viruksia koneella

tdi · 05.02.2008

virustorjunta ohjelma ilmoitti troijalaisesta yritin poistaa sen mutta en tiedä onnistuiko.
nyt kun avaan koneen niin taustakuva on hävinnyt ja tilalla on google tai jotain muuta.
internet yhteys on myös offlinessa

tässä vielä hjt

Scan saved at 14:26:57, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SXG Advisor - {C1AEEDB2-C2BA-4F27-B591-44EA89388299} - C:\WINDOWS\dwrmntsvrm.dll
O3 - Toolbar: edfqvrw - {5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739} - C:\WINDOWS\edfqvrw.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165792260046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165848134140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: afxlspw - {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll
O21 - SSODL: bfrgnos - {334399CB-26F0-4895-AB55-98D0C8960F21} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

AfterDawn

Hujo · 05.02.2008

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

===============

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

tdi · 05.02.2008

SmitFraudFix v2.281

Scan done at 15:31:51,23, ti 05.02.2008
Run from C:\Documents and Settings\Pasi Aho\Ty”p”yt„\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCPrivacyTool\stm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\PCPrivacyTool\data\GDCW.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pasi Aho

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pasi Aho\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PASIAH~1\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:home"
"SubscribedURL"="about:home"
"FriendlyName"="my current home page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: (ZD1211B)IEEE 802.11 b+g USB Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C1F0F1D-040E-4D68-989F-812072C85368}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C1F0F1D-040E-4D68-989F-812072C85368}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7C1F0F1D-040E-4D68-989F-812072C85368}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Hujo · 05.02.2008

sitten tuo vundofix

tdi · 05.02.2008

VundoFix V6.7.7

Checking Java version...

Scan started at 15:33:58 5.2.2008

Listing files found while scanning....

C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe
C:\WINDOWS\system32\btfunc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe
C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\btfunc.dll Has been deleted!

Performing Repairs to the registry.
Done!

tdi · 05.02.2008

Logfile of HijackThis v1.99.1
Scan saved at 18:58:53, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PCPrivacyTool\GDC.exe
C:\Program Files\Common Files\PCPrivacyTool\stm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\pommi.exe
C:\Program Files\PCPrivacyTool\data\GDCW.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SXG Advisor - {C1AEEDB2-C2BA-4F27-B591-44EA89388299} - C:\WINDOWS\dwrmntsvrm.dll
O3 - Toolbar: edfqvrw - {5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739} - C:\WINDOWS\edfqvrw.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCPrivacyTool] C:\Program Files\PCPrivacyTool\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\PCPrivacyTool\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\PCPrivacyTool\stm.exe" dm=http://pcprivacytool.com ad=http://pcprivacytool.com sd=http://ilp.pcprivacytool.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165792260046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165848134140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: afxlspw - {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll
O21 - SSODL: bfrgnos - {334399CB-26F0-4895-AB55-98D0C8960F21} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Hujo · 05.02.2008

