Kinkkisempi ongelma (hjt loki)

No niin, aloitetaanpa sitten. Ongelmana on omituinen haittaohjelma joka on koneella. Ainoa miten se näkyy minulle on siten,että en pääse Internet Explorerilla (tai Avant Browserilla) Internetiin. Firefox toimii normaalisti ja sitä käytän tälläkin hetkellä. Tämä ongelma alkoi toissapäivänä ja en ole surffailut tai ladannut mitään ylimääräistä tässä välissä. Jostain jotain on kuitenkin puikahtanut joten tässä logia hjt:stä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:53, on 4.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Canon\MyPrinter\BJMyPrt.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
E:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
E:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Logitech\Easy Synchronization\servicestub.exe
E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
E:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
E:\Program Files\NetLimiter 2 Pro\nlsvc.exe
E:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\NetLimiter 2 Pro\NLClient.exe
E:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5757
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Win32 Firewall] E:\DOCUME~1\kaitsu\LOCALS~1\Temp\769.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] E:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={67F21F6F-0859-4F02-B7C4-C325FE9BC065}; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"https://skillgames.nordicbet.com/w/v/client/info?locale=fi&channelId=_3841729467&titleId=13&partnerCode=nordicbet&action=auth&ticket=b71cd2883754f7bf96eb2c805bbc79ea%3Akaitchu&accountId=631733"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gearsin asetukset - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - E:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: CasinoJoyEuro - {6CA050F7-DCA6-451D-BDED-875971627740} - http://www.CasinoJoy.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: CasinoJoyEuro - {6CA050F7-DCA6-451D-BDED-875971627740} - http://www.CasinoJoy.com (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208583781976
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/helpson/fscax.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9a544ff7627e4) (gupdate1c9a544ff7627e4) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - E:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15601 bytes


Kokeillut olen vikasietotilassa ajaa AVG:n ja F-secure Internet security 2009 --> ei vaikutusta --> ajanut myös combofix.exen (jota täällä jossain oli neuvottu) ja tämmöisen lokin se pukkasi:

ComboFix 09-07-03.03 - Järjestelmänvalvoja 04.07.2009 15:19.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2046.1769 [GMT 3:00]
Sijainti: e:\documents and settings\kaitsu\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: e:\documents and settings\kaitsu\Työpöytä\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: F-Secure Internet Security 2009 9.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2009 9.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\recycler\S-1-5-21-5273952553-1918051728-660597187-0103\rundll32.exe
e:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
e:\windows\system32\tmp.reg
K:\install.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-06-04 to 2009-07-04 )))))))))))))))))
.

