Your computer is infected - teksti

risuaita · Jul 18, 2006

Samaa ongelmaa pukkaa ku ifinlandilla. Eli sama kuva näkyy välillä tuolla. Lisäksi windows ei käynnisty joka kerta. Toivoisin apua ongelmaani.

Tässä hijacklog ja tän alla smitfraudfix:

Logfile of HijackThis v1.99.1
Scan saved at 20:24:17, on 18.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki - {2A2A833D-01E5-4B56-AE6D-95218AA23F61} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {35258323-B5B6-4805-AD5A-325DD70C90A6} - http://service.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22821b74e80a001f2e05/netzip/RdxIE601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

Smitfraudfix:

SmitFraudFix v2.73

Scan done at 20:25:49,62, ti 18.07.2006
Run from D:\Hijackthis\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\mzoeut.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ronny Malmberg\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\RONNYM~1\KYNNIS~1\Ohjelmat\SpywareStrike FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RONNYM~1\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"

[HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

-kemisti- · Jul 18, 2006

@risuaita:

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Lähetä sen sisältö ja uusi HjT-loki tänne.

risuaita · Jul 18, 2006

noniin. tässä nää nyt.

Se boksi hävis tuolta että kiitos jo nyt.

SmitFraudFix v2.73

Scan done at 22:39:34,07, ti 18.07.2006
Run from D:\Hijackthis\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"

[HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\wiatwain.dll -> Missing File

C:\WINDOWS\system32\mzoeut.dll ->
C:\WINDOWS\system32\mzoeut.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\RONNYM~1\Suosikit\Antivirus Test Online.url Deleted
C:\DOCUME~1\RONNYM~1\KYNNIS~1\Ohjelmat\SpywareStrike Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 22:46:00, on 18.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki - {2A2A833D-01E5-4B56-AE6D-95218AA23F61} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {35258323-B5B6-4805-AD5A-325DD70C90A6} - http://service.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22821b74e80a001f2e05/netzip/RdxIE601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

Foba · Jul 18, 2006

Sama ongelma kuin aloitusviestissä

[bold]Hijack logi[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 3:18:20, on 19.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\WINNT\system32\sstray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\temp\salm.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Villen kansio\Tiedostoja\mIrc\mirc.exe
G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\WINNT\system32\rundll32.exe
F:\OMAT OHJELMAT\VIRUS\NORTON\VPC32.EXE
G:\Villen kansio\Tiedostoja\EasyCleaner\EasyClea.exe
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\Media-Codec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [tybmzwf] C:\WINNT\tybmzwf.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] /s
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm338
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINNT\system32\yephk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

[bold]SmitFraudFix clean[/bold]

SmitFraudFix v2.73

Scan done at 3:45:01,15, ke 19.07.2006
Run from C:\Documents and Settings\ville\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows 2000 [Versio 5.00.2195] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINNT\system32\yephk.dll ->
C:\WINNT\system32\yephk.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\Program Files\Media-Codec\

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[bold]Uudempi Hijack logi[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 4:23:53, on 19.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\WINNT\system32\sstray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\temp\salm.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\OMAT OHJELMAT\VIRUS\NORTON\VPC32.EXE
C:\Program Files\Firefox\firefox.exe
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [tybmzwf] C:\WINNT\tybmzwf.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] /s
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm338
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

[bold]Afterall[/bold]

Hmm tuo "koneesi on saanut tartunnan"-huijaus ongelma poistui, mutta kone hidastelee vielä jonkin verran. EasyCleaner jne ei auta. Mitä tehdä? Scannailen tässä konetta viiruksilta vielä kerran.

-kemisti- · Jul 18, 2006

@risuaita: Näyttäisi olevan kunnossa. Vielä ongelmia?

@Foba: Koneesi on täynnä roskaa

Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

Media Gateway
Lycos tms.
Search Relevancy
Webhancer tms.
New.net tai NewDotNet tms.

Käynnistä uudelleen ja lähetä uusi HjT-loki.

risuaita · Jul 18, 2006

eipä ole enää ongelmia. kiitos

Foba · Jul 19, 2006

Kemisti, kaiken muun sain poistettua, mutta Lycosia en löytänyt. Poistin myös muuta roskaa. Koneen normaalikäytössä ei ole kummoista hidastelua, mutta käynnistys vie tuhottoman kauan aikaa. Jotain on vielä pielessä, se on varma. Koneen lämmöt ovat myös suht. korkealla.

Logfile of HijackThis v1.99.1
Scan saved at 22:18:32, on 19.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\WINNT\system32\sstray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\temp\salm.exe
C:\winnt\tybmzwf.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [tybmzwf] c:\winnt\tybmzwf.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] /s
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

-kemisti- · Jul 19, 2006

@Foba:

Jep, niin on

Fixaa HjT:llä:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: (no name) - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Villen kansio\Tiedostoja\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [tybmzwf] c:\winnt\tybmzwf.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [] /s

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools
C:\Program Files\Media-Codec
c:\temp\salm.exe
c:\winnt\tybmzwf.exe
wuamgrd.exe

Käynnistä uudelleen.

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Lähetä myös uusi HjT-loki.

Foba · Jul 20, 2006

Tämä kone on täysin saasteen tukkima:

[bold]Kaspersky[/bold]

C:\WINNT\system32\SahAgent.exe Infected: not-a-virus:AdWare.Win32.ShopAtHome.b skipped
C:\WINNT\system32\SahHtml.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
C:\WINNT\Downloaded Program Files\UGO20.exe Infected: Trojan-Downloader.Win32.Small.fe skipped
C:\WINNT\Downloaded Program Files\jao.dll Infected: Trojan-Spy.Win32.Briss.g skipped
C:\WINNT\Downloaded Program Files\lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.f skipped
C:\WINNT\Downloaded Program Files\SAHAgent_.exe Infected: not-a-virus:AdWare.Win32.ShopAtHome.b skipped
C:\WINNT\Downloaded Program Files\SAHUninstall_.exe Infected: not-a-virus:AdWare.Win32.Sahat.p skipped
C:\WINNT\Downloaded Program Files\SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
C:\WINNT\tybmzwf.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\WINNT\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINNT\whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03CC0000.VBN Infected: Net-Worm.Win32.Lovesan.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04440000.VBN Infected: Email-Worm.Win32.Mimail.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04600000.VBN Infected: Email-Worm.Win32.Mimail.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: Trojan-Clicker.VBS.Krepper.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03C00000.VBN Infected: Backdoor.Win32.SdBot.jg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN Infected: Backdoor.Win32.Rbot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00000.VBN Infected: Backdoor.Win32.Agobot.vm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04380000.VBN Infected: Virus.Win32.Parite.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\043C0000.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340001.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04400000.VBN Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300002.VBN Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04400001.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04480000.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300003.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0001.VBN Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340002.VBN Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04380001.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06AC0000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A80000.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06AC0001.VBN Infected: Trojan-Downloader.JS.Small.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04580000.VBN Infected: Backdoor.Win32.SdBot.aap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04CC0000.VBN Infected: Backdoor.Win32.SdBot.aap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00000.VBN Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00000.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00001.VBN Infected: Trojan-Downloader.JS.Small.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00001.VBN Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00002.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B40000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D40000.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00001.VBN Infected: Trojan-Downloader.Win32.Small.yx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C80000.VBN Infected: Trojan-Downloader.JS.Small.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80001.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80002.VBN Infected: Trojan-Downloader.Win32.Small.pp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80001.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C00002.VBN Infected: Exploit.HTML.ObjData skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00002.VBN Infected: Trojan-Downloader.Win32.Small.pp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: Trojan.Win32.StartPage.ku skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05280000.