AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 31.7.2025 / 06:40
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > onko kone puhdas?
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Onko kone puhdas?
  Siirry:
 
Kirjoittaja Viesti
Renzku
Newbie
_ 		7. heinäkuuta 2007 @ 14:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Niin että tarvis tietää onko kone puhdas.

====================
Logfile of HijackThis v1.99.1
Scan saved at 18:29:40, on 7.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lExplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1167404870906
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

====================
[ + lainaa]
Auttaja
Suspended permanently
_ 		7. heinäkuuta 2007 @ 18:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

Comodo
Kerio
Zonealarm

=========

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

=======

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=========

myös uusi hjtlogi

[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
Renzku
Newbie
_ 		7. heinäkuuta 2007 @ 20:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
SDFix: Version 1.90

Run by Krista on la 07.07.2007 at 23:47

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\PROGRA~1\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\IEexplore32.exe - Deleted
C:\WINDOWS\system32\lexplore.exe - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe"="D:\\Renen\\Steam\\SteamApps\\therenzku\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"D:\\Renen\\The All-Seeing Eye\\eye.exe"="D:\\Renen\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\WINDOWS\\system32\\IEexplore32.exe"="C:\\WINDOWS\\system32\\IEexplore32.exe:*:Enabled:IEexplore32"
"C:\\WINDOWS\\system32\\lExplore.exe"="C:\\WINDOWS\\system32\\lExplore.exe:*:Enabled:lExplore"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Disabled:DC++"
"D:\\Renen\\eMule\\emule.exe"="D:\\Renen\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\PROGRA~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\anzkuuu1@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\arttu.huhtanen@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\krista_ilen@hotmail.com\Sharing Folders\nasuliini__@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\brunettee-@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\forssi_@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\lisssu--@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArtSmall.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{5F4AFA78-55CF-436A-A244-597C1E1F8E67}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{6BE55929-4C7E-44DC-A66D-4C886DFB23CD}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D5A3B7A2-12CC-4BE1-AE88-34691650389D}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{D744F193-FDDB-438D-BD18-DC0A84CDBCBA}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\AlbumArt_{E50A6A11-6CC0-4F23-958E-9CD2FDC5257A}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\desktop.ini
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Folder.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\mansikkapirtelo@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArtSmall.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Large.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\AlbumArt_{4D9A7060-5A1F-4AA5-B310-E63B3643CEF9}_Small.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\desktop.ini
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\s-electric@hotmail.com\Folder.jpg
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\seven_years_down_@hotmail.com\Thumbs.db
C:\Documents and Settings\Krista\Local Settings\Application Data\Microsoft\Messenger\rene_ilen@hotmail.com\Sharing Folders\zatuuu@hotmail.com\Thumbs.db
C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll
C:\Program Files\Canon\MP Navigator 3.0\Maint.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished
[ + lainaa]
Renzku
Newbie
_ 		7. heinäkuuta 2007 @ 20:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
"Krista" - 2007-07-08 0:18:01 - ComboFix 07-07-07.3 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Krista\TYPYT~1.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-08 00:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Comodo
2007-07-08 00:10 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-07 23:47 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-07-07 23:45 <KANSIO> d-------- C:\Program Files\SDFix
2007-07-07 23:43 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-07-07 23:43 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-07-07 23:43 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-07-07 23:43 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-07-07 23:39 <KANSIO> d-------- C:\Program Files\Comodo
2007-07-04 15:21 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-30 11:47 <KANSIO> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2007-06-29 14:06 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-06-29 14:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-28 22:18 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-28 22:18 <KANSIO> d-------- C:\Program Files\ffdshow
2007-06-28 22:01 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Media Player Classic
2007-06-28 20:01 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-28 01:00 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-28 01:00 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-28 01:00 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-28 01:00 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-28 01:00 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-28 01:00 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-27 22:39 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\uTorrent
2007-06-24 16:34 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-06-24 16:21 <KANSIO> d-------- C:\Program Files\OpenFour
2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\OpenFour
2007-06-24 16:21 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help mail setup real
2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Windows Live
2007-06-24 16:20 <KANSIO> d-------- C:\Program Files\Adverts
2007-06-22 17:37 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-06-14 12:27 <KANSIO> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-14 12:16 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-13 22:00 <KANSIO> d-------- C:\Downloads
2007-06-13 21:57 <KANSIO> d-------- C:\Program Files\BitComet
2007-06-11 15:26 57,344 --a------ C:\WINDOWS\WNMHINDR.EXE
2007-06-11 15:26 24,576 --a------ C:\WINDOWS\system32\NMH040A.DLL
2007-06-11 15:25 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-06-11 15:25 <KANSIO> d-------- C:\Program Files\DivX
2007-06-08 23:48 <KANSIO> d-------- C:\DOCUME~1\Krista\Phone Browser
2007-06-08 23:37 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-08 23:36 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\Nokia
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\DIFX
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-06-08 23:35 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-06-08 23:35 <KANSIO> d-------- C:\DOCUME~1\Krista\APPLIC~1\PC Suite
2007-06-08 23:34 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-06-08 23:34 <KANSIO> d-------- C:\Program Files\Nokia
2007-06-08 23:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 11:05:51 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 22:00:06 -------- d-----w C:\Program Files\Alwil Software
2007-06-27 21:29:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Lavasoft
2007-06-27 16:56:08 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Skype
2007-06-24 13:20:33 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-22 14:00:43 -------- d-----w C:\Program Files\Messenger
2007-06-07 19:29:26 -------- d-----w C:\Program Files\Trust 320 SpaceCam
2007-06-07 19:29:13 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-01 13:01:02 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-31 06:10:58 -------- d-----w C:\Program Files\Online_TV
2007-05-26 14:52:03 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Ahead
2007-05-26 14:35:47 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-26 09:49:34 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Audacity
2007-05-21 22:19:54 -------- d-----w C:\Program Files\mIRC
2007-05-16 15:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 15:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 06:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 06:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-05-13 11:59:47 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2007-05-13 11:58:52 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Seven Zip
2007-05-09 12:56:04 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 11:29:28 -------- d-----w C:\DOCUME~1\Krista\APPLIC~1\Screenshot Sender
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 13:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
2006-04-18 20:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-02-12 15:56 546672 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SETUP REAL DASH MEOW"="C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe" [2007-06-24 16:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-07 23:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
"Gram more"="C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe" [2007-06-24 16:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - CMDMON

Contents of the 'Scheduled Tasks' folder
2007-07-07 20:00:01 C:\WINDOWS\tasks\A6A7A14390DC5303.job
2007-06-01 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-07 19:50:01 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 00:20:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 0:21:21
C:\ComboFix-quarantined-files.txt ... 2007-07-08 00:21

--- E O F ---
[ + lainaa]
Renzku
Newbie
_ 		7. heinäkuuta 2007 @ 20:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 0:27:49, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krista\Työpöytä\Koneen puhdistus\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SETUP REAL DASH MEOW] C:\Documents and Settings\All Users\Application Data\Help mail setup real\meetiso.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Gram more] C:\DOCUME~1\Krista\APPLIC~1\OpenFour\proxy exit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://renzku.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1167404870906
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Renen\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

====================

Noniin, siinä pitäis olla kaikki, ohjeiden mukaisessa järjestyksessä.
[ + lainaa]
Mainos
_ 		__
 
_
Auttaja
Suspended permanently
_ 		7. heinäkuuta 2007 @ 20:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista ohjauspaneelin lisää/poista sovelluksen kautta Messenger Plus! Live


Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:

Lainaus:

File::
C:\WINDOWS\tasks\A6A7A14390DC5303.job
C:\WINDOWS\iun6002.exe
C:\WINDOWS\WNMHINDR.EXE
C:\WINDOWS\system32\NMH040A.DLL

Folder::
C:\DOCUME~1\Krista\APPLIC~1\OpenFour
C:\Program Files\OpenFour
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help mail setup real
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\WINDOWS\system32\54164532ld.exe
Tallenna se nimellä ComboFix-Do.txt

Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.




Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=======

myös uusi hjtlogi
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > onko kone puhdas?
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy