Netti jumissa aina

HJT logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:31, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Taavi\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Joni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Taavi\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7644 bytes

 

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop Avg7Alrt
sc delete Avg7Alrt
sc stop Avg7UpdSvc
sc delete Avg7UpdSvc
sc stop "AVG Anti-Spyware Guard"
sc delete "AVG Anti-Spyware Guard"


Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

===========

scannaa hjt:llä merkkaa paina Fix checked

O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve')

 

Ei auttanu noi vinkit :/

Laitan sit vissiin koko winlootan uudestaa. HJT vielä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:59, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Joni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\hamachi\hamachi.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Taavi\BitComet\tools\BitCometBHO_1.1.11.30.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RTHDCPL] RTHDCPL.EXE

 

Loki ei ole kokonaan

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1805
Windows 5.1.2600 Service Pack 2

26.2.2009 10:27:15
mbam-log-2009-02-26 (10-27-15).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 261424
Kulunut aika: 1 hour(s), 2 minute(s), 26 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Siinä on just tuore Malwaren tuotos... Ja tässä sitten edellinen mainitsemani hjt-loki kokonaisuudessaan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:59, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Joni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\hamachi\hamachi.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Taavi\BitComet\tools\BitCometBHO_1.1.11.30.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Joni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Taavi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Taavi\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6968 bytes

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9 - Suomi
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced WindowsCare Personal
AGEIA PhysX v7.09.13
AoA MP4 Converter
Apple Mobile Device Support
Apple Software Update
AV Voice Changer Software DIAMOND 6.0
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Battlefield Vietnam(TM)
BitLord 1.1
Bonjour
BSPlayer
CCleaner (remove only)
CDDRV_Installer
CloneCD
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CSS FULL DZ [Oct 15 2007] v18.1
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
DC++ 0.699
Diablo II
Dungeon Keeper 2
EasyCleaner
EVEREST Ultimate Edition v4.20
ffdshow [rev 610] [2006-12-01]
foobar2000 v0.9.5.5
Free YouTube Download 2.2
Free YouTube to Mp3 Converter version 3.1
Futuremark SystemInfo
Guild Wars
Guitar Hero III
Hamachi 1.0.1.5
Hero Editor V0.96 (d:\jamellas hero editor asennettu\)
Heroes of Might and Magic IV: Winds of War
HijackThis 2.0.2
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Jazz Jackrabbit 2
KhalInstallWrapper
Leisure Suit Larry - Magna Cum Laude
Logitech Desktop Messenger
Logitech Gaming Software 5.02
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB936181)
Need for Speed Underground 2
Need for Speed™ ProStreet
Nero 8 Demo
neroxml
NVIDIA Drivers
Opera 9.27
oZone3D.Net FurMark v1.6.5
PDF Settings
Pocket Tanks
Postal 2 STP - Free Multiplayer Edition
PSP Video 9 4.04
PunkBuster for Battlefield Vietnam
QuickTime
Rats! 3.1
Realtek High Definition Audio Driver
RivaTuner v2.22
S.T.A.L.K.E.R. - Clear Sky [v1.0003]
SpeechRedist
SpeedFan (remove only)
Spybot - Search & Destroy
Starcraft
Subtitle Workshop 2.51
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)
Suojauspäivitys Windows XP:lle (KB923789)
System Requirements Lab
Tweak UI
Uninstall 1.0.0.0
Unreal Tournament
Unreal Tournament 2004
VCRedistSetup
We Got Explosives! 2.0
Ventrilo Client
Videora iPod Converter 4.04
Winamp
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR archiver
VobSub v2.23 (Remove Only)
Wolfenstein - Enemy Territory
Worms Armageddon - New Edition
Xbox 360 Controller for Windows
Xfire (remove only)
YouTube Downloader App 1.01

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-02-26.02 - Joni 2009-02-27 10:09:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.2047.1597 [GMT 2:00]
Sijainti: c:\documents and settings\Joni\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-27 to 2009-02-27 )))))))))))))))))
.

