kalminen, yaht alotti auttamisen, jatkatkoloppuun? mulla tänää kiire. ja pitäs saada ennen viitä asti valmiiks, kiitos

sami1 · 30.06.2008

tässä siis jatkoa malware reportti ja uus hjt Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 895

16:56:06 2008-06-27
mbam-log-6-27-2008 (16-56-06).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 107302
Kulunut aika: 26 minute(s), 23 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{3ED89C74-D6BB-409A-8C38-E87D24C10102}\RP127\A0039724.exe (Trojan.Vundo) -> Quarantined and deleted successfully.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Contact Manager\Alerts.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {08ec2338-23cb-851b-eae4-63765dab8950} - {0598bad5-6736-4eae-b158-bc328332ce80} - C:\WINDOWS\system32\btohdngs.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Contact Manager Alerts] C:\Program Files\Contact Manager\Alerts.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O20 - Winlogon Notify: rqRKASji - rqRKASji.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 8568 bytes

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

AfterDawn

kalminen · 30.06.2008

Tässä ensiapua !!!
Mihinä sulla on alkuperäinen viesti ketju ???

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\btohdngs.dll
C:\WINDOWS\system32\rqRKASji.dll

Laajenna...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: {08ec2338-23cb-851b-eae4-63765dab8950} - {0598bad5-6736-4eae-b158-bc328332ce80} - C:\WINDOWS\system32\btohdngs.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [Contact Manager Alerts] C:\Program Files\Contact Manager\Alerts.exe
O20 - Winlogon Notify: rqRKASji - rqRKASji.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

sami1 · 30.06.2008

tuolla alempan, ajattelin pistää uudestaa ton ku ei kukaa vastaa, kerkeetkö vastaa ennen 5,ku lähtee lentokone 6 ja pitäs lähtee 5, kiitos Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:22, on 30.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

