voisko joku auttaa mua, kun mulla on tää windows live messenger viirus? se sanoo kavereille et ''moi, onko tämä sinun kuvasi'' sitte joku linkki peräs. ja hijackthis sanoo; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:26:56, on 30.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\sami\steam.exe D:\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\service.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "d:\sami\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10611 bytes että voisko joku kiltti ihminen auttaa mua? =/
Ku koitan avaa ton combofix nii se sanoo et ''C:/Documents and Settings/käyttäjä/Työpöytä/combofix.exe ei ole kelvollinen win32-sovellus.
tos ois combofix; ComboFix 08-05-29.1 - Sirpa Toroi 2008-05-30 15:05:39.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.154 [GMT 3:00] Running from: C:\Documents and Settings\Sirpa Toroi\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Sirpa Toroi\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\winudspm.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 02_52_39 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_07_52 PM_312.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_18_51 PM_390.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_43_30 PM_734.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_48_13 PM_031.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 04_11_33 PM_671.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 05_09_53 PM_093.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 07_24_40 PM_312.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 10_34_28 PM_015.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 11_18_37 PM_000.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 09 - 01_54_00 PM_812.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_15_01 PM_703.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_35_18 PM_500.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 08_52_03 PM_187.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 09_07_27 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 10_08_39 PM_984.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 10 - 11_28_11 AM_796.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 08_05_43 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 09_39_36 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 11_21_53 AM_921.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 02_52_39 PM_578.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 04_06_21 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 05_24_52 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 07_31_37 PM_906.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 08_08_31 AM_171.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 02_08_16 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 04_19_00 PM_203.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 07_54_35 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 14 - 01_16_01 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\rs.dat C:\setup.exe C:\WINDOWS\service.exe C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job C:\WINDOWS\winudspm.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 ))))))))))))))))) . 2008-05-30 14:05 . 2008-05-30 14:11 60,132 --a------ C:\dci.exe 2008-05-30 08:26 . 2008-05-30 08:26 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-05-30 00:04 . 2008-05-30 00:04 <KANSIO> d-------- C:\Program Files\Yahoo! 2008-05-30 00:02 . 2008-05-30 00:02 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar 2008-05-29 21:47 . 2008-05-29 21:47 <KANSIO> d--hs---- C:\FOUND.001 2008-05-29 15:13 . 2008-05-29 15:13 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\Command & Conquer 3 Tiberium Wars 2008-05-29 15:12 . 2008-05-29 15:12 <KANSIO> dr-h----- C:\Documents and Settings\Sirpa Toroi\Application Data\SecuROM 2008-05-29 15:12 . 2008-05-29 15:12 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2008-05-29 14:35 . 2008-05-29 14:35 <KANSIO> d-------- C:\Program Files\Electronic Arts 2008-05-28 17:06 . 2008-05-28 17:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-28 17:05 . 2008-05-28 17:06 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\DAEMON Tools 2008-05-27 20:37 . 2008-05-27 20:37 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Incomplete 2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Program Files\AskSBar 2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\FrostWire 2008-05-27 18:14 . 2008-05-27 18:14 52,736 --a------ C:\WINDOWS\ipuninst.exe 2008-05-27 17:44 . 2008-03-28 17:44 32 -ra------ C:\Documents and Settings\All Users\hash.dat 2008-05-27 17:42 . 2008-05-27 17:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\.narya 2008-05-27 17:33 . 2008-05-27 17:33 <KANSIO> d-------- C:\Program Files\Three Rings Design 2008-05-27 17:28 . 2008-05-27 17:28 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\bang 2008-05-27 16:43 . 2008-05-27 16:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\CyberLink 2008-05-27 14:50 . 2008-05-27 14:50 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2 2008-05-27 14:48 . 2008-05-27 14:49 <KANSIO> d-------- C:\Program Files\Sony 2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-27 14:41 . 2008-05-27 14:42 <KANSIO> d-------- C:\Program Files\Common Files\Sony Shared 2008-05-14 13:24 . 2008-05-14 13:24 <KANSIO> d-------- C:\Program Files\Incomplete 2008-05-14 13:22 . 2008-05-27 15:09 <KANSIO> d-------- C:\Program Files\LimeWire 2008-05-13 16:29 . 2008-05-13 16:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Contacts 2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\Sun 2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32 2008-05-11 21:32 . 2004-09-15 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-11 15:48 . 2008-05-11 15:48 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\teamspeak2 2008-05-10 19:05 . 2008-05-10 19:05 <KANSIO> d--h----- C:\$AVG8.VAULT$ 2008-05-09 23:08 . 2008-05-11 11:24 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2008-05-09 23:08 . 2008-05-11 11:24 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll 2008-05-09 23:08 . 2008-05-11 11:24 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll 2008-05-09 22:50 . 2008-05-09 22:50 <KANSIO> d-------- C:\Program Files\Reality Pump 2008-05-09 22:20 . 2008-05-09 22:20 <KANSIO> d-------- C:\Program Files\Eidos Interactive 2008-05-09 22:20 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe 2008-05-09 22:05 . 2008-05-09 22:05 <KANSIO> d-------- C:\TEXCACHE 2008-05-09 21:32 . 2008-05-09 21:32 <KANSIO> d-------- C:\Program Files\CENEGA 2008-05-09 21:03 . 2008-05-09 21:04 <KANSIO> d-------- C:\Program Files\MSXML 4.0 2008-05-09 20:51 . 2008-05-09 20:51 <KANSIO> d--hs---- C:\FOUND.000 2008-05-09 18:29 . 2008-05-09 18:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\LimeWire 2008-05-09 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-09 18:27 . 2008-05-09 18:27 <KANSIO> d-------- C:\Program Files\Java 2008-05-09 18:25 . 2008-05-09 18:25 <KANSIO> d-------- C:\Program Files\Common Files\Java 2008-05-09 14:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-09 14:25 . 2008-05-09 14:25 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-09 14:05 . 2008-05-09 14:05 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-12 07:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-05-27 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 2006-05-07 21:40 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2006-05-07 21:40 2050816] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 20:36 267592] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2006-05-07 21:40 2050816] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-27 20:36 267592] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 22:34 68856] "Steam"="d:\sami\steam.exe" [2008-05-21 19:56 1271032] "DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="" [] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2006-05-07 21:39 1177368] "USSShReg"="C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 04:16 20992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Windows UDP Control"="winudspm.exe" [] "Windows svchost"="service.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588] Album Fast Start.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE [2006-05-07 23:50:17 22016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\SAMI\\SteamApps\\figther92\\counter-strike source\\hl2.exe"= "D:\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2006-05-07 21:40] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2006-05-07 21:39] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2006-05-07 21:39] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2006-05-07 21:40] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-05-30 11:17:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 15:07:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-30 15:08:11 ComboFix-quarantined-files.txt 2008-05-30 12:08:10 Pre-Run: 19,190,317,056 tavua vapaana Post-Run: 19,262,210,048 tavua vapaana 240 --- E O F --- 2008-05-29 12:56:12
tos ois combofix; ComboFix 08-05-29.1 - Sirpa Toroi 2008-05-30 15:05:39.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.154 [GMT 3:00] Running from: C:\Documents and Settings\Sirpa Toroi\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Sirpa Toroi\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\winudspm.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 02_52_39 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_07_52 PM_312.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_18_51 PM_390.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_43_30 PM_734.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_48_13 PM_031.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 04_11_33 PM_671.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 05_09_53 PM_093.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 07_24_40 PM_312.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 10_34_28 PM_015.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 11_18_37 PM_000.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 09 - 01_54_00 PM_812.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_15_01 PM_703.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_35_18 PM_500.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 08_52_03 PM_187.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 09_07_27 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 10_08_39 PM_984.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 10 - 11_28_11 AM_796.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 08_05_43 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 09_39_36 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 11_21_53 AM_921.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 02_52_39 PM_578.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 04_06_21 PM_281.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 05_24_52 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 07_31_37 PM_906.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 08_08_31 AM_171.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 02_08_16 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 04_19_00 PM_203.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 07_54_35 PM_828.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 14 - 01_16_01 PM_750.log C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\rs.dat C:\setup.exe C:\WINDOWS\service.exe C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job C:\WINDOWS\winudspm.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 ))))))))))))))))) . 2008-05-30 14:05 . 2008-05-30 14:11 60,132 --a------ C:\dci.exe 2008-05-30 08:26 . 2008-05-30 08:26 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-05-30 00:04 . 2008-05-30 00:04 <KANSIO> d-------- C:\Program Files\Yahoo! 2008-05-30 00:02 . 2008-05-30 00:02 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar 2008-05-29 21:47 . 2008-05-29 21:47 <KANSIO> d--hs---- C:\FOUND.001 2008-05-29 15:13 . 2008-05-29 15:13 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\Command & Conquer 3 Tiberium Wars 2008-05-29 15:12 . 2008-05-29 15:12 <KANSIO> dr-h----- C:\Documents and Settings\Sirpa Toroi\Application Data\SecuROM 2008-05-29 15:12 . 2008-05-29 15:12 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2008-05-29 14:35 . 2008-05-29 14:35 <KANSIO> d-------- C:\Program Files\Electronic Arts 2008-05-28 17:06 . 2008-05-28 17:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-28 17:05 . 2008-05-28 17:06 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\DAEMON Tools 2008-05-27 20:37 . 2008-05-27 20:37 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Incomplete 2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Program Files\AskSBar 2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\FrostWire 2008-05-27 18:14 . 2008-05-27 18:14 52,736 --a------ C:\WINDOWS\ipuninst.exe 2008-05-27 17:44 . 2008-03-28 17:44 32 -ra------ C:\Documents and Settings\All Users\hash.dat 2008-05-27 17:42 . 2008-05-27 17:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\.narya 2008-05-27 17:33 . 2008-05-27 17:33 <KANSIO> d-------- C:\Program Files\Three Rings Design 2008-05-27 17:28 . 2008-05-27 17:28 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\bang 2008-05-27 16:43 . 2008-05-27 16:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\CyberLink 2008-05-27 14:50 . 2008-05-27 14:50 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2 2008-05-27 14:48 . 2008-05-27 14:49 <KANSIO> d-------- C:\Program Files\Sony 2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-27 14:41 . 2008-05-27 14:42 <KANSIO> d-------- C:\Program Files\Common Files\Sony Shared 2008-05-14 13:24 . 2008-05-14 13:24 <KANSIO> d-------- C:\Program Files\Incomplete 2008-05-14 13:22 . 2008-05-27 15:09 <KANSIO> d-------- C:\Program Files\LimeWire 2008-05-13 16:29 . 2008-05-13 16:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Contacts 2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\Sun 2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32 2008-05-11 21:32 . 2004-09-15 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-11 15:48 . 2008-05-11 15:48 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\teamspeak2 2008-05-10 19:05 . 2008-05-10 19:05 <KANSIO> d--h----- C:\$AVG8.VAULT$ 2008-05-09 23:08 . 2008-05-11 11:24 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2008-05-09 23:08 . 2008-05-11 11:24 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll 2008-05-09 23:08 . 2008-05-11 11:24 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll 2008-05-09 22:50 . 2008-05-09 22:50 <KANSIO> d-------- C:\Program Files\Reality Pump 2008-05-09 22:20 . 2008-05-09 22:20 <KANSIO> d-------- C:\Program Files\Eidos Interactive 2008-05-09 22:20 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe 2008-05-09 22:05 . 2008-05-09 22:05 <KANSIO> d-------- C:\TEXCACHE 2008-05-09 21:32 . 2008-05-09 21:32 <KANSIO> d-------- C:\Program Files\CENEGA 2008-05-09 21:03 . 2008-05-09 21:04 <KANSIO> d-------- C:\Program Files\MSXML 4.0 2008-05-09 20:51 . 2008-05-09 20:51 <KANSIO> d--hs---- C:\FOUND.000 2008-05-09 18:29 . 2008-05-09 18:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\LimeWire 2008-05-09 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-09 18:27 . 2008-05-09 18:27 <KANSIO> d-------- C:\Program Files\Java 2008-05-09 18:25 . 2008-05-09 18:25 <KANSIO> d-------- C:\Program Files\Common Files\Java 2008-05-09 14:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-09 14:25 . 2008-05-09 14:25 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-09 14:05 . 2008-05-09 14:05 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-12 07:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-05-27 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 2006-05-07 21:40 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2006-05-07 21:40 2050816] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 20:36 267592] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2006-05-07 21:40 2050816] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-27 20:36 267592] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 22:34 68856] "Steam"="d:\sami\steam.exe" [2008-05-21 19:56 1271032] "DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="" [] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2006-05-07 21:39 1177368] "USSShReg"="C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 04:16 20992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Windows UDP Control"="winudspm.exe" [] "Windows svchost"="service.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588] Album Fast Start.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE [2006-05-07 23:50:17 22016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\SAMI\\SteamApps\\figther92\\counter-strike source\\hl2.exe"= "D:\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2006-05-07 21:40] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2006-05-07 21:39] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2006-05-07 21:39] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2006-05-07 21:40] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-05-30 11:17:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 15:07:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-30 15:08:11 ComboFix-quarantined-files.txt 2008-05-30 12:08:10 Pre-Run: 19,190,317,056 tavua vapaana Post-Run: 19,262,210,048 tavua vapaana 240 --- E O F --- 2008-05-29 12:56:12
Joo ja tos ois sitten uunituore HJT logi..; C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\sami\steam.exe D:\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "d:\sami\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10016 bytes ja nyt toivon vaa et joku auttais xD
Windows kansiossa on joku service.exe poista se ja se lähtee myös pois kun vaihtaa salasanaa mesessä.
joo vaihoin jo mut palomuuri huus eilene et koneel on troijjalainen, sit tein sen combofixin ja poistin hijackthis yhen tiedoston ja enää se ei huuda, luulen et sain sen poistettuu ps. Kiitti avusta