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===========

scannaa vielä uusi hjt:n loki

tdi · 05.02.2008

ComboFix 08-02.05.3 - Pasi Aho 2008-02-05 19:30:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.644 [GMT 2:00]
Running from: C:\Documents and Settings\Pasi Aho\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\Abbr
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\prod_code
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PCPrivacyTool
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PCPrivacyTool\Contact Customer Service.lnk
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PCPrivacyTool\PCPrivacyTool unregistered.lnk
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PCPrivacyTool\PCPrivacyTool web page.lnk
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PCPrivacyTool\Uninstall PCPrivacyTool.lnk
C:\Documents and Settings\Pasi Aho\Application Data\microsoft\internet explorer\quick launch\PCPrivacyTool unregistered.lnk
C:\Documents and Settings\Pasi Aho\Application Data\PCPrivacyTool
C:\Documents and Settings\Pasi Aho\Application Data\PCPrivacyTool\Logs\update.log
C:\Program Files\Common Files\PCPrivacyTool
C:\Program Files\Common Files\PCPrivacyTool\stm.exe
C:\Program Files\PCPrivacyTool
C:\Program Files\PCPrivacyTool\config.ini
C:\Program Files\PCPrivacyTool\data\application\7-Zip Compression Pgm.scr
C:\Program Files\PCPrivacyTool\data\application\AbsoluteFTP.scr
C:\Program Files\PCPrivacyTool\data\application\ACDSee32.scr
C:\Program Files\PCPrivacyTool\data\application\Acoustica CD Label Maker.scr
C:\Program Files\PCPrivacyTool\data\application\Ad-aware SE.scr
C:\Program Files\PCPrivacyTool\data\application\Adaptec's Audio CD.scr
C:\Program Files\PCPrivacyTool\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\PCPrivacyTool\data\application\Addsoft.scr
C:\Program Files\PCPrivacyTool\data\application\AddWeb 3.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\PCPrivacyTool\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\PCPrivacyTool\data\application\Advanced Disk Catalog.scr
C:\Program Files\PCPrivacyTool\data\application\Advanced MP3 Catalog.scr
C:\Program Files\PCPrivacyTool\data\application\Advanced Password Recovery.scr
C:\Program Files\PCPrivacyTool\data\application\ahead cover designer.scr
C:\Program Files\PCPrivacyTool\data\application\Albatros ADGaspect.scr
C:\Program Files\PCPrivacyTool\data\application\Albatros ADGpano.scr
C:\Program Files\PCPrivacyTool\data\application\Albatros ADGview.scr
C:\Program Files\PCPrivacyTool\data\application\Alcohol MRU List.scr
C:\Program Files\PCPrivacyTool\data\application\Animation Shop 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\Animation Shop 3.x.scr
C:\Program Files\PCPrivacyTool\data\application\AOL - Spool.scr
C:\Program Files\PCPrivacyTool\data\application\ASPack.scr
C:\Program Files\PCPrivacyTool\data\application\Avant Browser.scr
C:\Program Files\PCPrivacyTool\data\application\AX-Icons 4.x.scr
C:\Program Files\PCPrivacyTool\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\PCPrivacyTool\data\application\Axialis Media Browser.scr
C:\Program Files\PCPrivacyTool\data\application\Babylon Builder 2.2.scr
C:\Program Files\PCPrivacyTool\data\application\Babylon Translator.scr
C:\Program Files\PCPrivacyTool\data\application\BlazeDVD 2.0.scr
C:\Program Files\PCPrivacyTool\data\application\Bookreader.scr
C:\Program Files\PCPrivacyTool\data\application\C++ Builder.scr
C:\Program Files\PCPrivacyTool\data\application\Cabinet Manager.scr
C:\Program Files\PCPrivacyTool\data\application\Chameleon Web Browser.scr
C:\Program Files\PCPrivacyTool\data\application\Classify 98.scr
C:\Program Files\PCPrivacyTool\data\application\Clicktionary 2000.scr
C:\Program Files\PCPrivacyTool\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\PCPrivacyTool\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\PCPrivacyTool\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\PCPrivacyTool\data\application\Cool Edit Pro.scr
C:\Program Files\PCPrivacyTool\data\application\Corel PhotoPaint 8.scr
C:\Program Files\PCPrivacyTool\data\application\CrissCross.scr
C:\Program Files\PCPrivacyTool\data\application\CRT 2.x.scr
C:\Program Files\PCPrivacyTool\data\application\Cute FTP v3.0.scr
C:\Program Files\PCPrivacyTool\data\application\Cute FTP v4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Cute MX.scr
C:\Program Files\PCPrivacyTool\data\application\CuteFTP.scr
C:\Program Files\PCPrivacyTool\data\application\CuteHTML.scr
C:\Program Files\PCPrivacyTool\data\application\DataRescue_IDA.scr
C:\Program Files\PCPrivacyTool\data\application\Delphi v3.scr
C:\Program Files\PCPrivacyTool\data\application\Delphi v4.scr
C:\Program Files\PCPrivacyTool\data\application\Delphi v5.scr
C:\Program Files\PCPrivacyTool\data\application\Delphi v7.scr
C:\Program Files\PCPrivacyTool\data\application\Disk Explorer Professional 3.scr
C:\Program Files\PCPrivacyTool\data\application\Diskeeper 5.0.scr
C:\Program Files\PCPrivacyTool\data\application\DivX Player.scr
C:\Program Files\PCPrivacyTool\data\application\Download Accelerator.scr
C:\Program Files\PCPrivacyTool\data\application\Ebay Toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\EditPad.scr
C:\Program Files\PCPrivacyTool\data\application\EditPlus 2.scr
C:\Program Files\PCPrivacyTool\data\application\edonkey2000.scr
C:\Program Files\PCPrivacyTool\data\application\eMule.scr
C:\Program Files\PCPrivacyTool\data\application\Enfish Onespace.scr
C:\Program Files\PCPrivacyTool\data\application\Enigma Browser.scr
C:\Program Files\PCPrivacyTool\data\application\F-Secure SSH 2.x.scr
C:\Program Files\PCPrivacyTool\data\application\Fix-It 2000.scr
C:\Program Files\PCPrivacyTool\data\application\FlashGet.scr
C:\Program Files\PCPrivacyTool\data\application\FotoCanvas 2.0.scr
C:\Program Files\PCPrivacyTool\data\application\Fotostation 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\foxit reader.scr
C:\Program Files\PCPrivacyTool\data\application\Free Download Manager 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\FTP Explorer.scr
C:\Program Files\PCPrivacyTool\data\application\FTP Voyager.scr
C:\Program Files\PCPrivacyTool\data\application\Fun CD.scr
C:\Program Files\PCPrivacyTool\data\application\Gator.scr
C:\Program Files\PCPrivacyTool\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\PCPrivacyTool\data\application\GetRight ExplorerBar.scr
C:\Program Files\PCPrivacyTool\data\application\GetRight.scr
C:\Program Files\PCPrivacyTool\data\application\Go!Zilla.scr
C:\Program Files\PCPrivacyTool\data\application\Google Deskbar.scr
C:\Program Files\PCPrivacyTool\data\application\Google Desktop Search History.scr
C:\Program Files\PCPrivacyTool\data\application\Google Toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\Google Video Player 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\GoZilla.scr
C:\Program Files\PCPrivacyTool\data\application\Gravity Newsreader.scr
C:\Program Files\PCPrivacyTool\data\application\hardcopy.scr
C:\Program Files\PCPrivacyTool\data\application\Helios TextPad v3.scr
C:\Program Files\PCPrivacyTool\data\application\Helios TextPad v4.scr
C:\Program Files\PCPrivacyTool\data\application\HelpWriter.scr
C:\Program Files\PCPrivacyTool\data\application\hexworkshop.scr
C:\Program Files\PCPrivacyTool\data\application\Homesite 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Hotbar 3.0.scr
C:\Program Files\PCPrivacyTool\data\application\HotJava Browser.scr
C:\Program Files\PCPrivacyTool\data\application\HTML Help Workshop.scr
C:\Program Files\PCPrivacyTool\data\application\Icon Extractor.scr
C:\Program Files\PCPrivacyTool\data\application\iMesh.scr