-- ComboFix 08-06-20.4 - Juha Saarela 2008-06-30 15:43:29.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT 3:00]
Running from: C:\Documents and Settings\Juha Saarela\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Juha Saarela\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\btohdngs.dll
C:\WINDOWS\system32\rqRKASji.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\btohdngs.dll
.
---- Previous Run -------
.
C:\WINDOWS\BM012b199f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\knVwHRqr.ini
C:\WINDOWS\system32\rqRHwVnk.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 17:03 . 2008-06-29 17:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-29 17:03 . 2008-06-29 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 17:02 . 2008-06-29 17:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 20:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 20:22 . 2008-06-28 20:22 <DIR> d-------- C:\Program Files\Java
2008-06-28 20:22 . 2008-06-28 20:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-27 12:53 . 2008-06-27 12:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 12:53 . 2008-06-27 12:53 <DIR> d-------- C:\Documents and Settings\Juha Saarela\Application Data\Malwarebytes
2008-06-27 12:53 . 2008-06-27 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 12:53 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 12:53 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 21:16 . 2008-06-26 21:16 80,264 --a------ C:\Program Files\cc_20080626_2116.reg
2008-06-23 13:42 . 2008-06-23 13:43 230,164 --a------ C:\Program Files\cc_20080623_1342.reg
2008-06-22 16:54 . 2008-06-22 16:54 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-20 14:28 . 2008-06-20 14:28 <DIR> d--hs---- C:\FOUND.002
2008-06-19 23:35 . 2008-06-19 23:35 <DIR> d-------- C:\backups
2008-06-19 16:58 . 2008-06-19 16:59 47,392 --a------ C:\Program Files\cc_20080619_1658.reg
2008-06-19 16:31 . 2008-06-19 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-06-19 13:58 . 2008-06-19 13:58 396,288 --a------ C:\HijackThis.exe
2008-06-18 19:00 . 2008-06-18 19:00 398 --a------ C:\Program Files\cc_20080618_1900.reg
2008-06-18 12:49 . 2008-06-18 12:49 19,152 --a------ C:\Program Files\cc_20080618_1249.reg
2008-06-18 12:39 . 2008-06-18 12:39 218,808 --a------ C:\Program Files\cc_20080618_1238.reg
2008-06-18 12:33 . 2008-06-18 12:33 <DIR> d-------- C:\Program Files\CCleaner
2008-06-17 21:51 . 2008-06-29 21:10 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-17 21:51 . 2008-06-29 21:10 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 21:48 . 2008-06-17 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-17 21:48 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-17 21:48 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-17 21:48 . 2008-06-17 21:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 21:47 . 2008-06-17 21:47 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-17 19:09 . 2008-06-19 12:55 2,626 ---hs---- C:\WINDOWS\system32\lrjqbixg.ini
2008-06-17 11:53 . 2008-06-17 11:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 11:49 . 2008-06-17 11:49 5,842,088 --a------ C:\Program Files\Firefox Setup 2.0.0.14.exe
2008-06-16 16:51 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 16:51 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 13:59 . 2008-06-17 18:58 2,086 ---hs---- C:\WINDOWS\system32\qpiydiio.ini
2008-06-16 13:51 . 2008-06-16 13:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-16 13:50 . 2008-06-16 13:50 24,041,968 --a------ C:\Program Files\setupfin.exe
2008-06-14 23:25 . 2008-06-16 12:58 1,314 ---hs---- C:\WINDOWS\system32\lsqkmnnj.ini
2008-06-13 23:56 . 2008-06-14 23:21 954 ---hs---- C:\WINDOWS\system32\dedyrnge.ini
2008-06-12 21:03 . 2008-06-13 23:54 834 ---hs---- C:\WINDOWS\system32\nlecomeu.ini
2008-06-10 16:12 . 2008-06-12 20:58 774 ---hs---- C:\WINDOWS\system32\yiyncooc.ini
2008-06-08 00:35 . 2008-06-10 16:06 534 ---hs---- C:\WINDOWS\system32\nfsobrua.ini
2008-06-05 19:41 . 2008-06-08 00:30 354 ---hs---- C:\WINDOWS\system32\hbskjdmg.ini
2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d--hs---- C:\FOUND.001
2008-06-04 01:21 . 2008-06-04 01:21 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-02 13:51 . 2008-06-05 19:37 1,426 ---hs---- C:\WINDOWS\system32\ymfqxibw.ini
2008-06-02 13:46 . 2008-06-02 13:46 0 --a------ C:\WINDOWS\system32\pjaxcxyy.tmp
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 14:33 2,115,385 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-19 17:02 867,328 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-19 17:02 1,381,888 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-01 14:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-01 14:14 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-02 18:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-04-03 19:33 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_15.00.14.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-15 07:35:50 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-29 13:25:34 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-04-15 07:35:50 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-29 13:25:24 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-06-27 11:55:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 11:39:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-07-15 03:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 03:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 00:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 08:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 03:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 03:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-08-13 07:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-08-03 15:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-24 04:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 04:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 03:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-26 00:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-26 00:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 04:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-14 19:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 03:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-05-28 20:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-06-18 22:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 14:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 22:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 22:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 22:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 14:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-05-28 20:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-07-14 19:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 03:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-17 16:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 16:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 03:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2002-04-09 17:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 03:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 05:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-14 19:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 00:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-23 19:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 03:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 03:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 16:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-11 07:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 08:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 19:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 03:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 14:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 14:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 13:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 03:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 04:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 03:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 03:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 04:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 03:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2007-04-15 07:35:50 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 08:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 08:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 08:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 08:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 04:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-08-01 20:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-05-09 02:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 03:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 19:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 03:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-03 15:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-03 12:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2007-04-15 07:35:50 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 18:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2007-05-31 10:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 11:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-06-18 14:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-09 14:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 10:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\B040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2008-06-17 09:22:42 593,920 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-30 12:14:20 593,920 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-17 09:22:42 12,288 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-30 12:14:20 12,288 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-17 09:22:42 86,016 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-30 12:14:20 86,016 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-06-17 09:22:42 135,168 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-30 12:14:18 135,168 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-17 09:22:42 11,264 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-30 12:14:20 11,264 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-17 09:22:42 27,136 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-30 12:14:20 27,136 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-17 09:22:42 4,096 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-30 12:14:20 4,096 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-17 09:22:42 794,624 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-30 12:14:20 794,624 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-17 09:22:42 249,856 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-30 12:14:18 249,856 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-17 09:22:42 61,440 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-30 12:14:18 61,440 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-17 09:22:42 23,040 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-30 12:14:20 23,040 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-17 09:22:42 286,720 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-30 12:14:18 286,720 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-17 09:22:42 409,600 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-30 12:14:18 409,600 ----a-r C:\WINDOWS\Installer\{9011040B-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2003-08-03 15:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 07:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 03:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 16:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-10 11:25:18 184,224 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-29 17:14:12 184,224 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-21 22:23:36 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:40 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 22:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:44 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-21 23:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:02 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2003-06-18 22:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 10:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2003-06-18 22:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 10:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 22:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 10:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 22:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 10:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 22:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 10:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 22:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 10:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2008-06-30 11:40:04 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat
+ 2008-06-30 11:41:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_ab0.dat
+ 2008-06-30 11:39:48 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Contact Manager Alerts"="C:\Program Files\Contact Manager\Alerts.exe" [2007-09-11 17:39 10072064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone -pikak„ynnistys.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKASji]
rqRKASji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc91a3a4-57e1-11dc-9ede-0016d4603231}]
\Shell\AutoRun\command - F:\play/mplay.exe
\Shell\jidea_install_cmd\command - F:\play/mplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 12:06:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 15:49:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 15:51:46
ComboFix-quarantined-files.txt 2008-06-30 12:51:32

Pre-Run: 11,810,390,016 bytes free
Post-Run: 11,785,306,112 bytes free

321 --- E O F --- 2008-06-30 12:14:34

kalminen · 30.06.2008

Roskia jäi, mutta ei ole actiivisina.
Kyllä tällä voi huoletta surffailla.
Palataan sitten kun tulet lomalta jos jotai hienosäätöö
tarvii
Hyvät lomat

sami1 · 30.06.2008

no siis asiahan on niin että oon tyttöystävällä joka asuu vähä kauempana ja lähen himaan, mutta voitko vielä auttaa tän loppuun jos tyttöystävä yrittää tehä sen ? ei mikään tietokone osaaja mutta kyllä osaa tehä sen kunnon ohjeilla kiitos, tulin jus lomalta, alkaa armoton työ kuukaus , mutta jos jaksat ni auta loppuun tää

kalminen · 30.06.2008

OK työn iloa HI

kalminen · 30.06.2008

Moi jatketaan loppusiivoilla !!!

Näillä ei sitten ole enään kiirettä.
Jos homma on uutta asiaa tutki rauhassa ja kysy.

Sammuta selain Fixin ajaksi.
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

Tyhjennä roskakori.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
.

sami1 · 30.06.2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:47, on 30.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?807f936eb60e4329894f01c05d48b8c8
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 7883 bytes

kalminen · 30.06.2008

Hienoa puhdasta on logilla !!!

Roskat vain pois:
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
**********************************************************

Toimiiko kone OK ???
.

sami1 · 30.06.2008

Onko tää sitte nyt valmis? Juup kone toimii oikein hyvin nyt ei mitään ongelmia enää Kiitos kaikesta avusta

kalminen · 30.06.2008

Olkaat hyvä

Kirjaudu tai liity jäseneksi

kalminen, yaht alotti auttamisen, jatkatkoloppuun? mulla tänää kiire. ja pitäs saada ennen viitä asti valmiiks, kiitos

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

kalminen Regular member

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

kalminen, yaht alotti auttamisen, jatkatkoloppuun? mulla tänää kiire. ja pitäs saada ennen viitä asti valmiiks, kiitos

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

kalminen Regular member

sami1 Member

kalminen Regular member

sami1 Member

kalminen Regular member

Jaa tämä sivu

Hyödyllisiä hakuja