Niin että tarvis tietää onko kone puhdas. ==================== Logfile of HijackThis v1.99.1 Scan saved at 18:29:40, on 7.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lExplore.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wisptis.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [lnternet Update] lExplore.exe O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167404870906 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ====================
Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja: Comodo Kerio Zonealarm ========= Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi: * Käynnistä tietokone * Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa * Seuraavaksi pitäisi ilmestyä valikko * Valitse valikosta vikasietotila. * Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne * Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. * Paina Y käynnistääksesi skriptin. * Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". * Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. * Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. * Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". * Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. * Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi ======= 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ========= myös uusi hjtlogi
SDFix: Version 1.90 Run by Krista on la 07.07.2007 at 23:47 Microsoft Windows XP [versio 5.1.2600] Running From: C:\PROGRA~1\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\system32\IEexplore32.exe - Deleted C:\WINDOWS\system32\lexplore.exe - Deleted Removing Temp Files... ADS Check: Checking C:\WINDOWS C:\WINDOWS No streams found. Checking C:\WINDOWS\system32 C:\WINDOWS\system32 No streams found. Checking C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Checking C:\WINDOWS\system32\ntoskrnl.exe C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe:*:Enabled:hl2" "D:\\Renen\\The All-Seeing Eye\\eye.exe"="D:\\Renen\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home" "C:\\WINDOWS\\system32\\IEexplore32.exe"="C:\\WINDOWS\\system32\\IEexplore32.exe:*:Enabled:IEexplore32" "C:\\WINDOWS\\system32\\lExplore.exe"="C:\\WINDOWS\\system32\\lExplore.exe:*:Enabled:lExplore" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free." "D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*isabledC++" "D:\\Renen\\eMule\\emule.exe"="D:\\Renen\\eMule\\emule.exe:*isabled:eMule" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*isabled:Windows Live Messenger 8.1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\PROGRA~1\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\anzkuuu1@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\arttu.huhtanen@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\nasuliini__@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\brunettee-@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\forssi_@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\lisssu--@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArtSmall.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\desktop.ini C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Folder.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArtSmall.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Large.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Small.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\desktop.ini C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\Folder.jpg C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\seven_years_down_@hotmail.com\Thumbs.db C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\zatuuu@hotmail.com\Thumbs.db C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll C:\Program Files\Canon\MP Navigator 3.0\Maint.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished
"Krista" - 2007-07-08 0:18:01 - ComboFix 07-07-07.3 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Krista\TYPYT~1.\internet explorer.lnk ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 ))))))))))))))))))))))))))))))) 2007-07-08 00:17 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Comodo 2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-07-07 23:47 <KANSIO> d-------- C:\WINDOWS\ERUNT 2007-07-07 23:45 <KANSIO> d-------- C:\Program Files\SDFix 2007-07-07 23:43 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT 2007-07-07 23:43 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko 2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist” 2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist” 2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit 2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„ 2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit 2007-07-07 23:39 <KANSIO> d-------- C:\Program Files\Comodo 2007-07-04 15:21 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-06-30 11:47 <KANSIO> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP 2007-06-29 14:06 <KANSIO> d-------- C:\Program Files\Lavasoft 2007-06-29 14:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-28 22:18 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-28 22:18 <KANSIO> d-------- C:\Program Files\ffdshow 2007-06-28 22:01 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Media Player Classic 2007-06-28 20:01 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-06-28 01:00 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-06-28 01:00 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-28 01:00 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-28 01:00 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-28 01:00 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-28 01:00 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-27 22:39 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\uTorrent 2007-06-24 16:34 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll 2007-06-24 16:21 <KANSIO> d-------- C:\Program Files\OpenFour 2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\OpenFour 2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help mail setup real 2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Windows Live 2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Adverts 2007-06-22 17:37 0 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-06-14 12:27 <KANSIO> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-06-14 12:16 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-06-13 22:00 <KANSIO> d-------- C:\Downloads 2007-06-13 21:57 <KANSIO> d-------- C:\Program Files\BitComet 2007-06-11 15:26 57,344 --a------ C:\WINDOWS\WNMHINDR.EXE 2007-06-11 15:26 24,576 --a------ C:\WINDOWS\system32\NMH040A.DLL 2007-06-11 15:25 724,992 --a------ C:\WINDOWS\iun6002.exe 2007-06-11 15:25 <KANSIO> d-------- C:\Program Files\DivX 2007-06-08 23:48 <KANSIO> d-------- C:\DOCUME~1\Krista\Phone Browser 2007-06-08 23:37 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite 2007-06-08 23:36 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Nokia 2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\DIFX 2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite 2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\Nokia 2007-06-08 23:35 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\PC Suite 2007-06-08 23:34 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution 2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\Nokia 2007-06-08 23:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-29 11:05:51 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-27 22:00:06 -------- d-----w C:\Program Files\Alwil Software 2007-06-27 21:29:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Lavasoft 2007-06-27 16:56:08 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Skype 2007-06-24 13:20:33 -------- d-----w C:\Program Files\Messenger Plus! Live 2007-06-22 14:00:43 -------- d-----w C:\Program Files\Messenger 2007-06-07 19:29:26 -------- d-----w C:\Program Files\Trust 320 SpaceCam 2007-06-07 19:29:13 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-01 13:01:02 -------- d-----w C:\Program Files\Windows Live Toolbar 2007-05-31 06:10:58 -------- d-----w C:\Program Files\Online_TV 2007-05-26 14:52:03 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Ahead 2007-05-26 14:35:47 -------- d-----w C:\Program Files\Common Files\Ahead 2007-05-26 09:49:34 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Audacity 2007-05-21 22:19:54 -------- d-----w C:\Program Files\mIRC 2007-05-16 15:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-05-16 15:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 06:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-05-15 06:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe 2007-05-13 11:59:47 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760} 2007-05-13 11:58:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Seven Zip 2007-05-09 12:56:04 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-07 11:29:28 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Screenshot Sender 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-23 13:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] 2006-04-18 20:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2007-02-12 15:56 546672 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "SETUP REAL DASH MEOW"="C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe" [2007-06-24 16:21] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-07 23:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51] "Gram more"="C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe" [2007-06-24 16:21] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] *Newly Created Service* - CMDMON Contents of the 'Scheduled Tasks' folder 2007-07-07 20:00:01 C:\WINDOWS\tasks\A6A7A14390DC5303.job 2007-06-01 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-07 19:50:01 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-08 00:20:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-08 0:21:21 C:\ComboFix-quarantined-files.txt ... 2007-07-08 00:21 --- E O F ---
Logfile of HijackThis v1.99.1 Scan saved at 0:27:49, on 8.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167404870906 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ==================== Noniin, siinä pitäis olla kaikki, ohjeiden mukaisessa järjestyksessä.
Poista ohjauspaneelin lisää/poista sovelluksen kautta Messenger Plus! Live Avaa Notepad ja kopioi/liitä allaoleva teksti sinne: Tallenna se nimellä ComboFix-Do.txt Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. ======= myös uusi hjtlogi
