Ongelmaa spywaren poistamisessa.

Discussion in 'Virukset ja haittaohjelmat' started by rikhardo, Jan 21, 2006.

  1. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    Yhtenä päivänä huomasin,että työpöydälle oli tullut tälläinen ilmoitus http://koti.mbnet.fi/rikhardo/kuvat/spyware.PNG . Olen koittanut etsiä ongelmaa useilla eri ohjelmilla,mutta en ole saanut poistettua ilmoitusta ja spywarea. Mitä pitäisi tehdä?
     
    rikhardo, Jan 21, 2006
    #1
  2. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Lähetä HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe .
    Tallenna hakemistoon c:\hjt\, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

    Puhdistetaan se siten...
     
    aaxxeell, Jan 22, 2006
    #2
  3. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26

    Logfile of HijackThis v1.99.1
    Scan saved at 12:29:12, on 1/22/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    E:\Program Files\F-Secure\Common\FSMA32.EXE
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\Network Monitor\netmon.exe
    E:\Program Files\F-Secure\Common\FSMB32.EXE
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\F-Secure\Common\FCH32.EXE
    E:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    E:\Program Files\F-Secure\Common\FAMEH32.EXE
    E:\Program Files\F-Secure\Common\FSM32.EXE
    E:\Program Files\ahead\InCD\InCD.exe
    E:\WINDOWS\System32\private.exe
    E:\WINDOWS\System32\ctfmon.exe
    C:\winstall.exe
    E:\WINDOWS\System32\d.exe
    E:\Program Files\F-Secure\Common\FNRB32.EXE
    E:\WINDOWS\System32\devldr32.exe
    E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    E:\Program Files\F-Secure\Common\FIH32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    C:\Ohjelmatiedostot\Ad-aware\Ad-Aware SE Personal\Ad-Aware.exe
    E:\WINDOWS\System32\wuauclt.exe
    E:\rikun jutut\ohjelmat\Opera\Opera.exe
    C:\hjt\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [bvzfam] E:\WINDOWS\System32\hglvgbs.exe r
    O4 - HKLM\..\Run: [ControlPanel] E:\WINDOWS\System32\private.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\Run: [dmtbj.exe] E:\WINDOWS\System32\dmtbj.exe
    O4 - HKLM\..\Run: [PayTime] E:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\Run: [winsync] E:\WINDOWS\System32\iqypyc.exe reg_run
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
    O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
    O20 - Winlogon Notify: Applets - E:\WINDOWS\
    O20 - Winlogon Notify: Themes - E:\WINDOWS\
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\dmVzc2E\command.exe (file missing)
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

     
    rikhardo, Jan 22, 2006
    #3
  4. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    Ton jos joku kattois että mikä on ongelmana.
     
    rikhardo, Jan 22, 2006
    #4
  5. q-hub-op

    q-hub-op Regular member

    Joined:
    Jan 30, 2005
    Messages:
    693
    Likes Received:
    0
    Trophy Points:
    26
    En ole ammattililainen muuta nämä rivit pitäs kait fixiata:
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
     
    q-hub-op, Jan 22, 2006
    #5
  6. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Örkkipesäke sieltä paljastu...

    Aloitetaan tällä kertaa puhdistus ewidolla...
    -> http://keskustelu.afterdawn.com/thread_view.cfm/269186
    Tee ohjeiden mukaisesti päivitys...

    <<<<<<<<<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Naputtele F8 koneen käynnistyksen yhteydessä ja valitse vikasietotila

    -> aja ewido full system scan, tallenna raportti.

    Palaa normaalitilaan ja lähetä ewidon raportti + uusi hjt loki.
    Lähdetään näin alkuun, mutta vasta alkua tämä.
     
    aaxxeell, Jan 22, 2006
    #6
  7. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    [bold]Tässä nyt ewidon logi:[/bold]

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 22:20:35, 1/22/2006
    + Report-Checksum: D7A18CB7

    + Scan result:

