\system32\ww32.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:43, on 21.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152012107960
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jul 21, 2006

Hyvältä näyttää

Aja kaspersky uudestaan ja lähetä sen raportti tänne.

Putsaa sitä ennen järjestelmänpalautus.

djteme · Jul 21, 2006

KASPERSKY ON-LINE SCANNER REPORT
Friday, July 21, 2006 1:32:40 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 21/07/2006
Kaspersky Anti-Virus database records: 208957
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 31833
Number of viruses found 7
Number of infected objects 45
Number of suspicious objects 0
Duration of the scan process 00:18:47

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\avenger\backup.zip/avenger/awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
C:\avenger\backup.zip/avenger/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].cab Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip/avenger/ww32.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip ZIP: infected - 39 skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.d skipped
Scan process completed.

-kemisti- · Jul 21, 2006

Näköjään tullu lisää roskaa

Tämä -> C:\avenger\backup.zip on ok, siinä on avengerin varmuuskopiot.

Poista nuo, niin pitäis olla ok. Ja päivitä Windows eli asenna SP2

C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe

Vielä ongelmia?

djteme · Jul 21, 2006

En saa poistettua noita.....
Sit vielä että voinko mä poistaa nuo ohjelmat millä scannattiin ynnä muuta hommattiin.....?

spertti · Jul 21, 2006

Voit poistaa, mutta päivitä tosiaan tuo Windows. Sulla on niin paljon haavoittuvuuksia ilman noita uusimpia päivityksiä, ettei sua suojele minkäänlaiset ohjelmat. Eli nyt mars Windows Updateen!

-kemisti- · Jul 22, 2006

Näin ne lähtevät pois:

Avaa KillBox ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Log in or Sign up

Mainoksia virustorjunnoista, Troijan Hevonen yrittää tulla koko ajan!!!

djteme Member

-kemisti- Active member

djteme Member

spertti Active member

-ReapeR- Regular member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

spertti Active member

-kemisti- Active member

Share This Page

Log in or Sign up

Mainoksia virustorjunnoista, Troijan Hevonen yrittää tulla koko ajan!!!

djteme Member

-kemisti- Active member

djteme Member

spertti Active member

-ReapeR- Regular member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

-kemisti- Active member

djteme Member

spertti Active member

-kemisti- Active member

Share This Page

Useful Searches