2009-07-04 12:08 . 2009-07-04 12:08 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Malwarebytes
2009-07-04 12:08 . 2009-06-17 08:27 38160 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 12:08 . 2009-07-04 12:08 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 12:08 . 2009-07-04 12:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-07-04 12:08 . 2009-06-17 08:27 19096 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-07-04 11:46 . 2009-07-04 11:46 -------- d-----w- e:\program files\Trend Micro
2009-07-03 06:37 . 2009-06-29 16:52 327688 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgldx86.sys
2009-07-03 06:37 . 2009-06-29 16:52 2167576 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgresf.dll
2009-07-03 06:37 . 2009-06-29 16:52 3402008 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-07-03 06:37 . 2009-06-29 16:52 1204504 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgabout.dll
2009-07-03 06:37 . 2009-06-29 16:52 337176 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avglogx.dll
2009-07-03 06:37 . 2009-06-29 16:52 829208 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcfgx.dll
2009-07-03 06:37 . 2009-06-29 16:52 3298072 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-07-03 06:36 . 2009-06-29 16:46 1085208 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.exe
2009-07-03 06:36 . 2009-06-29 16:46 1454360 ----a-w- e:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-07-02 13:20 . 2009-03-09 12:27 453456 ----a-w- e:\windows\system32\d3dx10_41.dll
2009-07-02 13:20 . 2009-03-09 12:27 1846632 ----a-w- e:\windows\system32\D3DCompiler_41.dll
2009-07-02 13:20 . 2009-03-16 11:18 69448 ----a-w- e:\windows\system32\XAPOFX1_3.dll
2009-07-02 13:20 . 2009-03-16 11:18 517448 ----a-w- e:\windows\system32\XAudio2_4.dll
2009-07-02 13:20 . 2009-03-09 12:27 4178264 ----a-w- e:\windows\system32\D3DX9_41.dll
2009-07-02 13:20 . 2009-03-16 11:18 235352 ----a-w- e:\windows\system32\xactengine3_4.dll
2009-07-02 06:07 . 2009-07-02 06:07 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Apple Computer
2009-07-02 06:07 . 2009-07-02 06:07 -------- d-----w- e:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-02 06:06 . 2009-07-02 06:07 -------- d-----w- e:\documents and settings\All Users\Application Data\Apple Computer
2009-07-02 06:06 . 2009-07-02 06:06 -------- d-----w- e:\documents and settings\kaitsu\Local Settings\Application Data\Apple
2009-07-02 06:04 . 2009-07-02 06:07 -------- d-----w- e:\documents and settings\kaitsu\Local Settings\Application Data\Apple Computer
2009-06-30 15:40 . 2009-06-30 15:42 -------- d-----w- e:\program files\Easy DVD Creator
2009-06-30 15:37 . 2009-06-30 15:37 -------- d-----w- e:\program files\Xilisoft
2009-06-19 09:57 . 2009-06-19 09:57 -------- d-sh--w- e:\documents and settings\kaitsu\PrivacIE
2009-06-19 03:39 . 2009-06-19 03:39 -------- d-----r- e:\documents and settings\LocalService\Suosikit
2009-06-19 03:38 . 2009-06-19 03:38 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2009-06-18 10:55 . 2009-06-18 10:55 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Locktime
2009-06-18 10:53 . 2009-06-18 10:53 -------- d-----w- e:\documents and settings\All Users\Application Data\Locktime
2009-06-18 10:53 . 2009-06-18 10:53 -------- d-----w- e:\program files\NetLimiter 2 Pro
2009-06-17 15:44 . 2009-06-17 15:44 -------- d-sh--w- e:\documents and settings\kaitsu\IETldCache
2009-06-17 15:41 . 2009-04-30 21:16 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2009-06-17 15:41 . 2009-04-30 21:16 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2009-06-17 15:41 . 2009-06-17 15:41 -------- d-----w- e:\windows\ie8updates
2009-06-17 15:40 . 2009-05-12 05:11 102912 -c----w- e:\windows\system32\dllcache\iecompat.dll
2009-06-17 15:38 . 2009-06-17 15:40 -------- dc-h--w- e:\windows\ie8
2009-06-13 04:08 . 2009-07-03 19:09 -------- d-----w- e:\documents and settings\kaitsu\Application Data\DC++
2009-06-13 04:08 . 2009-06-13 04:08 -------- d-----w- e:\documents and settings\kaitsu\Local Settings\Application Data\DC++
2009-06-11 16:15 . 2009-06-11 16:15 -------- d-----w- e:\program files\Total Video Converter
2009-06-11 16:05 . 2009-06-11 16:09 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Any Video Converter Professional
2009-06-11 16:05 . 2009-06-11 16:09 -------- d-----w- e:\program files\Any Video Converter Professional
2009-06-10 16:34 . 2009-06-10 16:34 -------- d-----w- e:\documents and settings\kaitsu\Application Data\ImTOO Software Studio
2009-06-10 16:18 . 2009-06-10 16:20 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Orbit
2009-06-05 18:02 . 2009-06-18 10:47 -------- d-----w- E:\X-Men TAS [HQ] Season 1-5
2009-06-04 13:34 . 2009-06-04 13:34 390664 ----a-w- e:\documents and settings\kaitsu\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 12:13 . 2008-04-19 06:04 -------- d-----w- e:\program files\Spybot - Search & Destroy
2009-07-04 12:03 . 2008-04-19 05:06 -------- d-----w- e:\documents and settings\kaitsu\Application Data\uTorrent
2009-07-04 04:50 . 2008-04-19 03:12 -------- d-----w- e:\program files\Avant Browser
2009-07-04 04:39 . 2009-04-04 09:15 -------- d-----w- e:\program files\F-Secure Internet Security
2009-07-03 06:36 . 2008-08-10 11:49 335752 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-07-02 17:21 . 2008-04-19 05:58 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Skype
2009-07-02 16:48 . 2008-10-10 15:21 -------- d-----w- e:\documents and settings\kaitsu\Application Data\LimeWire
2009-07-02 14:12 . 2008-04-25 14:13 -------- d-----w- e:\documents and settings\kaitsu\Application Data\skypePM
2009-07-02 06:06 . 2008-07-06 12:51 -------- d-----w- e:\program files\QuickTime
2009-06-29 16:52 . 2008-08-10 11:49 11952 ----a-w- e:\windows\system32\avgrsstx.dll
2009-06-29 16:52 . 2008-08-10 11:49 27784 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-06-19 23:45 . 2009-03-15 08:06 -------- d-----w- e:\program files\Google
2009-06-14 11:48 . 2008-04-19 05:03 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Hamachi
2009-06-14 09:10 . 2008-04-20 06:22 -------- d-----w- e:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-13 12:55 . 2008-04-18 19:44 150016 ----a-w- e:\documents and settings\kaitsu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 07:35 . 2001-10-09 12:00 84954 ----a-w- e:\windows\system32\perfc00B.dat
2009-06-13 07:35 . 2001-10-09 12:00 417388 ----a-w- e:\windows\system32\perfh00B.dat
2009-06-11 16:07 . 2008-10-23 19:15 -------- d---a-w- e:\documents and settings\All Users\Application Data\TEMP
2009-06-10 16:33 . 2008-12-09 18:56 -------- d-----w- e:\program files\ImTOO
2009-06-06 07:09 . 2008-04-18 19:41 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-06-02 17:57 . 2009-06-02 17:57 10134 ----a-r- e:\documents and settings\kaitsu\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-02 17:57 . 2009-06-02 17:57 -------- d-----w- e:\program files\Microsoft WSE
2009-05-31 14:11 . 2008-04-19 16:06 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Camfrog
2009-05-30 12:12 . 2009-05-30 12:12 499984 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\g\greatgalaxycasinobonus.55dde164a6c32cf7a5be1bb8e3746043.dll
2009-05-30 12:03 . 2009-05-30 12:03 380928 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus_tggg.e66cbfaf93bc06e345be6dacdf926516.dll
2009-05-30 11:27 . 2009-05-30 11:27 94208 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\s\statsgeneralplugin.efa02b50f3fc7221b8a2e25b6f85e7f2.dll
2009-05-30 11:26 . 2009-05-30 11:26 602112 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemplugin.8bab8c085fa07ba1585b7c1441b0a6b2.dll
2009-05-30 11:26 . 2009-05-30 11:26 528384 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemxxx.ecf01ad5591cce11875fb8851db8f0d5.dll
2009-05-30 11:25 . 2009-05-30 11:25 126976 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2009-05-30 11:25 . 2009-05-30 11:25 413696 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2009-05-30 11:25 . 2009-05-30 11:25 225280 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2009-05-30 11:25 . 2009-05-30 11:25 126976 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.044e0fc76ee8cda8665503293a47d38a.dll
2009-05-30 11:11 . 2009-05-30 11:11 884736 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\f\fatladybonus.1bbd616c1ce52b392c6981c202173fe7.dll
2009-05-30 11:02 . 2009-05-30 11:02 483600 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2009-05-30 11:02 . 2009-05-30 11:02 594192 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll
2009-05-30 11:01 . 2009-05-30 11:01 561424 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2009-05-30 11:01 . 2009-05-30 11:01 303204 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-05-30 11:00 . 2009-05-30 11:00 311398 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-05-30 11:00 . 2009-05-30 11:00 327784 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-05-30 10:59 . 2009-05-30 10:59 524560 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-05-30 10:59 . 2009-05-30 10:59 307472 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-05-30 10:59 . 2009-05-30 10:59 1249399 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-05-30 10:59 . 2009-05-30 10:59 266512 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-05-30 10:59 . 2009-05-30 10:59 421888 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.1c162fe7d84ae2474bd7b723f1aae37c.dll
2009-05-30 10:59 . 2009-05-30 10:59 1904753 ----a-w- e:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-05-30 10:36 . 2009-05-30 10:36 2311 ----a-w- e:\documents and settings\All Users\Application Data\xml6B4.tmp
2009-05-30 10:36 . 2009-05-30 10:36 13407 ----a-w- e:\documents and settings\All Users\Application Data\xml6B3.tmp
2009-05-30 10:36 . 2009-05-30 10:36 8519 ----a-w- e:\documents and settings\All Users\Application Data\xml6B2.tmp
2009-05-30 10:35 . 2009-05-30 10:35 -------- d-----w- e:\program files\SiSoftware
2009-05-29 15:24 . 2009-05-29 15:24 -------- d-----w- e:\program files\PanaVue
2009-05-28 12:45 . 2009-05-07 15:45 25 ---h--w- e:\windows\koo.dat
2009-05-17 14:32 . 2008-08-17 05:31 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2009-05-13 05:06 . 2001-10-09 12:00 915456 ----a-w- e:\windows\system32\wininet.dll
2009-05-10 08:40 . 2009-02-22 17:03 -------- d-----w- e:\program files\Flash Slideshow Maker Professional
2009-05-10 08:06 . 2009-04-05 06:07 -------- d-----w- e:\documents and settings\kaitsu\Application Data\SmartFTP
2009-05-10 07:53 . 2009-05-10 07:53 -------- d-----w- e:\program files\SmartFTP
2009-05-10 07:52 . 2009-05-10 07:52 -------- d-----w- e:\program files\SmartFTP Setup Files
2009-05-10 07:48 . 2009-04-05 06:07 -------- d-----w- e:\program files\SmartFTP Client
2009-05-10 07:13 . 2008-11-01 08:47 -------- d-----w- e:\documents and settings\kaitsu\Application Data\ZoomBrowser EX
2009-05-10 07:13 . 2008-11-01 08:42 -------- d-----w- e:\documents and settings\kaitsu\Application Data\CameraWindowDC
2009-05-07 15:46 . 2009-05-07 15:46 -------- d-----w- e:\documents and settings\kaitsu\Application Data\Ulead Systems
2009-05-07 15:45 . 2009-05-07 15:44 -------- d-----w- e:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-07 15:45 . 2009-05-07 15:45 -------- d-----w- e:\program files\Ulead Systems
2009-05-07 15:45 . 2009-05-07 15:45 -------- d-----w- e:\program files\Common Files\Ulead Systems
2009-05-07 15:33 . 2001-10-09 12:00 346624 ----a-w- e:\windows\system32\localspl.dll
2009-05-05 13:07 . 2009-05-05 13:07 -------- d-----w- e:\program files\Common Files\Futuremark Shared
2009-05-02 06:34 . 2008-08-10 11:49 108552 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-04-21 21:20 . 2009-04-21 21:20 14311680 ----a-w- e:\windows\system32\xlive.dll
2009-04-21 21:20 . 2009-04-21 21:20 13642496 ----a-w- e:\windows\system32\xlivefnt.dll
2009-04-19 19:50 . 2001-10-09 12:00 1847424 ----a-w- e:\windows\system32\win32k.sys
2009-04-15 14:53 . 2001-10-09 12:00 585216 ----a-w- e:\windows\system32\rpcrt4.dll
2009-04-13 06:51 . 2009-04-10 06:11 36864 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-04-13 06:51 . 2009-04-10 06:20 53319 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
2009-04-13 06:49 . 2009-04-10 06:09 36864 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-04-13 06:49 . 2009-04-10 06:08 53319 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-04-13 06:46 . 2009-04-10 06:13 36864 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-04-13 06:45 . 2009-04-01 14:19 36864 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-04-13 06:12 . 2009-04-10 06:19 53319 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-04-11 05:28 . 2009-04-11 05:28 152576 ----a-w- e:\documents and settings\kaitsu\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-10 06:16 . 2008-04-26 15:50 29480 ----a-w- e:\windows\system32\msxml3a.dll
2009-04-10 06:16 . 2009-04-10 06:16 53319 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-04-10 06:16 . 2008-04-19 03:08 505128 ----a-w- e:\windows\system32\msvcp71.dll
2009-04-10 06:16 . 2008-04-18 19:31 353576 ----a-w- e:\windows\system32\msvcr71.dll
2009-04-10 06:08 . 2008-04-19 05:20 1053232 ----a-w- e:\windows\system32\MFC71u.dll
2009-04-10 06:08 . 2008-04-19 05:20 1066544 ----a-w- e:\windows\system32\MFC71.dll
2009-04-10 06:07 . 2009-04-10 06:07 53319 ----a-w- e:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-04-08 17:40 . 2009-04-08 17:40 61 ----a-w- e:\windows\system32\SYSVCPDRV.SYS
2009-02-25 15:29 . 2009-02-25 15:29 8271360 ----a-w- e:\program files\HTML Guardian 7.msi
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="e:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2007-12-13 19752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"IMJPMIG8.1"="e:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="e:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"ISUSScheduler"="e:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"F-Secure Manager"="e:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-10-14 182936]
"F-Secure TNB"="e:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-10-14 957024]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-07-06 413696]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-31 185896]
"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2009-02-18 1657376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - e:\windows\KHALMNPR.Exe [2005-11-03 28160]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - e:\program files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2005-8-29 610365]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "e:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-09-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2005-11-22 23:47 53248 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 16:52 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
backup=e:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
path=e:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\InterVideo WinCinema Manager.lnk

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech SetPoint.lnk]
backup=e:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^kaitsu^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"i:\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;e:\windows\system32\drivers\fsdfw.sys [4.4.2009 12:16 79904]
R1 CLBStor;InstantBurn Storage Helper Driver;e:\windows\system32\drivers\CLBStor.sys [10.4.2009 9:08 15784]
R2 acehlp10;acehlp10;e:\windows\system32\drivers\acehlp10.sys [27.7.2007 13:46 251680]
S0 fsbts;fsbts;e:\windows\system32\drivers\fsbts.sys [4.4.2009 12:29 33408]
S1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [10.8.2008 14:49 335752]
S1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [10.8.2008 14:49 108552]
S1 F-Secure HIPS;F-Secure HIPS Driver;e:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [4.4.2009 12:15 66720]
S1 nltdi;nltdi;e:\windows\system32\drivers\nltdi.sys [23.4.2007 14:03 82200]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\000.fcl [7.10.2008 20:31 61424]
S2 acedrv10;acedrv10;e:\windows\system32\drivers\ACEDRV10.sys [27.7.2007 11:13 330144]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.9.2008 13:03 169312]
S2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [26.3.2009 19:47 298776]
S2 gupdate1c9a544ff7627e4;Google Update Service (gupdate1c9a544ff7627e4);e:\program files\Google\Update\GoogleUpdate.exe [15.3.2009 11:06 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [7.4.2009 18:08 24652]
S3 cpuz130;cpuz130;\??\e:\docume~1\kaitsu\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> e:\docume~1\kaitsu\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;e:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [4.4.2009 12:15 84608]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\MAGIX\Common\Database\bin\fbserver.exe [6.6.2008 6:38 1527900]
S3 FSORSPClient;F-Secure ORSP Client;e:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [4.4.2009 12:15 55904]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [25.1.2007 20:31 42000]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [30.5.2009 13:35 98488]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;e:\windows\system32\drivers\ScreamingBAudio.sys --> e:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 tenCapture;tenCapture;e:\windows\system32\drivers\tenCapture.sys [21.4.2007 17:15 9344]
S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;e:\windows\system32\drivers\usb8023.sys [9.10.2001 15:00 12800]
S3 zlportio;zlportio;\??\h:\ultrastar deluxe\zlportio.sys --> h:\ultrastar deluxe\zlportio.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;e:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [4.4.2009 12:15 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;e:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [4.4.2009 12:15 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
'Ajoitetut tehtävät'-kansion sisältö

2009-07-04 e:\windows\Tasks\GlaryInitialize.job
- e:\program files\Glary Utilities\initialize.exe [2009-01-29 15:02]

2009-07-04 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 08:06]

2009-07-04 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 08:06]

2009-07-04 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-04-08 19:18]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - e:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKLM-Run-ISUSPM Startup - e:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-Win32 Firewall - e:\docume~1\kaitsu\LOCALS~1\Temp\769.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)


.
------- Täydentävä tarkistus -------
.
LSP: e:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 15:40
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,fc,dd,c2,34,bd,
7b,16,da,c8,28,51,af,b0,29,a3,98,7b,1b,18,84,59,6d,33,1e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d5,22,00,41,52,
d6,bf,11,71,3b,04,66,8b,46,0d,96,b0,b1,e5,29,7a,ab,b3,3e,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,8a,ce,78,7d,f4,
d9,e2,27,25,da,ec,7e,55,20,c9,26,a4,bb,85,7d,6b,1a,48,e5,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,fb,a6,1b,62,ea,
ff,81,1f,3e,1e,9e,e0,57,5a,93,61,22,b1,b8,06,ab,31,4c,b3,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b1,6f,0a,d4,10,
6e,7b,3d,cd,44,cd,b9,a6,33,6c,cd,1c,2e,7c,f3,69,7d,10,36,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,73,cf,87,fd,fe,
2e,b8,48,b0,18,ed,a7,3f,8d,37,a4,ef,e2,8b,85,3d,35,88,bb,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,60,0c,a2,4e,4c,
f5,80,8f,31,77,e1,ba,b1,f8,68,02,9a,95,a5,b7,5f,50,27,1d,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e9,4a,59,8a,6d,
84,65,c3,83,6c,56,8b,a0,85,96,ab,c0,46,36,2e,2d,20,66,c0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a7,1b,84,2a,5e,
52,35,a7,51,fa,6e,91,28,9e,14,cc,44,6f,79,1d,48,6b,09,27,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,92,fd,ce,ee,d7,
f4,b4,f6,b1,cd,45,5a,a8,c4,f8,b9,f5,9f,3e,77,6a,e5,27,a7,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,02,9a,69,f6,cf,
41,a7,35,e3,0e,66,d5,eb,bc,2f,6b,7d,0d,0f,68,aa,f4,1a,22,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,83,fa,d3,51,4a,
a9,33,70,fa,ea,66,7f,d4,3b,6b,70,4d,38,00,16,fb,d4,ea,bd,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="E?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(268)
e:\program files\common files\logitech\bluetooth\LBTWlgn.dll
e:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Valmistumisajankohta: 2009-07-04 15:49 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-07-04 12:49

Ennen ajoa: 48 558 882 816 tavua vapaana
Ajon jälkeen: 50 497 581 056 tavua vapaana

372 --- E O F --- 2009-06-17 15:41

---> Ei vaikutusta --> Ajettu Smitfraud.exe ja siitä saatu loki:
SmitFraudFix v2.423

Scan done at 17:43:53,12, la 04.07.2009
Run from E:\Documents and Settings\kaitsu\Työpöytä\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C33BEDF-6BFF-4568-98F5-CDEBD079C1FE}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EBD33DC-3A21-4DCA-AFEE-E33937A67F5C}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CCS\Services\Tcpip\..\{57C1DA34-8336-4997-AFEB-52DE6F952EC1}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C33BEDF-6BFF-4568-98F5-CDEBD079C1FE}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EBD33DC-3A21-4DCA-AFEE-E33937A67F5C}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS1\Services\Tcpip\..\{57C1DA34-8336-4997-AFEB-52DE6F952EC1}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C33BEDF-6BFF-4568-98F5-CDEBD079C1FE}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0EBD33DC-3A21-4DCA-AFEE-E33937A67F5C}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS2\Services\Tcpip\..\{57C1DA34-8336-4997-AFEB-52DE6F952EC1}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0EBD33DC-3A21-4DCA-AFEE-E33937A67F5C}: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.243.153.170 213.243.153.171
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.243.153.170 213.243.153.171


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

--> Ei vaikutusta
--> Jokaisen toiminnan jälkeen olen koneen bootannut ja käynnistänyt vikasietotilaan. Mitäköhän muuta tässä olisi tehtävissä? Itse en löydä enää mitään vikaa ja ongelma on aika ärsyttävä. Ilmenee myös siten,että kun juttelen messengerin kautta jonkun kanssa niin koneeni lähettää jonkun kivan linkin toiselle ja pyytää häntä menemään sinne. No pikkuveljeni jo meni tähän ja nyt hänkään ei sitä saa pois (hänelle ongelma näkyy siten,että palomuuri ohjelmisto pyysi explorer.exen päästämään nettiin ja hän ei päästänyt joten ilmoitus vain tulee joka toinen minuutti,mutta muuta käyttöä se ei estä).
Olisin todella kiitollinen kaikesta avusta.

 

Sama ongelma jatkuu itselläni vieläkin. Firefoxilla pääsee nettiin,mutta Internet Explorerilla ei (tai sitten Avant Browser:lla,joka on Explorer pohjainen selain). Kokeiltu myös winxpsocket fixiä,mutta ei vaikutusta. Ei pääse nimellä eikä ip:llä mihinkään sivustoon käsiksi. Löytyyköhän noista logeista mitään eipälyttävää?

 

Logeissa on niinpaljon epäilyttävää, etten taida
uskaltaa sanoa mitään.

-----------------------------------------
ComboFix.exe
Mitä sulla oli tässä Scriptissä => cfscript.txt ????

Nämä piti olla Combon ajonaikana sammutettuna ????
AV: AVG Anti-Virus Free *On-access scanning enabled*
AV: F-Secure Internet Security 2009 9.00 *On-access scanning enabled*
FW: F-Secure Internet Security 2009 9.00 *enabled*

------------------------------------------------------

Aloita näillä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Win32 Firewall] E:\DOCUME~1\kaitsu\LOCALS~1\Temp\769.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] E:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={67F21F6F-0859-4F02-B7C4-C325FE9BC065}; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"https://skillgames.nordicbet.com/w/v/client/info?locale=fi&channelId=_38417294 67&titleId=13&partnerCode=nordicbet&action=auth&ticket=b71cd2883754f7bf96eb2c805 bbc79ea%3Akaitchu&accountId=631733"
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - E:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: CasinoJoyEuro - {6CA050F7-DCA6-451D-BDED-875971627740} - http://www.CasinoJoy.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: CasinoJoyEuro - {6CA050F7-DCA6-451D-BDED-875971627740} - http://www.CasinoJoy.com (file missing) (HKCU)

sekä poista ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* MalwareByteksen raportti
*
* Kerro mitä kaikkea on tapahtunut koneella viimeaikoina
viruksia on ollut monenlaisia ???
.

 

Tässä uusimmat lokit:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:39, on 6.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Canon\MyPrinter\BJMyPrt.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
E:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
E:\Program Files\Logitech\Easy Synchronization\servicestub.exe
E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
E:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
E:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
E:\Program Files\NetLimiter 2 Pro\nlsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\NetLimiter 2 Pro\NLClient.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
E:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
E:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
E:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
E:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\DC++\DCPlusPlus.exe
E:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
E:\Program Files\Webteh\BSplayerPro\bsplayer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5757
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gearsin asetukset - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208583781976
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/helpson/fscax.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - E:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - E:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9a544ff7627e4) (gupdate1c9a544ff7627e4) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - E:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13602 bytes


Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7.7.2009 8:12:59
mbam-log-2009-07-07 (08-12-45).txt

Scan type: Full Scan (E:\|H:\|I:\|J:\|K:\|)
Objects scanned: 433658
Time elapsed: 5 hour(s), 16 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\system volume information\_restore{e1433050-858e-4e4f-bbfc-a2f72f6400db}\RP486\A0158432.exe (Trojan.Agent) -> No action taken.
i:\alcohol 120 1.9.7.build 6221(new-updated build)\alcohol 120 1.9.7.build 6221(new-updated build)\CRACK\loader exe\Alcohol.exe (Trojan.Agent) -> No action taken.


Edelleenkään ei pääse Explorer pohjaisilla selaimilla verkkoon. Väittää vain,että sivulle siirtyminen peruttiin (latauksessa etsii dns:ää + 127.0.0.1 osoitetta ja sen jälkeen ei mene minnekkään). En itse usko enää,että olisi kyseessä virus tai haittaohjelma tai jos on niin on pesiytynyt jonnekkin tosi syvälle. Olen tehnyt ipconfgi/releasen ja ipconfig/renewin sekä ipconfig/flushdns --> toistanut muutaman kerran --> ei vaikutusta. Olen jopa tarkistanut,että Internet asetukset ovat automaattisissa (hakee ip-osoitteen automaattisesti) ja näin on. Löytyykö muita ehdotuksia?

Kiitokset jo etukäteen avusta.

 

No niin, sainpa sen korjattua. Internet Explorerissa oli jostain syystä pamahtanut proxy päälle. Laitoin asetukset automaattiseksi ja otin proxyn pois niin lähti toimimaan. Kiitokset kuitenkin tuon HJT:n lokin pohjalta tehdystä arvioinnista ja korjaus ehdotuksista. Pahoittelen omaa huolimattomuuttani ja toivotan kaikille hyviä jatkoja.