örkkejä koneella+hjt

elikkäpä kone on aika pahasti saastunut pop-uppeja heittää ja kotisivu vaihtuu ym, olen ajanut nyt läpi virustutkaa ja ad-aweren, mutta virustorjunta heittää kokoajan tälläistä samaa varoitusta ja siitä ei päääse eroon laitan sen kuvana: http://img119.imageshack.us/img119/42/virus5po.png

ja tässä hjt loki:
Logfile of HijackThis v1.99.1
Scan saved at 17:07:58, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
E:\New Folder\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\program files\zango\zango.exe
C:\windows\mousepad5.exe
C:\Creative\MediaSource\Detector\CTDetect.exe
F:\STImgBrowser.exe
E:\New Folder\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
E:\New Folder\Digital Imaging\bin\hpqimzone.exe
E:\New Folder\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.myrsky.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kymp.net:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O2 - BHO: tisa.MyBHO - {9B053E00-78D3-47AE-B763-60FF36FF2886} - C:\WINDOWS\system32\tisa.dll
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] E:\New Folder\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [lwtkf] C:\WINDOWS\lwtkf.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\New Folder\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\New Folder\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134257042281
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.28.44.184/activex/AxisCamControl.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12110/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\WinStylerThemeSvc.exe

kiitän jo etukäteen erittäin paljon vastaamaan vaivautuneita

edit. niin unohtui mainita että vaikka olen ad-awaren ja spybotin ajanut läpi monta kertaa niin silti tulee kokoajan windowsin varoituksia että on löytynyt spyware-ohjelmia.

 

Ohjauspaneelin lisää / poista sovelluksilla poista seuraava(nimet voi olla hieman erilaisia mitä tässä):

Zango
trustin bar
Admanager Controller
SearchRelevancy

Lataa ewido
http://keskustelu.afterdawn.com/thread_view.cfm/269186
asenna ja päivitä, ei tartte skannata vielä.

imuroi BFU.zip http://www.merijn.org/files/bfu.zip
pura se työpöydälle
käynnistä bfu.exe ja klikkaa nappia "web" kuten alla olevassa kuvassa


kopioi seuraava rivi "Download script"-ikkunaan :
http://metallica.geekstogo.com/alcanshorty.bfu

käynnistä skripti klikkaamalla Execute-nappia.

Sitten paina uudestaan Download script ikkunaa ja kopioi vuorostaan tämä sinne
http://metallica.geekstogo.com/MediaGateway.BFU

Ja taas käynnistä skripti klikkaamalla Execute-nappia.

jos bfu:n käytössä on ongelmia, löytyy seuraavasta linkistä lisää ohjeita:
http://metallica.geekstogo.com/BFUinstructions.html

Seuraavaksi sulje kaikki ikkunat, avaa HijackThis, paina do a system scan only ja merkkaa nämä (jos löytyy):

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: tisa.MyBHO - {9B053E00-78D3-47AE-B763-60FF36FF2886} - C:\WINDOWS\system32\tisa.dll
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [lwtkf] C:\WINDOWS\lwtkf.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab[/b]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

Ja paina fix cheked

Seuraavaksi käynnistä koneesi vikasietotilaan näpyttämällä F8:a käynnistyksen yhteydessä
http://www.pchell.com/support/safemode.shtml

Laita piilotiedostot näkyviin:

* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.

Vikasietotilassa poista seuraavat tiedostot tai kansiot mikäli löytyy:

C:\Program Files\->SEARCH~2
c:\program files\->zango
C:\WINDOWS\->DH.dll
C:\WINDOWS\system32\->tisa.dll
C:\Program Files\->trustin bar
C:\WINDOWS\system32\->iasada.dll
C:\Program Files\->Admanager Controller
C:\WINDOWS\->lwtkf.exe
C:\windows\->keyboard5.exe
C:\windows\->newname5.exe
C:\WINDOWS\->wupdmgr.exe
C:\WINDOWS\->osaupd.exe
C:\windows\->mousepad5.exe

Poistojen jälkeen piilota piilotiedostot ja aja Ewidolla full system scan ohjeiden mukaisesti ja tallenna raportti.

Tämän jälkeen käynnistä tietokone uudelleen päästäksesi takaisin normaalitilaan ja normaalitilassa lähetä uusi HijackThis loki sekä Ewidon raportti.

 

isointa osaa noista mitä hjt:llä olisi pitänyt ottaa niin ei löytynyt ja samaten noista mitkä piti poistaa vikasietotilassa, mutta tässä uusi loki:

Logfile of HijackThis v1.99.1
Scan saved at 21:27:06, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
D:\ewido\ewido anti-malware\ewidoctrl.exe
D:\ewido\ewido anti-malware\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
E:\New Folder\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\taskdir.exe
F:\STImgBrowser.exe
E:\New Folder\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
E:\New Folder\Digital Imaging\bin\hpqimzone.exe
E:\New Folder\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Mozilla\firefox.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.myrsky.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kymp.net:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] E:\New Folder\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Creative Detector] C:\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\New Folder\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\New Folder\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134257042281
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.28.44.184/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12110/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - D:\ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\WinStylerThemeSvc.exe

ja ewidon loki

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:25:38, 3/23/2006
+ Report-Checksum: F68D14AE

+ Scan result:

HKLM\SOFTWARE\AZESearchCo -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator.1 -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr.1 -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1 -> Adware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a19ef336-01d4-48e6-926a-fe7e1c747aed} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-448539723-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-448539723-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-448539723-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-448539723-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-448539723-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned with backup
[576] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[248] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[264] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[476] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[428] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[368] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
[1956] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
:mozilla.84:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Top-banners : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Searchingbooth : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Kale\Application Data\Mozilla\Firefox\Profiles\jej19swm.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Kale\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-4eefbe2a-5dcebe19.zip/Counter.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Kale\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-4eefbe2a-5dcebe19.zip/VerifierBug.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Kale\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-4eefbe2a-5dcebe19.zip/Xeyond.class -> Trojan.Femad : Cleaned with backup
C:\Documents and Settings\Kale\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-4eefbe2a-5dcebe19.zip/web.exe -> Dropper.Small.ja : Cleaned with backup
C:\Documents and Settings\Kale\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-78b47a5f.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@tahitiannoniintl.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kale\Cookies\kale@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\hijack\backups\backup-20060323-200647-852.dll -> Adware.Azesearch : Cleaned with backup
C:\hijack\backups\backup-20060323-200649-955.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\Program Files\TrustIn Search\uninstall.exe -> Adware.Azesearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-448539723-1958367476-725345543-1003\Dc5\trustin.dll -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\azesearch4.ocx -> Adware.AzSearch : Cleaned with backup
C:\WINDOWS\system32\loader.exe -> Downloader.Small.cob : Cleaned with backup
C:\WINDOWS\system32\SahAgent.exe -> Adware.ShopAtHome : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__taskdir.dll -> Proxy.Lager.aq : Cleaned with backup
C:\WINDOWS\tas.exe -> Adware.Azesearch : Cleaned with backup
C:\WINDOWStab.exe -> Adware.Azesearch : Cleaned with backup


::Report End

 

Joo teit ihan niinkun pitikin, mutta sieltä paljastu yks troijalainen vielä eli fiksaa HijackThissillä tämä:

O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

Ja poista nämä vikasietotilassa (laita piilotiedostot näkyviin jos ei löydy)

C:\WINDOWS\system32\->taskdir.exe
C:\WINDOWS\system32->zlbw.dll
C:\WINDOWS\system32->comdlj32.dll

Tyhjennä roskakori ja lähetä uusi HijackThis loki.

 

näitä kahta ei löytynyt C:\WINDOWS\system32\->taskdir.exe ja C:\WINDOWS\system32->comdlj32.dll mutta tässä uusi hjt

Logfile of HijackThis v1.99.1
Scan saved at 17:18:36, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
E:\New Folder\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Creative\MediaSource\Detector\CTDetect.exe
F:\STImgBrowser.exe
E:\New Folder\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
E:\New Folder\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
D:\ewido\ewido anti-malware\ewidoctrl.exe
D:\ewido\ewido anti-malware\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
E:\New Folder\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
E:\New Folder\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mozilla\firefox.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.myrsky.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kymp.net:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] E:\New Folder\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Creative Detector] C:\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\New Folder\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\New Folder\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134257042281
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.28.44.184/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12110/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - D:\ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\WinStylerThemeSvc.exe

 

Joo, loki näyttää puhtaalta mutta suosittelisin vahvasti ajamaan vielä jonkun online scannerin kuten jonkun näistä:
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
http://www.pandasoftware.com/activescan (ei poista vakoiluohjelmia)
Jos se löytää vielä paljon pahiksia, tai jos se ei pysty poistamaan jotain tiedostoa, niin ilmoita.

 

joo ajoin noita nyt läpi ja ne poistivat jotain, mutta kiitos paljon avusta!!