Logfile of HijackThis v1.99.1 Scan saved at 0:35:54, on 13.1.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Comodo\Personal Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\scvhost.exe C:\WINDOWS\scvhost.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Comodo\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\program files\internetcalls.com\internetcalls\internetcalls.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\scvhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\scvhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\scvhost.exe C:\WINDOWS\scvhost.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Comodo\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\scvhost.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\t0mpi\Omat tiedostot\haitta\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_35.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Moi! Kaksi palomuuria koneella poista comodo tai Norton Siirrä hijackthis.exe omaan kansioon C:\HJT\HijackThis.exe . Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi: [*]Käynnistä tietokone [*]Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa [*]Seuraavaksi pitäisi ilmestyä valikko [*]Valitse valikosta vikasietotila. [*] Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. [*] Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. [*] Paina Y käynnistääksesi skriptin. [*] Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". [*] Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. [*] Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. [*] Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". [*] Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. [*] Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera. Lähetä uusi hjt-loki ja SDfix-loki
Logfile of HijackThis v1.99.1 Scan saved at 18:01:01, on 13.1.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Comodo\Personal Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\HP\KBD\KBD.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Comodo\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\internetcalls.com\internetcalls\internetcalls.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\t0mpi\Omat tiedostot\haitta\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_35.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe SDFix: Version 1.58 la 13.01.2007 - 17:30:06,14 Microsoft Windows XP [versio 5.1.2600] Running From: C:\DOCUME~1\t0mpi\TYPYT~1\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting Normal Mode: Checking Files: Files will be copied to Backups folder then removed: C:\HP\BIN\COMMANDS.EXE - Deleted C:\PROGRA~1\COMMON~1\MICROS~1\VS7DEBUG\VS7JIT.EXE - Deleted C:\PROGRA~1\HEWLET~1\{45B61~1\UTIL\HID\HPHGHL05.EXE - Deleted C:\WINDOWS\offlog.txt - Deleted C:\WINDOWS\scvhost.exe - Deleted Alternate Stream Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\johko\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\johko\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\pekkapekka\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\pekkapekka\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_leet\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_leet\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++" "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_leet\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_leet\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"="C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe:*:Enabled:InternetCalls" "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\dedicated server\\hlds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi_1337\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi92\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi92\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi92\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\t0mpi92\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\THPS3\\Skate3.exe"="C:\\Program Files\\THPS3\\Skate3.exe:*:Enabled:THPS3PC" "C:\\Program Files\\Super Internet TV\\OnlineTV.exe"="C:\\Program Files\\Super Internet TV\\OnlineTV.exe:*:Enabled:Super Internet TV" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\Valve\\Steam\\SteamApps\\maetti\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\maetti\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player" "C:\\Program Files\\Valve\\Steam\\SteamApps\\mise1\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\mise1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Steam\\SteamApps\\pekkapekka\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\pekkapekka\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk" "C:\\Program Files\\MessengerDiscovery\\Loader.exe"="C:\\Program Files\\MessengerDiscovery\\Loader.exe:*:Enabled:Loader" "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\t0mpi\TYPYT~1\SDFix\backups\backups.zip Listing Files with hidden attributes: C:\NTDETECT.COM C:\Documents and Settings\Omistaja\Verkkoymp„rist”\fi.msnusers.com\Desktop.ini C:\WINDOWS\system32\cdplayer.exe.manifest C:\WINDOWS\system32\logonui.exe.manifest C:\IO.SYS C:\MSDOS.SYS C:\pagefile.sys C:\redir.sys C:\WINDOWS\page files\maxmeg.sys C:\WINDOWS\SMINST\HPCD.SYS C:\Documents and Settings\t0mpi\Local Settings\Temp\~20.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~2B.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~30.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~4A.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~55.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~90.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~9E.tmp C:\Documents and Settings\t0mpi\Local Settings\Temp\~AA.tmp Finished Lähtikö se norttoni sieltä?
ja sitten Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. [*]Käynnistä AVG Anti-Spyware. [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". [*]Sitten "Reports" valikon alta: [*]Laita täppi kohtaan "Automatically generate report after every scan" [*]Ota täppi pois kohdasta"Only if threats were found [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa [*]"Resident shield is", muuta tila active:sta inactive:ksi [*]Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, Ohje! Jos olit poistamassa Norton Palomuurin niin poista se ensin lisää/poista sovelluksen kautta Käytä Nortonin poisto työkalua ---->Täältä Katsotaan mitä sen jälkeen jää Lähetä uusi hjt-loki ja Avg-loki
