HJT logi, täällä on joku...

ComboFix 08-12-09.02 - Juhani1 2008-12-14 16:09:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.48 [GMT 2:00]
Running from: c:\documents and settings\Juhani1\Ty”p”yt„\ComboFix.exe
Command switches used :: c:\documents and settings\Juhani1\Ty”p”yt„\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll\

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 20:59 . 2008-12-13 20:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-13 20:56 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-13 20:52 . 2008-12-13 20:54 <KANSIO> d-------- c:\program files\Hewlett-Packard
2008-12-13 20:44 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\HP
2008-12-13 20:41 . 2008-12-13 21:09 127,436 --a------ c:\windows\hpoins11.dat
2008-12-13 11:38 . 2008-12-13 11:54 <KANSIO> d-------- C:\Lop SD
2008-12-12 12:39 . 2008-12-12 12:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 12:39 . 2008-12-12 12:38 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 19:05 . 2008-12-11 19:05 0 --a------ C:\23990098.$$$
2008-12-11 13:50 . 2008-12-11 14:03 <KANSIO> d-------- C:\Downloads
2008-12-11 13:50 . 2008-12-11 13:59 <KANSIO> d-------- C:\Bases
2008-12-11 13:45 . 2008-12-11 14:03 <KANSIO> d-------- C:\Kaspersky
2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 22:25 297,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-13 22:25 25,098,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-12 10:38 --------- d-----w c:\program files\Java
2008-12-12 10:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 10:19 --------- d-----w c:\program files\Logitech
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-12 11:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_16.59.19,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-09 16:30:15 7,348,224 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:15 28,672 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-09 16:30:05 7,348,224 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:05 28,672 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-04-19 21:05:28 11,634 ----a-w c:\windows\hpomdl11.dat
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
+ 2008-12-13 18:54:12 65,536 ----a-r c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
+ 2008-12-13 18:54:12 643,072 ----a-r c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2008-12-13 18:56:05 65,536 ----a-r c:\windows\Installer\{DBC20735-34E6-4E97-A9E5-2066B66B243D}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-10-23 12:38:22 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-06-17 23:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:10:34 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 01:01:58 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:10:33 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 16:11:54 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:03:58 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:10:34 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:01:57 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:10:33 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:01:57 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-18 03:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 -c----w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 -c----w c:\windows\system32\dllcache\WMVCore.dll
+ 2005-12-09 11:47:32 1,645,320 ----a-w c:\windows\system32\gdiplus.dll
+ 2004-05-27 13:00:52 118,784 ----a-r c:\windows\system32\HPODXPAT.DLL
- 2006-03-03 18:03:38 282,680 ----a-w c:\windows\system32\HPZidr12.dll
+ 2006-03-03 19:03:38 282,680 ----a-w c:\windows\system32\HPZidr12.dll
- 2006-03-03 18:03:22 65,536 ----a-w c:\windows\system32\HPZinw12.exe
+ 2006-03-03 19:03:22 65,536 ----a-w c:\windows\system32\HPZinw12.exe
- 2006-03-03 18:02:58 204,800 ----a-w c:\windows\system32\HPZipr12.dll
+ 2006-03-03 19:02:58 204,800 ----a-w c:\windows\system32\HPZipr12.dll
- 2006-03-03 18:02:30 94,208 ----a-w c:\windows\system32\HPZipt12.dll
+ 2006-03-03 19:02:30 94,208 ----a-w c:\windows\system32\HPZipt12.dll
- 2006-03-03 18:02:04 57,344 ----a-w c:\windows\system32\HPZisn12.dll
+ 2006-03-03 19:02:04 57,344 ----a-w c:\windows\system32\HPZisn12.dll
- 2005-04-12 23:19:56 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-12 10:38:20 144,792 ----a-w c:\windows\system32\java.exe
- 2005-04-12 23:20:04 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-12 10:38:20 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-04-13 00:48:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-12 10:38:20 148,888 ----a-w c:\windows\system32\javaws.exe
- 2006-10-18 18:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-17 23:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2003-03-18 18:44:36 40,960 ----a-w c:\windows\system32\MFC71CHS.DLL
+ 2003-03-18 18:44:36 45,056 ----a-w c:\windows\system32\MFC71CHT.DLL
+ 2003-03-18 18:44:34 65,536 ----a-w c:\windows\system32\MFC71DEU.DLL
+ 2003-03-18 18:44:38 57,344 ----a-w c:\windows\system32\MFC71ENU.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w c:\windows\system32\MFC71ESP.DLL
+ 2003-03-18 18:44:34 61,440 ----a-w c:\windows\system32\MFC71FRA.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w c:\windows\system32\MFC71ITA.DLL
+ 2003-03-18 18:44:34 49,152 ----a-w c:\windows\system32\MFC71JPN.DLL
+ 2003-03-18 18:44:38 49,152 ----a-w c:\windows\system32\MFC71KOR.DLL
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:10:34 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-16 01:01:58 3,088,896 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:10:33 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
- 2008-07-08 13:03:23 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:27 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 16:12:31 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-20 05:10:34 619,008 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:01:57 619,008 ----a-w c:\windows\system32\urlmon.dll
- 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 03:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-14 12:48:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_528.dat
+ 2008-12-14 12:50:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2008-12-13 18:53:13 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
2006-05-01 09:58 13624 c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-12 12:38 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 16:17:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
Completion time: 2008-12-14 16:21:24
ComboFix-quarantined-files.txt 2008-12-14 14:21:17
ComboFix2.txt 2008-12-10 12:48:02
ComboFix3.txt 2008-12-09 15:00:32

Pre-Run: 4ÿ445ÿ229ÿ056 tavua vapaana
Post-Run: 4,508,708,864 tavua vapaana

250 --- E O F --- 2008-12-11 23:20:30

 

sammuta ja käynnistä
scannaa sitten uusi hjt:n loki

=====

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

Ad-Aware 2007
Adobe Acrobat 4.0, 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2 - Suomi
Arkhimedes 3.0 (5)
avast! Antivirus
BSPlayer (remove only)
dBpowerAMP Music Converter
DivX 5.0.3 Bundle
EasyCleaner
GIMP 2.4.5
GrooveMaker SE
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows XP:lle (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 11
Logitech MouseWare 9.41 .1
LucasArts' Curse of Monkey Island
MAGIX music maker basic
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional
Microsoft Office 2000 Small Business
Microsoft Office XP Standard opiskelijoille ja opettajille
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Midifiles 1.0
Mozilla Firefox (2.0.0.18)
Mozilla Thunderbird (2.0.0.16)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 1.0
PC Connectivity Solution
PowerDVD
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955839)
QuickTime
SimCity 3000
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Player 8:lle (KB917734)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950759)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB953838)
Suojauspäivitys Windows XP:lle (KB953839)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954459)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956390)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB957095)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958215)
Suojauspäivitys Windows XP:lle (KB958644)
WebSounds 1.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
XviD MPEG-4 Codec
ZoneAlarm

 

Poista lisää poista sovelutuksesta

J2SE Runtime Environment 5.0 Update 3

===============

Mozilla Firefox (2.0.0.18) päivitä uudenpaan versioon

 

Vanhan javan poistin mutta mozillaa en päivitä kiitos vaan. Se uusi on aivan kamala.
iexplore.exe ja _blade_ on ja pysyy. Löytykö nyt semmonen viirus jota ei kukaan saa pois?

 

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Mä tein ton jo kerran ja combo muka poisti sen. Joko se ei oikeesti poistunut tai se tulee aina takaisin...

 

tee uudestaan ...

 

ComboFix 08-12-14.01 - Juhani1 2008-12-14 21:55:06.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.255.76 [GMT 2:00]
Sijainti: c:\documents and settings\Juhani1\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Juhani1\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu

FILE ::
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-14 to 2008-12-14 )))))))))))))))))
.

2008-12-13 20:59 . 2008-12-13 20:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-13 20:56 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-13 20:52 . 2008-12-13 20:54 <KANSIO> d-------- c:\program files\Hewlett-Packard
2008-12-13 20:44 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\HP
2008-12-13 20:41 . 2008-12-13 21:09 127,436 --a------ c:\windows\hpoins11.dat
2008-12-13 11:38 . 2008-12-13 11:54 <KANSIO> d-------- C:\Lop SD
2008-12-12 12:39 . 2008-12-12 12:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 12:39 . 2008-12-12 12:38 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 19:05 . 2008-12-11 19:05 0 --a------ C:\23990098.$$$
2008-12-11 13:50 . 2008-12-11 14:03 <KANSIO> d-------- C:\Downloads
2008-12-11 13:50 . 2008-12-11 13:59 <KANSIO> d-------- C:\Bases
2008-12-11 13:45 . 2008-12-11 14:03 <KANSIO> d-------- C:\Kaspersky
2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 20:05 297,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-14 20:05 25,098,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-14 15:47 --------- d-----w c:\program files\Java
2008-12-12 10:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 10:19 --------- d-----w c:\program files\Logitech
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-12 11:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
2008-11-15 21:04 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-15 21:04 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-15 21:04 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-15 21:04 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-15 21:04 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-14_16.19.52,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 20:06:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-12 12:38 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 22:07:14
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\devldr32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-12-14 22:21:10 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-12-14 20:20:49
ComboFix2.txt 2008-12-14 14:21:28
ComboFix3.txt 2008-12-10 12:48:02
ComboFix4.txt 2008-12-09 15:00:32

Ennen ajoa: 5 029 273 600 tavua vapaana
Ajon jälkeen: 5,013,295,104 tavua vapaana

193 --- E O F --- 2008-12-11 23:20:30
---------------------------------------------------------------------------------


Tätä kysyt kuitenkin:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:14, on 14.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189089126887
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6135 bytes





Täällä ei taida olla enää muita!

 

Lähti kun lämpes

Poista seuraavat resusinhallinasta

C:\Lop SD
C:\Bases
C:\Kaspersky
C:\SDFix

=============

Kirjoita suorita luukkuun

Combofix /u

paina OK

==============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

==============

On niitä mutta ne on niin ujoja niinkuin miekii

 

No niin, mitäs sitten vielä?

 

Lauletaan vaikka: Joulupuu on varastettu poliisi on ovella ranteet on koristeltu käsiraudoila.

=====================

Niin ei kai sitä nyt enenpää tehdä kun työkalutkin on roskiin heittety Eikös se jo pyöri niin kovaa että täytyy oikeen kiinni pidellä.

 

Kyllä pyörii, niin että huimaa!
Kiitos vaan tuhannesti paljon. Osaat kyllä asiasi!

Rauhallista ja onnellista joulun aikaa!