2009-02-26 09:21 . 2009-02-26 09:21 <KANSIO> d-------- C:\Malwarebytes' Anti-Malware
2009-02-25 17:04 . 2009-02-25 17:53 139,264 --a------ c:\windows\War3Unin.exe
2009-02-25 17:04 . 2009-02-25 17:57 61,028 --a------ c:\windows\War3Unin.dat
2009-02-25 17:04 . 2009-02-25 17:53 2,829 --a------ c:\windows\War3Unin.pif
2009-02-24 10:34 . 2009-02-24 10:34 <KANSIO> d-------- C:\Spybot - Search & Destroy
2009-02-24 08:53 . 2009-02-26 18:23 <KANSIO> d-------- C:\Hijackthis
2009-02-23 12:02 . 2009-02-23 12:02 <KANSIO> d-------- c:\program files\directx
2009-02-23 12:02 . 2009-02-23 12:02 <KANSIO> d-------- C:\Dx8
2009-02-23 09:25 . 2009-02-23 10:28 <KANSIO> d-------- C:\CPU-Z 1.5
2009-02-22 13:53 . 2009-02-22 13:54 <KANSIO> d-------- C:\DirectX9c
2009-02-22 13:45 . 2009-02-22 13:45 <KANSIO> d-------- C:\DX eraser
2009-02-20 18:39 . 2009-02-20 18:39 <KANSIO> d-------- C:\Real Temp
2009-02-20 18:34 . 2009-01-23 22:47 <KANSIO> d-a------ C:\64 bit
2009-02-20 18:34 . 2009-02-20 18:35 <KANSIO> d-a------ C:\32 bit
2009-02-09 22:09 . 2009-02-09 22:09 <KANSIO> d-------- C:\FurMark_v1.6.5
2009-02-09 21:48 . 2009-02-09 21:48 <KANSIO> d-------- C:\RivaTuner
2009-02-09 20:32 . 2009-02-09 20:33 <KANSIO> d-------- C:\Prime95
2009-02-08 15:51 . 2009-02-08 15:54 94,208 --a------ c:\windows\ScUnin.exe
2009-02-08 15:51 . 2009-02-08 15:54 26,458 --a------ c:\windows\scunin.dat
2009-02-08 15:51 . 2009-02-08 15:54 967 --a------ c:\windows\ScUnin.pif
2009-02-05 22:50 . 2009-02-05 22:50 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-05 19:12 . 2009-02-26 21:02 <KANSIO> d-------- c:\windows\Eurobattle.net Installer
2009-02-03 17:51 . 2009-02-03 17:51 <KANSIO> d-------- c:\documents and settings\Joni\Application Data\Disney Interactive Studios
2009-02-03 17:47 . 2009-02-03 17:47 <KANSIO> d-------- c:\documents and settings\Joni\Application Data\DAEMON Tools Pro
2009-02-03 17:46 . 2009-02-03 17:46 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-03 17:45 . 2009-02-03 17:45 <KANSIO> d-------- c:\program files\DAEMON Tools Lite
2009-02-03 17:41 . 2009-02-03 17:47 <KANSIO> d-------- c:\documents and settings\Joni\Application Data\DAEMON Tools Lite
2009-02-03 12:40 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-02-03 12:40 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-02-03 12:40 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-02-03 12:40 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-02-03 12:40 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-02-03 12:40 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-02-03 12:40 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-02-02 10:00 . 2009-02-02 10:00 754 --a------ c:\windows\WORDPAD.INI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 08:07 --------- d-----w c:\documents and settings\Joni\Application Data\Xfire
2009-02-26 19:34 --------- d-----w c:\program files\Jazz Jackrabbit 2
2009-02-26 19:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 19:30 --------- d-----w c:\program files\Windows Live
2009-02-26 19:29 --------- d-----w c:\program files\Red Kawa
2009-02-26 19:04 --------- d-----w c:\documents and settings\Joni\Application Data\Hamachi
2009-02-26 17:47 --------- d-----w c:\program files\SpeedFan
2009-02-26 17:20 --------- d-----w c:\documents and settings\Joni\Application Data\foobar2000
2009-02-24 17:27 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 17:27 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-24 13:55 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-24 08:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 15:37 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-02-23 15:36 --------- d-----w c:\program files\Xfire
2009-02-23 07:16 --------- d-----w c:\program files\CPU-Z
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 18:28 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-03 15:47 --------- d-----w c:\documents and settings\Joni\Application Data\DAEMON Tools
2009-02-03 15:42 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-02 18:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-27 05:17 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-27 05:17 249,856 ------w c:\windows\Setup1.exe
2009-01-18 11:55 --------- d-----w c:\program files\softien asennukset
2009-01-05 18:17 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-02 20:49 --------- d-----w c:\documents and settings\Joni\Application Data\XRay Engine
2009-01-02 19:20 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-02 19:20 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-02 16:13 --------- d-----w c:\documents and settings\Joni\Application Data\Bioshock
2009-01-01 08:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7
2008-12-30 12:41 --------- d-----w c:\program files\AoA MP4 Converter
2008-12-30 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 00:05 --------- d-----w c:\program files\AviSynth 2.5
2008-12-21 21:46 351,744 ----a-w c:\windows\system32\avisynth.dll
2008-12-12 19:34 108 ----a-w c:\program files\save.ms3
2008-12-06 21:36 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2002-11-08 17:02 1,383,725 ----a-w c:\program files\mario3.exe
2002-08-13 11:05 10,999 ----a-w c:\program files\bonus.zik
2002-08-13 11:04 72,958 ----a-w c:\program files\boss1.zik
2002-08-13 11:04 43,369 ----a-w c:\program files\carte1.zik
2002-08-13 11:04 41,526 ----a-w c:\program files\carte2.zik
2002-08-13 11:04 27,789 ----a-w c:\program files\chateau1.zik
2002-08-13 11:04 25,500 ----a-w c:\program files\cave.zik
2002-08-13 11:03 26,937 ----a-w c:\program files\chateau2.zik
2002-08-13 11:03 26,411 ----a-w c:\program files\clear2.zik
2002-08-13 11:03 17,121 ----a-w c:\program files\clear1.zik
2002-08-13 11:03 12,371 ----a-w c:\program files\goal.zik
2002-08-13 11:01 74,700 ----a-w c:\program files\intro.zik
2002-08-13 11:01 65,570 ----a-w c:\program files\musique1.zik
2002-08-13 11:01 47,661 ----a-w c:\program files\musique2.zik
2002-08-13 11:01 26,081 ----a-w c:\program files\perdu.zik
2002-08-13 11:01 20,883 ----a-w c:\program files\miss.zik
2002-08-13 11:00 13,879 ----a-w c:\program files\select.zik
2002-08-11 15:09 11,675 ----a-w c:\program files\challenge.zik
2002-08-09 12:25 31,039 ----a-w c:\program files\invincible.zik
2002-08-09 12:25 15,744 ----a-w c:\program files\powzik.zik
2002-07-22 11:55 1,720 ----a-w c:\program files\vite.zik
2002-07-22 09:53 10,011 ----a-w c:\program files\gameover.zik
2002-07-11 11:57 285,696 ----a-w c:\program files\cncs232.dll
2001-07-29 22:00 92,660 ----a-w c:\program files\bass.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"w3dr.exe"="g:\warcraft iii\w3dr.exe" [2008-08-03 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-15 15360]