C:\Program Files\PCPrivacyTool\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\PCPrivacyTool\data\application\InstallShield Express.scr
C:\Program Files\PCPrivacyTool\data\application\InterQuick.scr
C:\Program Files\PCPrivacyTool\data\application\Irfanview.scr
C:\Program Files\PCPrivacyTool\data\application\Iso Buster.scr
C:\Program Files\PCPrivacyTool\data\application\Jasc Animation Shop 3.scr
C:\Program Files\PCPrivacyTool\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\PCPrivacyTool\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\PCPrivacyTool\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\PCPrivacyTool\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\PCPrivacyTool\data\application\Jet Photo Shell.scr
C:\Program Files\PCPrivacyTool\data\application\juno.scr
C:\Program Files\PCPrivacyTool\data\application\K-Lite Codec Pack.scr
C:\Program Files\PCPrivacyTool\data\application\Kazaa Media Desktop.scr
C:\Program Files\PCPrivacyTool\data\application\Kodak Imaging.scr
C:\Program Files\PCPrivacyTool\data\application\LeapFTP 2.6.scr
C:\Program Files\PCPrivacyTool\data\application\LeechFTP.scr
C:\Program Files\PCPrivacyTool\data\application\Letterbox.scr
C:\Program Files\PCPrivacyTool\data\application\LViewPro 2.x.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Firework MX.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Fireworks 3.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Flash MX.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Flash Player.scr
C:\Program Files\PCPrivacyTool\data\application\Macromedia Flash v4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\PCPrivacyTool\data\application\mapinfo mapmarker.scr
C:\Program Files\PCPrivacyTool\data\application\Mass Download.scr
C:\Program Files\PCPrivacyTool\data\application\MasterSplitter v2.1.scr
C:\Program Files\PCPrivacyTool\data\application\McAfee Virus Scan.scr
C:\Program Files\PCPrivacyTool\data\application\MEDA MP3 Splitter.scr
C:\Program Files\PCPrivacyTool\data\application\Metapad.scr
C:\Program Files\PCPrivacyTool\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\PCPrivacyTool\data\application\Microangelo 98.scr
C:\Program Files\PCPrivacyTool\data\application\MicroAngelo.scr
C:\Program Files\PCPrivacyTool\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\PCPrivacyTool\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft FrontPage Express.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft FrontPage.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Help Workshop.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft HTML Help.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Imaging.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Managemant Console.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Netmeeting.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office 2000.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office 2003.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office 97.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office XP.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Office.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\PCPrivacyTool\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Publisher 2000.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Windows Paint.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Windows WordPad.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Word 2000.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Word Backup Files.scr
C:\Program Files\PCPrivacyTool\data\application\Microsoft Works 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\MIRC.scr
C:\Program Files\PCPrivacyTool\data\application\miroMEDIA PCTV.scr
C:\Program Files\PCPrivacyTool\data\application\mixmeister.scr
C:\Program Files\PCPrivacyTool\data\application\Morpheus.scr
C:\Program Files\PCPrivacyTool\data\application\MovieXone 1.0.scr
C:\Program Files\PCPrivacyTool\data\application\Mozart 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\ms autoroute express.scr
C:\Program Files\PCPrivacyTool\data\application\MS WORD.scr
C:\Program Files\PCPrivacyTool\data\application\MSE.scr
C:\Program Files\PCPrivacyTool\data\application\MSN Toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\Music Match Jukebox.scr
C:\Program Files\PCPrivacyTool\data\application\MyWay Advertising.scr
C:\Program Files\PCPrivacyTool\data\application\Napster Music Community.scr
C:\Program Files\PCPrivacyTool\data\application\Naviscope.scr
C:\Program Files\PCPrivacyTool\data\application\NEATO Labels.scr
C:\Program Files\PCPrivacyTool\data\application\nero burning rom.scr
C:\Program Files\PCPrivacyTool\data\application\Nero Vision.scr
C:\Program Files\PCPrivacyTool\data\application\Net Vampire 3.x.scr
C:\Program Files\PCPrivacyTool\data\application\netants.scr
C:\Program Files\PCPrivacyTool\data\application\NetCaptor.scr
C:\Program Files\PCPrivacyTool\data\application\netmeeting.scr
C:\Program Files\PCPrivacyTool\data\application\Netsonic.scr
C:\Program Files\PCPrivacyTool\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\PCPrivacyTool\data\application\NewsBin Pro 4.scr
C:\Program Files\PCPrivacyTool\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\PCPrivacyTool\data\application\Norton AntiVirus 2003.scr
C:\Program Files\PCPrivacyTool\data\application\Norton Commander.scr
C:\Program Files\PCPrivacyTool\data\application\Norton File Manager.scr
C:\Program Files\PCPrivacyTool\data\application\Norton Firewall.scr
C:\Program Files\PCPrivacyTool\data\application\Norton Internet Security.scr
C:\Program Files\PCPrivacyTool\data\application\Norton LiveUpdate.scr
C:\Program Files\PCPrivacyTool\data\application\Norton Utilities 2000.scr
C:\Program Files\PCPrivacyTool\data\application\NotePad Plus.scr
C:\Program Files\PCPrivacyTool\data\application\notetab lite.scr
C:\Program Files\PCPrivacyTool\data\application\NoteTab Pro.scr
C:\Program Files\PCPrivacyTool\data\application\Object Rescue.scr
C:\Program Files\PCPrivacyTool\data\application\OmniPage 10.0.scr
C:\Program Files\PCPrivacyTool\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\PCPrivacyTool\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\PCPrivacyTool\data\application\PackageForTheWeb.scr
C:\Program Files\PCPrivacyTool\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\PCPrivacyTool\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\PCPrivacyTool\data\application\Password Safe.scr
C:\Program Files\PCPrivacyTool\data\application\PE Explorer 1.95.scr
C:\Program Files\PCPrivacyTool\data\application\Personal Ancestral File.scr
C:\Program Files\PCPrivacyTool\data\application\photo magic 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\PhotoCanvas 2.0.scr
C:\Program Files\PCPrivacyTool\data\application\Photodex Compupic Pro.scr
C:\Program Files\PCPrivacyTool\data\application\PhotoDraw 2000.scr
C:\Program Files\PCPrivacyTool\data\application\PhotoImpact 8.0.scr
C:\Program Files\PCPrivacyTool\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\PicoZip.scr
C:\Program Files\PCPrivacyTool\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\PCPrivacyTool\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\PCPrivacyTool\data\application\PolyView.scr
C:\Program Files\PCPrivacyTool\data\application\Popup Purger.scr
C:\Program Files\PCPrivacyTool\data\application\PopUpCop.scr
C:\Program Files\PCPrivacyTool\data\application\Power archiver.scr
C:\Program Files\PCPrivacyTool\data\application\PowerArc.scr
C:\Program Files\PCPrivacyTool\data\application\PowerDVD.scr
C:\Program Files\PCPrivacyTool\data\application\PowerZip.scr
C:\Program Files\PCPrivacyTool\data\application\Privacy Eraser Pro.scr