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05300000.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/BB.class Infected: Trojan.Java.ClassLoader.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05480000.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05880000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05940000.VBN Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05340000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05440000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\058C0000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05800000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40001.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D80002.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0009.VBN Infected: Backdoor.Win32.Rbot.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000B.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000D.VBN Infected: Trojan-Downloader.Win32.Agent.ip skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC000F.VBN Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0011.VBN Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0013.VBN Infected: Trojan-Downloader.Win32.Small.amb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500001.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540001.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0001.VBN Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05840000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05700000.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C00000.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07380000.VBN Infected: P2P-Worm.Win32.VB.dz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05600000.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05440001.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05600001.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05540002.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500002.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640001.VBN Infected: Virus.Win32.Tenga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN/data0006 Infected: Trojan-Downloader.Win32.Zlob.dq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN UPX: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Setup\Setup.dll Infected: Trojan.Win32.StartPage.ku skipped
C:\Documents and Settings\All Users\Application Data\Setup\tools.exe Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
C:\Documents and Settings\All Users\Application Data\Tools\tools.exe Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
C:\Documents and Settings\All Users\Application Data\Tools\tools.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab/f3Setup1.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[4].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[5].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[2].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB/MulDist.ocx Infected: Trojan-Downloader.Win32.Dyfuca.o skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB CAB: infected - 1 skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\mc-dubs2[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Program Files\AdStatus Service\AdStatComm.dll Infected: not-a-virus:AdWare.Win32.WinAD.s skipped
C:\Program Files\E2G\IeBHOs.dll Infected: not-a-virus:AdWare.Win32.BHO.g skipped
C:\Program Files\whInstall\whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Program Files\whInstall\whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\whInstall\whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\whInstall\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\whInstall\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\webHancer\Programs\whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\temp\salm.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\temp\salmhook.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
E:\pelit\Flatout\crack\[PC] - Flat Out Crack [p2p-11066].exe Infected: not-a-virusorn-Dialer.Win32.Intexdial skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32hk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32wb.dll Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe/rundll32.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar/flatout.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar RAR: infected - 5 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe NSIS: infected - 10 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe NSIS: infected - 10 skipped
G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe mIRC: infected - 1 skipped
G:\Villen kansio\Tiedostoja\mIrc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar Infected: VirTool.Win32.Patcher.a skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip ZIP: infected - 2 skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip/Warelex.Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked -BiNPDA/BiN-1980/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip ZIP: infected - 1 skipped
G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-121758-966.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip/[PC] - Flat Out Crack [p2p-11066].exe Infected: not-a-virusorn-Dialer.Win32.Intexdial skipped
O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip ZIP: infected - 1 skipped
Scan process completed.

[bold]Hijack[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 15:02:19, on 20.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\WINNT\system32\sstray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
C:\PROGRA~1\FIREFOX\FIREFOX.EXE
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [] /s
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Tuota logia kun katsoin niin siinä on tullut uudelleen muutama mitkä poistin. Apua mitä tehdä? Mieluusti haluaisin kokeilla kaikkia keinoja ennen formatointia.

[bold]Edit:[/bold] kone on perheen yhteisessä käytössä joten tavaraa on kertynyt myös muiden perheenjäsenten toimesta.

-kemisti- · Jul 20, 2006

@Foba:

Ei tilanne nyt niin paha ole, suurin osa noista oli Norton karanteenissa.

Tyhjennä tämä hakemisto(poista kaikki tiedostot):

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

Lataa Atribunen http://www.atribune.org/ccount/click.php?id=1[b]ATF Cleaner[/b]

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Fixaa nämä:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll (file missing)
O2 - BHO: Scriptlet.Tools - {3E4563A4-2A9B-4912-BE38-906A0CB702CC} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.dll
O4 - HKLM\..\Run: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKLM\..\RunServices: [\tools.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\tools.exe
O4 - HKCU\..\Run: [] /s

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\WINNT\system32\SahAgent.exe
C:\WINNT\system32\SahHtml.exe
C:\WINNT\Downloaded Program Files\UGO20.exe
C:\WINNT\Downloaded Program Files\jao.dll
C:\WINNT\Downloaded Program Files\lsp_.dll
C:\WINNT\Downloaded Program Files\SAHAgent_.exe
C:\WINNT\Downloaded Program Files\SAHUninstall_.exe
C:\WINNT\Downloaded Program Files\SahHtml_.exe I
C:\WINNT\tybmzwf.exe
C:\WINNT\NDNuninstall7_22.exe
C:\WINNT\whInstaller.exe
C:\Documents and Settings\All Users\Application Data\Setup\Setup.dll
C:\Documents and Settings\All Users\Application Data\Setup\tools.exe
C:\Documents and Settings\All Users\Application Data\Tools\tools.exe
C:\Documents and Settings\All Users\Application Data\Tools\tools.dll
C:\Program Files\AdStatus Service\AdStatComm.dll
C:\Program Files\E2G\IeBHOs.dll
C:\Program Files\whInstall\whAgent.exe
C:\Program Files\whInstall\whInstaller.exe
C:\Program Files\whInstall\whSurvey.exe
C:\Program Files\whInstall\webhdll.dll
C:\Program Files\whInstall\whiehlpr.dll
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\temp\salm.exe
C:\temp\salmhook.dll
E:\pelit\Flatout\crack\[PC] - Flat Out Crack [p2p-11066].exe
F:\Omat Ohjelmat\Mp3\emule\Incoming\crack nocd Flat Out.rar
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack11.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack2.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack3.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack4.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack5.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack6.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack7.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack8.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack9.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack10.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack12.exe
F:\Villen kansio\Messenger\Hymiöt\Install-Emoticon-Pack13.exe
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cra cked-BiNPDA.rar
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.zip
O:\KARAOKE KAMAT + MUUTA ÄF KANSIOSTA\ [PC] - Flat Out Crack.zip

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tyhjennä tämä hakemisto:

c:\!Killbox

Skannaa uudelleen kasperskyllä.

Lähetä sen jälkeen uus Hijack-logi ja kasperskyn raportti.

Foba · Jul 20, 2006

[bold]Kaspersky[/bold]

Scan Statistics
Total number of scanned objects 182152
Number of viruses found 8
Number of infected objects 26
Number of suspicious objects 0
Duration of the scan process 01:26:18

C:\WINNT\Downloaded Program Files\SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.i skipped
C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab/f3Setup1.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Documents and Settings\ppu\Local Settings\Temporary Internet Files\Content.IE5\KH2ZG52B\PopularScreenSaversInitialSetup1.0.0.8[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[4].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\RU4ZBXSD\dl[5].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\Q55QBYHW\dl[3].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\LNR3954E\minime[2].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB/MulDist.ocx Infected: Trojan-Downloader.Win32.Dyfuca.o skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\MultiDistFC[1].CAB CAB: infected - 1 skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\minime[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\mc-dubs2[1].htm Infected: Trojan.JS.NoClose.r skipped
C:\Documents and Settings\pia\Local Settings\Temporary Internet Files\Content.IE5\GBTJAQJL\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\Villen kansio\Tiedostoja\mIrc\mIRC v6.16 [Keygen Included]\mIRC 6.16 Setup.exe mIRC: infected - 1 skipped
G:\Villen kansio\Tiedostoja\mIrc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip/Warelex.Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked -BiNPDA/BiN-1980/Loader.exe Infected: VirTool.Win32.Patcher.a skipped
G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip ZIP: infected - 1 skipped
G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-121758-966.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
G:\Villen kansio\Tiedostoja\Hijack\backups\backup-20060720-154200-801.dll Infected: not-a-virus:AdWare.Win32.MediaBack.e skipped
Scan process completed.

[bold]Hijack[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 17:35:36, on 20.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\WINNT\system32\sstray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
C:\Program Files\Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

-kemisti- · Jul 20, 2006

@Foba:

Näyttää jo aikas hyvältä

Tyhjennä Internet Explorerin väliaikaistiedostot eli:

Kirjaudu sisään "pia":na ja "ppu":na ja tee tuo molemmilla käyttäjätileillä.

Työkalut -> internet-asetukset -> väliaikaiset internet-tiedostot -> poista tiedostot , merkkaa poista kaikki offline-sisältö ja ok.

Poista:

G:\Villen kansio\Tiedostoja\Nokia muut\Warelex[1].Mobiola.WebCam.v1.04.S60.SymbianOS.Cracked.-BiNPDA.zip
C:\WINNT\Downloaded Program Files\SahHtml_.exe

Vielä ongelmia?

Foba · Jul 20, 2006

^Tein nuo ja boottasin 2 kertaa.

Pääongelma ei ole kuitenkaan vielä lähtenyt. Käynnistäessä konetta ensimmäinen asia mikä ruudulle tulee on:

Phoenix Award Bios v6.00 jne
08/27/2003 nForce2-st Chipset

*tyhjää*

Press DEL to enter SETUP
08/27/2003-nVidia-nForce-6AG1BPAAC-00

Tuo kuva säilyy n. 5 minuuttia ennenkö käynnistys jatkuu. Normaalisti sen pitäisi olla muutamia sekunteja.

Tämä ongelma on esiintynyt sen jälkeen kun latasin Media Codecs haittaohjelman joka kerta. Joskus harvoin aikaisemminkin. Kone taitaa kuitenkin olla nyt aika puhdas joten tuo häikkä ei välttämättä liity siihen ollenkaan. Mutta kiitos avusta kemisti.

Ainiin unohtui yksi pikku juttu: EasyCleanerilla kun katson mitä ohjelmia avautuu Käynnistäessä, siellä on /s ohjelma joka tässä aikaisemmin käskettiin poistamaankin (muistaakseni). Noh kuitenki ainakun poistan sen niin uudelleen käynnistettäessä se tulee uudelleen Käynnistys listaan. Tuossa screenshotti siitä: http://img481.imageshack.us/my.php?image=kauttasmi1.png

[bold]Hijack[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 19:15:15, on 20.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\CTsvcCDA.EXE
F:\OMATOH~1\Virus\norton\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINNT\system32\hidserv.exe
F:\OMATOH~1\Virus\norton\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Villen kansio\Tiedostoja\Messenger Plus!\MsgPlus.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FIREFOX\FIREFOX.EXE
G:\Villen kansio\Tiedostoja\Winamp\winamp.exe
G:\Villen kansio\Tiedostoja\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] F:\OMATOH~1\VIRUS\NORTON\VPTRAY.EXE
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Omat Ohjelmat\palomuuri\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] e:\ulead\ChkFont.exe
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Villen kansio\Tiedostoja\Messenger Plus!\MsgPlus.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] /s
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &1 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &2 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &3 - C:\WINNT\web\AOpenClient.htm
O8 - Extra context menu item: Avaa työasemasovellus näyttöön &4 - C:\WINNT\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ville\Käynnistä-valikko\Ohjelmat\>IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\OMATOH~1\Virus\norton\DefWatch.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\OMATOH~1\Virus\norton\Rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

-kemisti- · Jul 20, 2006

@Foba:

Tuohon BIOS-juttuun en osaa sanoa mitään ja tämä -> O4 - HKCU\..\Run: [] /s vaikuttaa hyvin ihmeelliseltä. Tuskin kuitenkaan on kovin haitallinen, ehkä vaan joku bugi. Ja ole hyvä

Foba · Jul 20, 2006

Hyvän kuvan ainakin sain tästä foorumista, kun heti autettiin ja vastauksia sai ripeästi. En ole täällä aikaisemmin ollut, mutta hyvän kuvan kun sain niin taidan tonkia täältä enemmänkin keskusteluja.

Minun case on nyt closed tässä aiheessa. Kiitokset vielä tuhannesti kemistille. Ehkä löydän BIOS ongelmaani vastauksen jostain muualta täältä!

Log in or Sign up

Your computer is infected - teksti

risuaita Member

-kemisti- Active member

risuaita Member

Foba Guest

-kemisti- Active member

risuaita Member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

Share This Page

Log in or Sign up

Your computer is infected - teksti

risuaita Member

-kemisti- Active member

risuaita Member

Foba Guest

-kemisti- Active member

risuaita Member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

-kemisti- Active member

Foba Guest

Share This Page

Useful Searches