|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Onko kone puhdas?
|
|
Newbie
|
7. heinäkuuta 2007 @ 14:32 |
Linkki tähän viestiin
|
Niin että tarvis tietää onko kone puhdas.
====================
Logfile of HijackThis v1.99.1
Scan saved at 18:29:40, on 7.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lExplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1167404870906
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
====================
|
|
Auttaja
Suspended permanently
|
7. heinäkuuta 2007 @ 18:20 |
Linkki tähän viestiin
|
Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:
Comodo
Kerio
Zonealarm
=========
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
=======
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
=========
myös uusi hjtlogi
|
Newbie
|
7. heinäkuuta 2007 @ 20:16 |
Linkki tähän viestiin
|
|
SDFix: Version 1.90
Run by Krista on la 07.07.2007 at 23:47
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\PROGRA~1\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\IEexplore32.exe - Deleted
C:\WINDOWS\system32\lexplore.exe - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"D:\\Renen\\The All-Seeing Eye\\eye.exe"="D:\\Renen\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\WINDOWS\\system32\\IEexplore32.exe"="C:\\WINDOWS\\system32\\IEexplore32.exe:*:Enabled:IEexplore32"
"C:\\WINDOWS\\system32\\lExplore.exe"="C:\\WINDOWS\\system32\\lExplore.exe:*:Enabled:lExplore"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Disabled:DC++"
"D:\\Renen\\eMule\\emule.exe"="D:\\Renen\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\PROGRA~1\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\anzkuuu1@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\arttu.huhtanen@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\nasuliini__@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\brunettee-@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\forssi_@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\lisssu--@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArtSmall.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\desktop.ini
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Folder.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArtSmall.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\desktop.ini
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\Folder.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\seven_years_down_@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\zatuuu@hotmail.com\Thumbs.db
C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll
C:\Program Files\Canon\MP Navigator 3.0\Maint.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
|
Newbie
|
7. heinäkuuta 2007 @ 20:26 |
Linkki tähän viestiin
|
"Krista" - 2007-07-08 0:18:01 - ComboFix 07-07-07.3 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Krista\TYPYT~1.\internet explorer.lnk
((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))
2007-07-08 00:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Comodo
2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-07 23:47 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-07-07 23:45 <KANSIO> d-------- C:\Program Files\SDFix
2007-07-07 23:43 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-07-07 23:43 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-07-07 23:39 <KANSIO> d-------- C:\Program Files\Comodo
2007-07-04 15:21 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-30 11:47 <KANSIO> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2007-06-29 14:06 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-06-29 14:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-28 22:18 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-28 22:18 <KANSIO> d-------- C:\Program Files\ffdshow
2007-06-28 22:01 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Media Player Classic
2007-06-28 20:01 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-28 01:00 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-28 01:00 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-28 01:00 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-28 01:00 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-28 01:00 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-28 01:00 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-27 22:39 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\uTorrent
2007-06-24 16:34 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-06-24 16:21 <KANSIO> d-------- C:\Program Files\OpenFour
2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\OpenFour
2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help mail setup real
2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Windows Live
2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Adverts
2007-06-22 17:37 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-06-14 12:27 <KANSIO> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-14 12:16 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-13 22:00 <KANSIO> d-------- C:\Downloads
2007-06-13 21:57 <KANSIO> d-------- C:\Program Files\BitComet
2007-06-11 15:26 57,344 --a------ C:\WINDOWS\WNMHINDR.EXE
2007-06-11 15:26 24,576 --a------ C:\WINDOWS\system32\NMH040A.DLL
2007-06-11 15:25 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-06-11 15:25 <KANSIO> d-------- C:\Program Files\DivX
2007-06-08 23:48 <KANSIO> d-------- C:\DOCUME~1\Krista\Phone Browser
2007-06-08 23:37 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-08 23:36 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Nokia
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\DIFX
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-06-08 23:35 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\PC Suite
2007-06-08 23:34 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\Nokia
2007-06-08 23:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-29 11:05:51 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 22:00:06 -------- d-----w C:\Program Files\Alwil Software
2007-06-27 21:29:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Lavasoft
2007-06-27 16:56:08 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Skype
2007-06-24 13:20:33 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-22 14:00:43 -------- d-----w C:\Program Files\Messenger
2007-06-07 19:29:26 -------- d-----w C:\Program Files\Trust 320 SpaceCam
2007-06-07 19:29:13 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-01 13:01:02 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-31 06:10:58 -------- d-----w C:\Program Files\Online_TV
2007-05-26 14:52:03 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Ahead
2007-05-26 14:35:47 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-26 09:49:34 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Audacity
2007-05-21 22:19:54 -------- d-----w C:\Program Files\mIRC
2007-05-16 15:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 15:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 06:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 06:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-05-13 11:59:47 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2007-05-13 11:58:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Seven Zip
2007-05-09 12:56:04 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 11:29:28 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Screenshot Sender
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 13:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
2006-04-18 20:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-02-12 15:56 546672 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SETUP REAL DASH MEOW"="C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe" [2007-06-24 16:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-07 23:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
"Gram more"="C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe" [2007-06-24 16:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
*Newly Created Service* - CMDMON
Contents of the 'Scheduled Tasks' folder
2007-07-07 20:00:01 C:\WINDOWS\tasks\A6A7A14390DC5303.job
2007-06-01 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-07 19:50:01 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 00:20:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 0:21:21
C:\ComboFix-quarantined-files.txt ... 2007-07-08 00:21
--- E O F ---
|
Newbie
|
7. heinäkuuta 2007 @ 20:30 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 0:27:49, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1167404870906
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
====================
Noniin, siinä pitäis olla kaikki, ohjeiden mukaisessa järjestyksessä.
|
|
Mainos
|
 |
|
|
Auttaja
Suspended permanently
|
7. heinäkuuta 2007 @ 20:41 |
Linkki tähän viestiin
|
Poista ohjauspaneelin lisää/poista sovelluksen kautta Messenger Plus! Live
Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\tasks\A6A7A14390DC5303.job
C:\WINDOWS\iun6002.exe
C:\WINDOWS\WNMHINDR.EXE
C:\WINDOWS\system32\NMH040A.DLL
Folder::
C:\DOCUME~1\Krista\APPLIC~1\OpenFour
C:\Program Files\OpenFour
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help mail setup real
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\WINDOWS\system32\54164532ld.exe
Tallenna se nimellä ComboFix-Do.txt
Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=======
myös uusi hjtlogi
|
|