C:\Program Files\PCPrivacyTool\data\application\Putty hostkeys.scr
C:\Program Files\PCPrivacyTool\data\application\PYTHON.scr
C:\Program Files\PCPrivacyTool\data\application\QuickTime.scr
C:\Program Files\PCPrivacyTool\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\PCPrivacyTool\data\application\Real Download v4.scr
C:\Program Files\PCPrivacyTool\data\application\RealNetworks Real Download.scr
C:\Program Files\PCPrivacyTool\data\application\RealOne & RealPlayer.scr
C:\Program Files\PCPrivacyTool\data\application\RealVNC.scr
C:\Program Files\PCPrivacyTool\data\application\RegEdit.scr
C:\Program Files\PCPrivacyTool\data\application\Roxio Easy CD Creator.scr
C:\Program Files\PCPrivacyTool\data\application\Save Now.scr
C:\Program Files\PCPrivacyTool\data\application\Scour Exchange.scr
C:\Program Files\PCPrivacyTool\data\application\Seal Module Mlayer.scr
C:\Program Files\PCPrivacyTool\data\application\SearchAndBrowse.scr
C:\Program Files\PCPrivacyTool\data\application\SearchAnt.scr
C:\Program Files\PCPrivacyTool\data\application\SearchV.scr
C:\Program Files\PCPrivacyTool\data\application\SearchWolf.scr
C:\Program Files\PCPrivacyTool\data\application\SearchWWW.scr
C:\Program Files\PCPrivacyTool\data\application\SideStep.scr
C:\Program Files\PCPrivacyTool\data\application\Skype.scr
C:\Program Files\PCPrivacyTool\data\application\Smart Explorer.scr
C:\Program Files\PCPrivacyTool\data\application\SmartDraw 6.scr
C:\Program Files\PCPrivacyTool\data\application\smartftp.scr
C:\Program Files\PCPrivacyTool\data\application\SmartPops.scr
C:\Program Files\PCPrivacyTool\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\PCPrivacyTool\data\application\Sonique Player.scr
C:\Program Files\PCPrivacyTool\data\application\Spinner Plus.scr
C:\Program Files\PCPrivacyTool\data\application\SpotOn Browser plugin.scr
C:\Program Files\PCPrivacyTool\data\application\Staff-FTP.scr
C:\Program Files\PCPrivacyTool\data\application\Star Downloader.scr
C:\Program Files\PCPrivacyTool\data\application\Stardialer.scr
C:\Program Files\PCPrivacyTool\data\application\StarOffice 5.x.scr
C:\Program Files\PCPrivacyTool\data\application\SubmitWolf Pro.scr
C:\Program Files\PCPrivacyTool\data\application\Sun Java Cache.scr
C:\Program Files\PCPrivacyTool\data\application\SureThing CD Labeler.scr
C:\Program Files\PCPrivacyTool\data\application\SVAPlayer.scr
C:\Program Files\PCPrivacyTool\data\application\SWiSH 2.0.scr
C:\Program Files\PCPrivacyTool\data\application\Teleport Pro.scr
C:\Program Files\PCPrivacyTool\data\application\Telnet.scr
C:\Program Files\PCPrivacyTool\data\application\Text Pad 4.x.scr
C:\Program Files\PCPrivacyTool\data\application\The Playa.scr
C:\Program Files\PCPrivacyTool\data\application\Third Voice 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\Thumbs Plus 4.scr
C:\Program Files\PCPrivacyTool\data\application\Timesink.scr
C:\Program Files\PCPrivacyTool\data\application\TinyBar.scr
C:\Program Files\PCPrivacyTool\data\application\TOPicks.scr
C:\Program Files\PCPrivacyTool\data\application\Total Commander.scr
C:\Program Files\PCPrivacyTool\data\application\transponder.scr
C:\Program Files\PCPrivacyTool\data\application\Trellians Classify 98.scr
C:\Program Files\PCPrivacyTool\data\application\Tribal Voice's PowWow.scr
C:\Program Files\PCPrivacyTool\data\application\Trojan Remover.scr
C:\Program Files\PCPrivacyTool\data\application\TSADBOT.scr
C:\Program Files\PCPrivacyTool\data\application\UCmore toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead Photo Express.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\PCPrivacyTool\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\PCPrivacyTool\data\application\Ultimate Paint.scr
C:\Program Files\PCPrivacyTool\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\PCPrivacyTool\data\application\UltraEdit v4.scr
C:\Program Files\PCPrivacyTool\data\application\UltraEdit v7.scr
C:\Program Files\PCPrivacyTool\data\application\UltraEdit.scr
C:\Program Files\PCPrivacyTool\data\application\UltraISO 7.x.scr
C:\Program Files\PCPrivacyTool\data\application\uTorrent 1.x.scr
C:\Program Files\PCPrivacyTool\data\application\W32Dasm.scr
C:\Program Files\PCPrivacyTool\data\application\VBoxEdit.scr
C:\Program Files\PCPrivacyTool\data\application\Web Ferret v3.scr
C:\Program Files\PCPrivacyTool\data\application\WebFerret.scr
C:\Program Files\PCPrivacyTool\data\application\webhancer.scr
C:\Program Files\PCPrivacyTool\data\application\Wildstylz.scr
C:\Program Files\PCPrivacyTool\data\application\WildTangent.scr
C:\Program Files\PCPrivacyTool\data\application\WinAce.scr
C:\Program Files\PCPrivacyTool\data\application\winamp.scr
C:\Program Files\PCPrivacyTool\data\application\Windows Commander.scr
C:\Program Files\PCPrivacyTool\data\application\WinHTTrack Website Copier.scr
C:\Program Files\PCPrivacyTool\data\application\WinOnCD.scr
C:\Program Files\PCPrivacyTool\data\application\WinRar.scr
C:\Program Files\PCPrivacyTool\data\application\Winshow.scr
C:\Program Files\PCPrivacyTool\data\application\WinUAE.scr
C:\Program Files\PCPrivacyTool\data\application\Winupie.scr
C:\Program Files\PCPrivacyTool\data\application\WinVNC.scr
C:\Program Files\PCPrivacyTool\data\application\WinZip v8.scr
C:\Program Files\PCPrivacyTool\data\application\VirtualDub.scr
C:\Program Files\PCPrivacyTool\data\application\Wise Installer.scr
C:\Program Files\PCPrivacyTool\data\application\VMWARE.scr
C:\Program Files\PCPrivacyTool\data\application\Worm.Sobig.scr
C:\Program Files\PCPrivacyTool\data\application\Vueprint.scr
C:\Program Files\PCPrivacyTool\data\application\WurldMedia.scr
C:\Program Files\PCPrivacyTool\data\application\VX2 Respondmiter.scr
C:\Program Files\PCPrivacyTool\data\application\Xara 3D v4.x.scr
C:\Program Files\PCPrivacyTool\data\application\Xara Webstyle.scr
C:\Program Files\PCPrivacyTool\data\application\XDialer.scr
C:\Program Files\PCPrivacyTool\data\application\XING MP3 PLAYER.scr
C:\Program Files\PCPrivacyTool\data\application\XLoader.scr
C:\Program Files\PCPrivacyTool\data\application\Xolox.scr
C:\Program Files\PCPrivacyTool\data\application\Xrenoder.scr
C:\Program Files\PCPrivacyTool\data\application\Xupiter toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\Xzoomy.scr
C:\Program Files\PCPrivacyTool\data\application\Yahoo Player.scr
C:\Program Files\PCPrivacyTool\data\application\Yahoo! Toolbar.scr
C:\Program Files\PCPrivacyTool\data\application\Yamaha S-YXG100.scr
C:\Program Files\PCPrivacyTool\data\application\ZeroPopup.scr
C:\Program Files\PCPrivacyTool\data\application\ZipMagic 2000.scr
C:\Program Files\PCPrivacyTool\data\application\Zone Alarm.scr
C:\Program Files\PCPrivacyTool\data\brand.dat
C:\Program Files\PCPrivacyTool\data\firefox\Firefox - cache.scr
C:\Program Files\PCPrivacyTool\data\firefox\Firefox - cookies.scr
C:\Program Files\PCPrivacyTool\data\firefox\Firefox - history.scr
C:\Program Files\PCPrivacyTool\data\GDCW.exe
C:\Program Files\PCPrivacyTool\data\ie\ie cookies.scr
C:\Program Files\PCPrivacyTool\data\ie\ie internet cache.scr
C:\Program Files\PCPrivacyTool\data\ie\ie privacy history.scr
C:\Program Files\PCPrivacyTool\data\ie\ie typed urls.scr
C:\Program Files\PCPrivacyTool\data\ie\ie url history.scr
C:\Program Files\PCPrivacyTool\data\ie\windows autocomplete.scr
C:\Program Files\PCPrivacyTool\data\ie\windows downloaded files.scr
C:\Program Files\PCPrivacyTool\data\ie\windows favorites order.scr
C:\Program Files\PCPrivacyTool\data\ie\windows passwords.scr
C:\Program Files\PCPrivacyTool\data\messanger\aim.scr
C:\Program Files\PCPrivacyTool\data\messanger\AOL Bart.scr
C:\Program Files\PCPrivacyTool\data\messanger\AOL Instant Messenger.scr
C:\Program Files\PCPrivacyTool\data\messanger\aolim.scr