    C:\drsmartload1.exe -> Downloader.Adload.l : Cleaned with backup
    E:\RECYCLED\De4740.tmp -> Adware.Casino : Cleaned with backup
    E:\RECYCLED\De4741.tmp -> Adware.Casino : Cleaned with backup
    :mozilla.50:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.51:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.52:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.53:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.54:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.55:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.56:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.58:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.59:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.60:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.61:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.62:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.63:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.64:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.65:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.66:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.67:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.69:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.70:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.71:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.89:E:\RECYCLED\De5365.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.51:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.52:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.59:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.60:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.61:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.62:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.63:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.64:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.65:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.66:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.67:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.69:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.70:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.71:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.72:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.78:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.79:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.80:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.81:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.82:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.84:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.85:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.86:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.87:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.88:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.94:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.96:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.97:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.98:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.102:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.103:E:\RECYCLED\De5377.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
    E:\RECYCLED\De5626.CHK -> Downloader.Inor.a : Cleaned with backup
    E:\RECYCLED\De8283.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    E:\RECYCLED\De8293.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\RECYCLED\De9195.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\WINDOWS\system32\spool\PRINTERS\00003.SPL -> Backdoor.SdBot.xm : Cleaned with backup
    E:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
    E:\WINDOWS\system32\agqwq.dat -> Downloader.Qoologic.at : Cleaned with backup
    E:\WINDOWS\system32\s.exe -> Downloader.Small.awa : Cleaned with backup
    E:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup
    E:\WINDOWS\system32\mpastmib.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\CIWFLT32.DLL -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\ntevent.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\dIdxof.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\shmpapi.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\SVKJKDC.0XE -> Trojan.Pakes : Cleaned with backup
    E:\WINDOWS\system32\enrul1991.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\lv8m09l1e.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\lv6009jme.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\gppql3751.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\lv6o09j3e.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\j82qlif5182.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\nzmsdba.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\s8puli7918.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\pzflbmsg.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\ctutil.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\p48q0el5ehq.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\r68s0gl7e6q.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\d8j02i1mg8.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\ennsl1571.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\k862lijo18oc.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\n64slgh7164.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\kt0ol7d31.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\g022lafo1d2c.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\bntsprx2.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\o6lulg3916.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\ir00l5dm1.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\q4860elsehq60.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\h4j40e1qeh.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\IQYPYC.0XE -> Downloader.Qoologic.at : Cleaned with backup
    E:\WINDOWS\system32\jt6u07j9e.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\n0p4la7q1d.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\h4n0le5m1h.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\gp08l3du1.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\irp0l57m1.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\gpjsl3171.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\lvls0937e.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\lv8209loe.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\gp06l3ds1.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\f6l00g3me6.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\nkmsdba.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\system32\m4640ejqehoe0.dll -> Spyware.Look2Me : Cleaned with backup
    E:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
    E:\WINDOWS\tool1.exe -> Trojan.Small : Cleaned with backup
    E:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
    E:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
    E:\Documents and Settings\All Users\Documents\Sys33.exe -> Backdoor.SdBot.xm : Cleaned with backup
    E:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    E:\Documents and Settings\vesa\Local Settings\Temp\ptsBF.tmp -> Adware.Casino : Cleaned with backup
    E:\Documents and Settings\vesa\Local Settings\Temp\ptsC0.tmp -> Adware.Casino : Cleaned with backup
    :mozilla.18:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.19:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.20:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.21:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.22:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.23:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.24:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.25:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.30:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.31:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.63:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.64:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.68:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.70:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.75:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.85:E:\Documents and Settings\vesa\Application Data\Mozilla\Firefox\Profiles\k26a4k69.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\temp.frCA0E -> Downloader.Qoologic.ax : Cleaned with backup
    E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\temp.fr9244 -> Downloader.Qoologic.ax : Cleaned with backup
    E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Cookies\riku@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Cookies\riku@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Logger.Small.dg : Cleaned with backup
    E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
    E:\FOUND.007\FILE0015.CHK -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437226.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437231.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0437232.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0438231.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0438232.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439230.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439423.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0439425.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440423.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440424.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440604.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440608.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440609.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0440611.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0441609.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP167\A0441610.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0441619.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0441623.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442619.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442624.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442625.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442635.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442636.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442637.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP168\A0442643.exe -> Adware.Casino : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0443636.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0443637.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444635.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444636.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0444637.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445635.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445637.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0445638.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0446638.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0447634.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0448634.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0448640.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449635.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449649.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449656.EXE -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449658.EXE -> Downloader.Small.bwr : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449690.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449692.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP169\A0449697.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP171\A0450693.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP173\A0450762.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP173\A0451767.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451913.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451914.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP176\A0451939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0452959.0XE -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0453936.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0454939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0455939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0456939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0456942.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0457939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0457945.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0458939.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0458945.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0459951.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460384.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460391.exe -> Downloader.PassAlert.d : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0460560.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461562.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461563.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461564.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461580.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461582.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP178\A0461583.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462580.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462581.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0462582.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0463580.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP179\A0463581.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463621.dll -> Spyware.Look2Me : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463625.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0463626.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0464624.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0464625.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465624.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465625.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465648.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP180\A0465649.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466648.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466649.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466658.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0466659.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0467658.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP181\A0467659.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467667.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467668.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467675.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467685.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0467686.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468685.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468686.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468708.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468709.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468717.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468718.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468729.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP182\A0468730.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468765.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468766.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468776.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP183\A0468777.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468801.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468810.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0468811.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0469810.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0469811.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470810.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470811.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470820.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0470821.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472820.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472821.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472839.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472840.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP184\A0472852.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0473852.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0473853.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0474854.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP185\A0474855.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP186\A0475000.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP186\A0475001.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475854.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475855.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475864.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475865.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475874.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475875.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475885.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0475886.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0476884.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0476885.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0477884.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0477885.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0478884.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP187\A0478890.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP189\A0479004.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP189\A0479005.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP190\A0479389.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP190\A0479390.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0480391.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0480392.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0481392.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0481393.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0482389.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0482390.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0483389.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP191\A0483390.0xe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0484442.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0485441.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0486445.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488451.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488466.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488467.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0488485.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0489464.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP192\A0489466.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP194\A0490464.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP194\A0490465.exe -> Trojan.Pakes : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP197\A0497545.exe -> Downloader.Qoologic.at : Cleaned with backup
    E:\System Volume Information\_restore{D47D7739-71F3-4875-9836-547D5533F8E8}\RP197\A0497546.exe -> Trojan.Pakes : Cleaned with backup


    ::Report End

    [bold]ja uus hijack logi:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 7:40:57, on 1/23/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
    E:\Program Files\F-Secure\Common\FSM32.EXE
    E:\Program Files\ahead\InCD\InCD.exe
    E:\WINDOWS\System32\ctfmon.exe
    C:\winstall.exe
    E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    E:\Program Files\F-Secure\Common\FSMA32.EXE
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\F-Secure\Common\FSMB32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    E:\Program Files\F-Secure\Common\FCH32.EXE
    E:\WINDOWS\System32\devldr32.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\F-Secure\Common\FAMEH32.EXE
    E:\Program Files\F-Secure\Common\FNRB32.EXE
    E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    E:\Program Files\F-Secure\Common\FIH32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    E:\rikun jutut\ohjelmat\Opera\Opera.exe
    E:\WINDOWS\System32\wuauclt.exe
    C:\hjt\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
    O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
    O20 - Winlogon Notify: Applets - E:\WINDOWS\
    O20 - Winlogon Notify: Themes - E:\WINDOWS\
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

     
    Last edited: Jan 22, 2006
    rikhardo, Jan 22, 2006
    #7
  8. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Loistavaa ewido hoiti alkuroskat pois :) Montakohan löytöä tossa mahto olla?

    Yhteys on muuten kaapattu Valko-Venäjältä käsin.

    Fixaa: Avaa Hijackthis -> Do a system scan only -> Merkkaa -> Paina fix cheked.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75DDEF1A-ADF9-4974-A74B-8A91584EE9D1}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BD3227E-C90C-4870-A9F8-A29ACBE9FAD3}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C22F795C-956E-4A9B-86E9-423C6FE4E7DE}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.114.35,85.255.112.82
    O17 - HKLM\System\CS2\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220
    O17 - HKLM\System\CS3\Services\Tcpip\..\{266BC0F2-7B94-42C6-99DE-B7350B19D93B}: NameServer = 85.255.116.68,85.255.112.220

    ----------->
    Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944


    <<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>
    Naputtele F8 koneen käynnistyksen yhteydessä ja valitse vikasietotila
    Poista käsin:
    C:\-->winstall.exe<--

    Palaa normaalitilaan:

    Hae eScan
    -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
    Päivitä ohjeiden mukaan ja lähetä sen alalaatikon tulokset tänne uuden hjt lokin kera!

     
    aaxxeell, Jan 23, 2006
    #8
  9. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    [bold]eScan:[/bold]
    File E:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
    File E:\WINDOWS\System32\private.exe infected by "Trojan-Downloader.Win32.Delf.aco" Virus. Action Taken: File Deleted.
    File E:\WINDOWS\System32\dial32.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
    File E:\WINDOWS\System32\dgprpsetup.exe infected by "Trojan-Downloader.Win32.Delf.aco" Virus. Action Taken: File Deleted.
    File E:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
    File C:\SECURE32.0TML infected by "not-virus:Hoax.Win32.Renos.y" Virus. Action Taken: File Renamed.
    File E:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
    File E:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.
    File E:\Documents and Settings\All Users\Application Data\great idol web build\grid phone.exe tagged as not-a-virus:AdWare.Win32.Lop.p. No Action Taken.
    File E:\Documents and Settings\vesa\Local Settings\Temp\cmdinst.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.
    File E:\Documents and Settings\vesa\Local Settings\Temp\dk.dial infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
    File E:\Documents and Settings\riku.VESSA-Q8KAMUNJD\Local Settings\Temp\gnbhopmd.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.
    [bold]Uusi Hijack logi:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 18:32:53, on 1/24/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
    E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    E:\Program Files\F-Secure\Common\FSMA32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\F-Secure\Common\FSMB32.EXE
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\F-Secure\Common\FCH32.EXE
    E:\Program Files\F-Secure\Common\FAMEH32.EXE
    E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    E:\Program Files\F-Secure\Common\FNRB32.EXE
    E:\Program Files\F-Secure\Common\FIH32.EXE
    E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\F-Secure\Common\FSM32.EXE
    E:\Program Files\ahead\InCD\InCD.exe
    E:\WINDOWS\System32\ctfmon.exe
    C:\program files\valve\steam\steam.exe
    E:\WINDOWS\System32\wuauclt.exe
    E:\WINDOWS\System32\devldr32.exe
    E:\Ohjelmatiedostot\miranda\miranda32.exe
    c:\program files\valve\steam\steamapps\rikuhardo\counter-strike\hl.exe
    E:\rikun jutut\ohjelmat\Opera\Opera.exe
    C:\hjt\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\System32\btxppanel.dll
    O20 - Winlogon Notify: Applets - E:\WINDOWS\
    O20 - Winlogon Notify: Themes - E:\WINDOWS\
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Rikun jutut\ohjelmat\ewido\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

     
    rikhardo, Jan 24, 2006
    #9
  10. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Avaa kone vikasietotilassa:

    Poista:
    E:\WINDOWS\System32\-->rzspy.exe
    C:\-->SECURE32.0TML (huomaa että nimi on saattanut hiukan muuttua)
    E:\WINDOWS\Temp\--> Poista kaikki kohteet Temp kansiosta
    E:\Documents and Settings\All Users\Application Data\-->great idol web build<--\
    E:\Documents and Settings\vesa\Local Settings\Temp\ Poista kaikki kohteet temp kansiosta.

    Olet ilmeisesti poistanut Pandan koneelta mutta se on jäänyt vielä pyörimään?
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

    Käynnistä -> suorita -> services.msc -> ok
    Etsi Listalta Panda:

    -> Panda Process Protection Service

    Tuplaklikkaa sitä, paina seis ja valitse käynnistymistavaksi "ei käytössä"

    Lisäksi poista kansio:
    E:\Program Files\Common Files\-->Panda Software<--\

    Muutoin on puhdasta :)
     
    aaxxeell, Jan 24, 2006
    #10
  11. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    nyt tuli 2 sellast ongelmaa et en löytäny tota C:\-->SECURE32.0TML
    ja sitte tuolla services menussa oli vissii se panda jo stopilla ku siin ei voinu painaa ku start
     
    rikhardo, Jan 24, 2006
    #11
  12. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    eikä työpöytäkää viel normalisoitunu :(
     
    rikhardo, Jan 24, 2006
    #12
  13. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Selvä juttu, eliminoitu hyvin tuo SECURE32.0TML


    Klikkaa työpöydällä oikealla hiiren nappulalla -> ominaisuudet -> työpöytä -> mukauta työpöytää -> web-välilehti.
    Katso, jos siellä on jotain security-juttua, niin poista se. Jos siellä näkyy jotain muuta outoa, niin kerro myös siitä.

    Jos asia ei tuosta ilmene niin:
    Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.
    Jos ei löydy, tee haku hakusanalla warnhp.html.
    Lähetä registry searchin tulokset.
     
    aaxxeell, Jan 25, 2006
    #13
  14. rikhardo

    rikhardo Regular member

    Joined:
    Nov 24, 2005
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    tällästä tuli tuolla desktop.html haulla:


    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "desktop.html" 1/26/2006 7:49:49

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-1417001333-436374069-842925246-1011\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "Wallpaper"="E:\\WINDOWS\\desktop.html"
    Poistin tämän tiedoston ja heti helpotti. Kiitos avusta
     
    Last edited: Jan 25, 2006
    rikhardo, Jan 25, 2006
    #14
  15. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Ole hyvä. Ehditkin poistaa enneku ehdotin :) Hyvä, kone on kunnossa nyt.
     
    aaxxeell, Jan 26, 2006
    #15
  16. ratnunter

    ratnunter Regular member

    Joined:
    Jun 9, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    26
    errrm, en olis ihan varma vielä

    otappa blacklight:
    http://www.f-secure.com/blacklight/try.shtml

    aja skannaus, kun valmis sulje blacklight ja laita sen loki tänne

    toi keyloggeri mikä sulla sielä oli on erikoisen kiinnostunu pankkien salasanoista ja luottokorttien numeroista
    tsekkaa pankkis ja luottokorttifirmas et onko outoja nostoja...
     
    ratnunter, Feb 6, 2006
    #16

Share This Page