c:\documents and settings\Joni\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-05 3008336]

c:\documents and settings\All Users\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-06 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"g:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"g:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"10050:TCP"= 10050:TCP:BitComet 10050 TCP
"10050:UDP"= 10050:UDP:BitComet 10050 UDP

R2 NwSapAgent;SAP-agentti;c:\windows\system32\svchost.exe -k netsvcs [2003-04-25 14336]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\Common Files\Microsoft Shared\Speech\csvd.exe [2009-02-08 17238528]
S3 cpuz131;cpuz131;\??\c:\docume~1\Joni\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Joni\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-11-12 22640]
S3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [2006-08-24 477696]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\taavi\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\taavi\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\taavi\BitComet\BitComet.exe/AddAllLink.htm
IE: &Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: &Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Joni\Application Data\Mozilla\Firefox\Profiles\1yy5cdpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 10:10:10
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-1214440339-152049171-725345543-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,f7,5f,69,0b,51,c3,6b,0d,79,ab,04,bf,b4,aa,de,7f,00,58,5e,59,57,9b,
98,bf,c9,02,f6,7a,de,97,0c,02,9d,bf,b2,86,a5,88,96,5a,af,3b,52,9b,9f,4e,04,\
"??"=hex:db,43,95,f1,16,69,da,3c,26,ab,01,44,d8,6f,63,4a

[HKEY_USERS\S-1-5-21-1214440339-152049171-725345543-1005\Software\SecuROM\License information*]
"datasecu"=hex:1b,c9,fe,cc,a8,67,18,48,27,07,60,59,9b,3e,17,f2,80,26,6a,52,2f,
ff,e2,11,cb,d0,5e,fd,2c,3c,cf,eb,90,3c,c9,cf,72,f1,33,7d,c5,28,8c,33,05,97,\
"rkeysecu"=hex:78,03,74,5a,aa,a3,32,82,44,db,b5,b7,ae,c3,c5,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ëcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-02-27 10:11:37
ComboFix-quarantined-files.txt 2009-02-27 08:11:35
ComboFix2.txt 2008-10-10 10:58:34

Ennen ajoa: 54 298 120 192 tavua vapaana
Ajon jälkeen: 54,281,879,552 tavua vapaana

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
231 --- E O F --- 2008-10-15 14:12:25


Tuli mieleen et tarkistaako toi noi muutkin kovalevyt ku ton C:n?

 

Kirjoita Suorita luukkuun

ComboFix /u

Klikkaa OK

==============

Niin meinaat Malwarebytes' Anti-Malware ajoo päivitä ensin

 

Kiitokset avusta, nyt rupes toimimaan