C:\Program Files\PCPrivacyTool\data\messanger\icq - download.scr
C:\Program Files\PCPrivacyTool\data\messanger\icq - logs.scr
C:\Program Files\PCPrivacyTool\data\messanger\Miranda ICQ.scr
C:\Program Files\PCPrivacyTool\data\messanger\MSN Messenger User Account.scr
C:\Program Files\PCPrivacyTool\data\messanger\Trillian cache.scr
C:\Program Files\PCPrivacyTool\data\messanger\trillian downloads.scr
C:\Program Files\PCPrivacyTool\data\messanger\trillian logs.scr
C:\Program Files\PCPrivacyTool\data\messanger\yahoo messenger logs.scr
C:\Program Files\PCPrivacyTool\data\messanger\Yahoo! Messenger.scr
C:\Program Files\PCPrivacyTool\data\mozilla\mozilla - autocomplete.scr
C:\Program Files\PCPrivacyTool\data\mozilla\mozilla - cache.scr
C:\Program Files\PCPrivacyTool\data\mozilla\mozilla - cookies.scr
C:\Program Files\PCPrivacyTool\data\mozilla\Mozilla - history.scr
C:\Program Files\PCPrivacyTool\data\mozilla\mozilla - saved passwords.scr
C:\Program Files\PCPrivacyTool\data\mozilla\Mozilla - typed urls.scr
C:\Program Files\PCPrivacyTool\data\netscape\netscape - cache.scr
C:\Program Files\PCPrivacyTool\data\netscape\netscape - cookies.scr
C:\Program Files\PCPrivacyTool\data\netscape\netscape - history.scr
C:\Program Files\PCPrivacyTool\data\netscape\Netscape Navigator - last trusted apps.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - cache.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - cookies.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - Download.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - history.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - misc.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - mru.scr
C:\Program Files\PCPrivacyTool\data\opera\Opera Browser - visited.scr
C:\Program Files\PCPrivacyTool\data\sfl.dat
C:\Program Files\PCPrivacyTool\data\skin.skn
C:\Program Files\PCPrivacyTool\data\srl.dat
C:\Program Files\PCPrivacyTool\data\windows\Direct Draw.scr
C:\Program Files\PCPrivacyTool\data\windows\direct input.scr
C:\Program Files\PCPrivacyTool\data\windows\last files.scr
C:\Program Files\PCPrivacyTool\data\windows\Microsoft Send-To Extensions.scr
C:\Program Files\PCPrivacyTool\data\windows\windows applog.scr
C:\Program Files\PCPrivacyTool\data\windows\windows documents.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows Downloaded Installations.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows Empty Recycle Bin.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows Explorer User Assistant history.scr
C:\Program Files\PCPrivacyTool\data\windows\windows findfile.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows FTP Accounts.scr
C:\Program Files\PCPrivacyTool\data\windows\windows hotfix uninstall.scr
C:\Program Files\PCPrivacyTool\data\windows\windows logfiles.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows Mapped Drives.scr
C:\Program Files\PCPrivacyTool\data\windows\windows media player 7.scr
C:\Program Files\PCPrivacyTool\data\windows\windows minidump.scr
C:\Program Files\PCPrivacyTool\data\windows\windows MUICache.scr
C:\Program Files\PCPrivacyTool\data\windows\windows network links.scr
C:\Program Files\PCPrivacyTool\data\windows\windows opensave.scr
C:\Program Files\PCPrivacyTool\data\windows\windows openwith.scr
C:\Program Files\PCPrivacyTool\data\windows\windows prefetch.scr
C:\Program Files\PCPrivacyTool\data\windows\windows reg history.scr
C:\Program Files\PCPrivacyTool\data\windows\windows run history.scr
C:\Program Files\PCPrivacyTool\data\windows\windows search.scr
C:\Program Files\PCPrivacyTool\data\windows\windows start menu order.scr
C:\Program Files\PCPrivacyTool\data\windows\windows stream history.scr
C:\Program Files\PCPrivacyTool\data\windows\windows temp.scr
C:\Program Files\PCPrivacyTool\data\windows\windows update.scr
C:\Program Files\PCPrivacyTool\data\windows\Windows XP Unread Mail Count.scr
C:\Program Files\PCPrivacyTool\default.ini
C:\Program Files\PCPrivacyTool\diagnosis.dat
C:\Program Files\PCPrivacyTool\GDC.exe
C:\Program Files\PCPrivacyTool\GDC.url
C:\Program Files\PCPrivacyTool\gfx\button_arrow.bmp
C:\Program Files\PCPrivacyTool\gfx\button_arrow2.bmp
C:\Program Files\PCPrivacyTool\gfx\buy.bmp
C:\Program Files\PCPrivacyTool\gfx\checked.bmp
C:\Program Files\PCPrivacyTool\gfx\custom.bmp
C:\Program Files\PCPrivacyTool\gfx\customcleanup.bmp
C:\Program Files\PCPrivacyTool\gfx\header.bmp
C:\Program Files\PCPrivacyTool\gfx\icon.ico
C:\Program Files\PCPrivacyTool\gfx\icon_about.ico
C:\Program Files\PCPrivacyTool\gfx\icon_checked.ico
C:\Program Files\PCPrivacyTool\gfx\icon_grayed.ico
C:\Program Files\PCPrivacyTool\gfx\icon_link.ico
C:\Program Files\PCPrivacyTool\gfx\icon_manual.ico
C:\Program Files\PCPrivacyTool\gfx\icon_quit.ico
C:\Program Files\PCPrivacyTool\gfx\icon_support.ico
C:\Program Files\PCPrivacyTool\gfx\icon_unchecked.ico
C:\Program Files\PCPrivacyTool\gfx\icon_uncheked.ico
C:\Program Files\PCPrivacyTool\gfx\icon_uninstall.ico
C:\Program Files\PCPrivacyTool\gfx\icon_update.ico
C:\Program Files\PCPrivacyTool\gfx\log.bmp
C:\Program Files\PCPrivacyTool\gfx\logo.bmp
C:\Program Files\PCPrivacyTool\gfx\register.bmp
C:\Program Files\PCPrivacyTool\gfx\settings.bmp
C:\Program Files\PCPrivacyTool\gfx\sign_green.bmp
C:\Program Files\PCPrivacyTool\gfx\sign_green_big.bmp
C:\Program Files\PCPrivacyTool\gfx\sign_red.bmp
C:\Program Files\PCPrivacyTool\gfx\sign_red_big.bmp
C:\Program Files\PCPrivacyTool\gfx\sign_yellow.bmp
C:\Program Files\PCPrivacyTool\gfx\splash.bmp
C:\Program Files\PCPrivacyTool\gfx\status_good.bmp
C:\Program Files\PCPrivacyTool\gfx\status_risk.bmp
C:\Program Files\PCPrivacyTool\gfx\support.bmp
C:\Program Files\PCPrivacyTool\gfx\sys_shield.bmp
C:\Program Files\PCPrivacyTool\gfx\sys_update.bmp
C:\Program Files\PCPrivacyTool\gfx\sysstatus.bmp
C:\Program Files\PCPrivacyTool\gfx\unchecked.bmp
C:\Program Files\PCPrivacyTool\gfx\update.bmp
C:\Program Files\PCPrivacyTool\lang\Arabic.lng
C:\Program Files\PCPrivacyTool\lang\Brazilian.lng
C:\Program Files\PCPrivacyTool\lang\Catalan.lng
C:\Program Files\PCPrivacyTool\lang\Chinese.lng
C:\Program Files\PCPrivacyTool\lang\Czech.lng
C:\Program Files\PCPrivacyTool\lang\Danish.lng
C:\Program Files\PCPrivacyTool\lang\Dutch.lng
C:\Program Files\PCPrivacyTool\lang\English.lng
C:\Program Files\PCPrivacyTool\lang\Finnish.lng
C:\Program Files\PCPrivacyTool\lang\French.lng
C:\Program Files\PCPrivacyTool\lang\German.lng
C:\Program Files\PCPrivacyTool\lang\Greek.lng
C:\Program Files\PCPrivacyTool\lang\Hebrew.lng
C:\Program Files\PCPrivacyTool\lang\Italian.lng
C:\Program Files\PCPrivacyTool\lang\Japanese.lng
C:\Program Files\PCPrivacyTool\lang\Malayan.lng
C:\Program Files\PCPrivacyTool\lang\Norwegian.lng
C:\Program Files\PCPrivacyTool\lang\Polish.lng
C:\Program Files\PCPrivacyTool\lang\Portuguese.lng
C:\Program Files\PCPrivacyTool\lang\Russian.lng
C:\Program Files\PCPrivacyTool\lang\Slovenian.lng
C:\Program Files\PCPrivacyTool\lang\Spanish.lng
C:\Program Files\PCPrivacyTool\lang\Swedish.lng
C:\Program Files\PCPrivacyTool\lang\Thai.lng
C:\Program Files\PCPrivacyTool\lang\Turkish.lng
C:\Program Files\PCPrivacyTool\License.rtf
C:\Program Files\PCPrivacyTool\plug\GDCPatch.exe
C:\Program Files\PCPrivacyTool\Readme.rtf
C:\Program Files\PCPrivacyTool\runtime
C:\Program Files\PCPrivacyTool\Scan_report.htm
C:\Program Files\PCPrivacyTool\support.url
C:\Program Files\PCPrivacyTool\unins000.dat
C:\Program Files\PCPrivacyTool\unins000.exe
C:\Program Files\PCPrivacyTool\updater.dat
C:\Program Files\PCPrivacyTool\updater.exe
C:\Program Files\PCPrivacyTool\ver.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\dwrmntsvrm.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-05 to 2008-02-05 )))))))))))))))))
.

2008-02-05 15:33 . 2008-02-05 15:33 <KANSIO> d-------- C:\VundoFix Backups
2008-02-05 14:43 . 2008-02-05 14:43 <KANSIO> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-05 14:42 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-05 14:41 . 2008-02-05 14:41 260,128 --a------ C:\Documents and Settings\Pasi Aho\Application Data\installer_en[1].exe
2008-02-04 23:31 . 2008-02-04 23:31 0 --a------ C:\23990098.$$$
2008-02-04 17:31 . 2008-02-03 21:40 270,336 --a------ C:\WINDOWS\afxlspw.dll
2008-02-04 17:31 . 2008-02-03 21:40 81,920 --a------ C:\WINDOWS\frplprg.exe
2008-02-04 13:39 . 2008-02-04 13:40 <KANSIO> d-------- C:\Program Files\Ahead
2008-02-04 13:39 . 2001-07-06 15:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-02-04 13:39 . 2001-07-06 13:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-02-04 13:39 . 2001-07-06 19:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-02-04 13:39 . 2001-07-09 12:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-04 13:39 . 2001-06-26 09:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-01-24 15:48 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-24 15:48 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-24 15:48 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-24 15:48 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-24 15:48 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-24 15:48 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-24 15:48 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-24 15:48 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Verkkoympäristö
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Verkkoympäristö
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Työpöytä
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Työpöytä
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Tulostinympäristö
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Tulostinympäristö
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Suosikit
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Suosikit
2008-01-23 19:40 . 2006-12-10 22:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Mallit
2008-01-23 19:40 . 2006-12-10 22:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Mallit
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Käynnistä-valikko
2008-01-23 19:40 . 2006-12-10 22:33 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PASI\Käynnistä-valikko
2008-01-20 16:34 . 2008-01-20 16:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Mallit

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 13:31 3,132 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-04 22:23 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-04 20:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 20:16 --------- d-----w C:\Program Files\Comodo
2008-02-04 20:16 --------- d-----w C:\Documents and Settings\Pasi Aho\Application Data\Comodo
2008-02-04 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-04 18:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-04 18:49 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-04 11:39 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-27 12:37 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-01-24 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-21 12:32 --------- d-----w C:\Documents and Settings\Pasi Aho\Application Data\Skype
2008-01-06 13:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-02 09:03 --------- d-----w C:\Program Files\DC++
2007-12-06 18:34 --------- d-----w C:\Program Files\Nokia
2007-12-06 18:34 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-23 13:33 139,008 ----a-w C:\WINDOWS\system32\guard32.dll
2007-11-19 10:25 22,328 ----a-w C:\Documents and Settings\Pasi Aho\Application Data\PnkBstrK.sys
2007-11-07 09:28 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-01-10 20:05 87,608 ----a-w C:\Documents and Settings\Pasi Aho\Application Data\ezpinst.exe
2007-01-10 20:05 47,360 ----a-w C:\Documents and Settings\Pasi Aho\Application Data\pcouffin.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739}

[HKEY_CLASSES_ROOT\clsid\{5ff6faca-cff7-499d-ab5b-8eea9ce80739}]
[HKEY_CLASSES_ROOT\edfqvrw.1]
[HKEY_CLASSES_ROOT\TypeLib\{FA97E13E-1DED-4851-B684-BAD36D8E29B3}]
[HKEY_CLASSES_ROOT\edfqvrw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00 335872]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Pasi Aho\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-31 16:49:35 344064]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-03 21:26:46 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"afxlspw"= {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll [2008-02-03 21:40 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 07:44]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 19:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 19:34:20
ComboFix-quarantined-files.txt 2008-02-05 17:33:56
.
2008-01-09 09:26:51 --- E O F ---

tdi · 05.02.2008

Logfile of HijackThis v1.99.1
Scan saved at 19:38:54, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: edfqvrw - {5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739} - C:\WINDOWS\edfqvrw.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165792260046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165848134140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: afxlspw - {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll
O21 - SSODL: bfrgnos - {334399CB-26F0-4895-AB55-98D0C8960F21} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Hujo · 05.02.2008

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: edfqvrw - {5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739} - C:\WINDOWS\edfqvrw.dll (file missing)
O20 - AppInit_DLLs:
O21 - SSODL: bfrgnos - {334399CB-26F0-4895-AB55-98D0C8960F21} - (no file)

==================

Lataa Killbox Option^Explicitiltä
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

Tallenna työpöydällesi.
Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
Valitse:
Delete on Reboot sitten klikkaa All Files valintaa.
Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\afxlspw.dll

Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön.
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.

tdi · 05.02.2008

Lataa Killbox Option^Explicitiltä
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

Tallenna työpöydällesi.
Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
Valitse:
Delete on Reboot sitten klikkaa All Files valintaa.
Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

kun painan tuota all files nappia niin mitään ei tapahdu

Hujo · 05.02.2008

se pitäs muuttua vihreäksi

mutta tossa ei ole kuin yksi tiedosto

tdi · 06.02.2008

all files näppi muuttuu vihreäksi mutta mitä teen sen jälkeen

Hujo · 06.02.2008

kopioit tuon rivin ==> C:\WINDOWS\afxlspw.dll

Valitse ylhäältä valikosta File ja sitten Paste from Clipboard.

Riville Full Path of File to Delete ilmestyy jokin annetuista poluista ja tiedosto näkyy rivin alapuolella sinisellä merkittynä jos se löytyy koneelta.Paina tämän jälkeen oikealla olevaa punaista ympyrää jossa on valkoinen rasti.

Haluatko buutata nyt ? Vastaa tähän Kyllä

Tämän jälkeen kone buuttaa itsensä. Jos ei buuttaa niin suorita toimenpide itse "käsin".

tdi · 06.02.2008

tehty

Hujo · 06.02.2008

otas sitten uusi hjt:n loki scannaten

tdi · 06.02.2008

tässä hjt...vielä on työpöydän taustakuvana se google

Logfile of HijackThis v1.99.1
Scan saved at 17:14:58, on 6.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165792260046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165848134140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: afxlspw - {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Hujo · 06.02.2008

Poista lisää poista sovelutuksesta

AdvancedCleaner Free

Poista vikasiedossa kansio

C:\Program Files\AdvancedCleaner Free

=================

scannaa hjt:llä merkkaa paina Fix checked

O21 - SSODL: afxlspw - {A9A0712A-0558-4E24-ACA6-8DD1C48B4973} - C:\WINDOWS\afxlspw.dll (file missing)

==============

klikkaa tyhjällä työpöydällä > hiiren oikean puoleisella napilla > valitse ominaisuudet > työpöytä välilehti > vaiha sieltä kuva

Käyttä ja ok

tdi · 06.02.2008

tuo google vielä kummittelee..se on sellainen lehti tuossa työpöydällä jota voi hiirellä klikkaamalla ja vetämällä pienentää/suurentaa

myös kaikki pikakuvakkeet on menneet siniseksi

Hujo · 06.02.2008

katos sitten tuolta

Klikkaa Käynnistä > ohjauspaneli > näyttö > Välilehti työpöytä > Mukauta työpöytä > web välilehti

Jos siellä on joku securiity poista se

============

Sammuta ja käynnistä kone.

===========

myös kaikki pikakuvakkeet on menneet siniseksi
Laajenna...

Kuvakkeiden alla se tekstivai?

Kirjaudu tai liity jäseneksi

viruksia koneella

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

tdi Regular member

Hujo Guest

tdi Regular member

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

viruksia koneella

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

tdi Regular member

Hujo Guest

tdi Regular member

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

tdi Regular member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja