Netti hidastelee paljon. hjt-loki

Samkoon · Aug 16, 2007

Eli epäilen, että koneeni on saastunu. Netti kulkee todella hitaasti ja avaa itsekseen ie:tä

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:29, on 16.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe
E:\Ohjelmatiedostot\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ohjelmatiedostot\QuickTime\qttask.exe
C:\Program Files\Comodo\Firewall\CPF.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDMedia.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Pelit\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Ohjelmatiedostot\WinRAR 3.42\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zotltfygdtshmlx.biz/Dqg4JKDYl2h4sGcwEVBoDcNbj0La4AfkBLKZOYX13_pdiKY5jS1qAz0yaC5GOCIS.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iibrirfurfvvgdrl.biz/Dqg4JKDYl2i43yOjc3hnMMI0_3y1ki4AtYAyj12yteg.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 67.15.126.34 msxsecurity.net
O1 - Hosts: 72.20.27.125 game-deception.com
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 72.20.27.125 japsclan.info
O1 - Hosts: 72.20.27.125 mpcforum.com
O1 - Hosts: 72.20.27.125 rxp-clan.us
O1 - Hosts: 67.15.126.34 gamerzplanet.net
O1 - Hosts: 67.15.126.34 unknowncheats.com
O1 - Hosts: 72.20.27.125 elitecoders.org
O1 - Hosts: 72.20.27.125 irootu.com
O1 - Hosts: 72.20.27.125 endvac.net
O1 - Hosts: 72.20.27.125 evlav.com
O1 - Hosts: 72.20.27.125 mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 icthacks.com
O1 - Hosts: 67.15.126.34 www.msxsecurity.net
O1 - Hosts: 72.20.27.125 www.game-deception.com
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 72.20.27.125 www.mpcforum.com
O1 - Hosts: 67.15.126.34 www.rxp-clan.us
O1 - Hosts: 67.15.126.34 www.gamerzplanet.net
O1 - Hosts: 72.20.27.125 www.unknowncheats.com
O1 - Hosts: 67.15.126.34 www.elitecoders.org
O1 - Hosts: 72.20.27.125 www.irootu.com
O1 - Hosts: 72.20.27.125 www.endvac.net
O1 - Hosts: 72.20.27.125 www.evlav.com
O1 - Hosts: 72.20.27.12 www.mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.icthacks.com
O1 - Hosts: 67.15.126.34 valvesoftware.co.uk
O1 - Hosts: 67.15.126.34 www.valvesoftware.co.uk
O1 - Hosts: 72.20.27.125 www.endvac.irootu.com
O1 - Hosts: 72.20.27.125 endvac.irootu.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {399D0120-F66D-ECA4-9C73-C9C340EAAA51} - C:\DOCUME~1\Ville\APPLIC~1\CORNSU~1\Play Fork.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\OHJELM~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Info else four mp3] C:\Documents and Settings\All Users\Application Data\Face Loud Mp3 Readme\time info blue.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Ohjelmatiedostot\messenger +\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Muut\PACIFI~2\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 12145 bytes

Hujo · Aug 16, 2007

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

=====================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

====================

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

Samkoon · Aug 16, 2007

Joo eli tuo escan ei onnistunut. Heti aluss kun olin sen unzipin laittanut tuli viesti: Some of MWAV.EXE infected by virus!!! Try again... Ja ohjelma ei käynnistynyt eikä sitä saanut käynnistettyä, vaan herjasi tuota samaa. Edittaan sit ku saan tuon nolopin ajettua.

edit.

tuossa nlop logi

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Ville
[16.8.2007]
[19:39:32]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\64 Idle Plan Settings\BallSoft.exe
C:\Documents and Settings\All Users\Application Data\64 Idle Plan Settings\Info Cast.exe
C:\Documents and Settings\Ville\Application Data\BLEH DOWNLOAD\csxfrnex.exe
C:\Documents and Settings\Ville\Application Data\BLEH DOWNLOAD\ydlpaolx.exe
C:\WINDOWS\tasks\A0D774A69184E572.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Face Loud Mp3 Readme -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Logitech
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Metacafe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Games
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Anni\Application Data\.bittornado
C:\Documents and Settings\Anni\Application Data\Adobe
C:\Documents and Settings\Anni\Application Data\Atari
C:\Documents and Settings\Anni\Application Data\Bleh Download
C:\Documents and Settings\Anni\Application Data\Cornsurfseek -- EMPTY Directory
C:\Documents and Settings\Anni\Application Data\Identities
C:\Documents and Settings\Anni\Application Data\Leadertech
C:\Documents and Settings\Anni\Application Data\Logitech
C:\Documents and Settings\Anni\Application Data\Macromedia
C:\Documents and Settings\Anni\Application Data\Microsoft
C:\Documents and Settings\Anni\Application Data\Microsoft Games
C:\Documents and Settings\Anni\Application Data\Mozilla
C:\Documents and Settings\Anni\Application Data\Msn6
C:\Documents and Settings\Anni\Application Data\Sun
C:\Documents and Settings\Anni\Application Data\Talkback
C:\Documents and Settings\Anni\Application Data\Vlc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Kari\Application Data\Adobe
C:\Documents and Settings\Kari\Application Data\Ahead
C:\Documents and Settings\Kari\Application Data\Atari
C:\Documents and Settings\Kari\Application Data\Identities
C:\Documents and Settings\Kari\Application Data\Logitech
C:\Documents and Settings\Kari\Application Data\Macromedia
C:\Documents and Settings\Kari\Application Data\Microsoft
C:\Documents and Settings\Kari\Application Data\Mozilla
C:\Documents and Settings\Kari\Application Data\Sun
C:\Documents and Settings\Kari\Application Data\Talkback
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Sari\Application Data\Adobe
C:\Documents and Settings\Sari\Application Data\Identities
C:\Documents and Settings\Sari\Application Data\Logitech
C:\Documents and Settings\Sari\Application Data\Macromedia
C:\Documents and Settings\Sari\Application Data\Microsoft
C:\Documents and Settings\Sari\Application Data\Mozilla
C:\Documents and Settings\Sari\Application Data\Sun
C:\Documents and Settings\Sari\Application Data\Talkback
C:\Documents and Settings\Ville\Application Data\.bittornado
C:\Documents and Settings\Ville\Application Data\Adobe
C:\Documents and Settings\Ville\Application Data\Ahead
C:\Documents and Settings\Ville\Application Data\Atari
C:\Documents and Settings\Ville\Application Data\Comodo
C:\Documents and Settings\Ville\Application Data\Cyberlink
C:\Documents and Settings\Ville\Application Data\Dvdcss
C:\Documents and Settings\Ville\Application Data\Google
C:\Documents and Settings\Ville\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ville\Application Data\Identities
C:\Documents and Settings\Ville\Application Data\Installshield
C:\Documents and Settings\Ville\Application Data\Installshield Installation Information
C:\Documents and Settings\Ville\Application Data\Intertrust
C:\Documents and Settings\Ville\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Ville\Application Data\Locktime
C:\Documents and Settings\Ville\Application Data\Logitech
C:\Documents and Settings\Ville\Application Data\Macromedia
C:\Documents and Settings\Ville\Application Data\Media Player Classic
C:\Documents and Settings\Ville\Application Data\Metacafe
C:\Documents and Settings\Ville\Application Data\Microgaming
C:\Documents and Settings\Ville\Application Data\Microsoft
C:\Documents and Settings\Ville\Application Data\Microsoft Games
C:\Documents and Settings\Ville\Application Data\Mozilla
C:\Documents and Settings\Ville\Application Data\Msn6
C:\Documents and Settings\Ville\Application Data\Nasa
C:\Documents and Settings\Ville\Application Data\Screenshot Sender
C:\Documents and Settings\Ville\Application Data\Securom
C:\Documents and Settings\Ville\Application Data\Seven Zip
C:\Documents and Settings\Ville\Application Data\Shareaza
C:\Documents and Settings\Ville\Application Data\Sun
C:\Documents and Settings\Ville\Application Data\System Requirements Lab
C:\Documents and Settings\Ville\Application Data\Talkback
C:\Documents and Settings\Ville\Application Data\Teamspeak2
C:\Documents and Settings\Ville\Application Data\Utorrent
C:\Documents and Settings\Ville\Application Data\Ventrilo
C:\Documents and Settings\Ville\Application Data\Vlc
C:\Documents and Settings\Ville\Application Data\Vso
C:\Documents and Settings\Ville\Application Data\Xfire

Ja sitten uusi hjt logi ilman tuota escania

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:37, on 16.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe
E:\Ohjelmatiedostot\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ohjelmatiedostot\QuickTime\qttask.exe
C:\Program Files\Comodo\Firewall\CPF.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDMedia.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDClock.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 67.15.126.34 msxsecurity.net
O1 - Hosts: 72.20.27.125 game-deception.com
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 72.20.27.125 japsclan.info
O1 - Hosts: 72.20.27.125 mpcforum.com
O1 - Hosts: 72.20.27.125 rxp-clan.us
O1 - Hosts: 67.15.126.34 gamerzplanet.net
O1 - Hosts: 67.15.126.34 unknowncheats.com
O1 - Hosts: 72.20.27.125 elitecoders.org
O1 - Hosts: 72.20.27.125 irootu.com
O1 - Hosts: 72.20.27.125 endvac.net
O1 - Hosts: 72.20.27.125 evlav.com
O1 - Hosts: 72.20.27.125 mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 icthacks.com
O1 - Hosts: 67.15.126.34 www.msxsecurity.net
O1 - Hosts: 72.20.27.125 www.game-deception.com
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 72.20.27.125 www.mpcforum.com
O1 - Hosts: 67.15.126.34 www.rxp-clan.us
O1 - Hosts: 67.15.126.34 www.gamerzplanet.net
O1 - Hosts: 72.20.27.125 www.unknowncheats.com
O1 - Hosts: 67.15.126.34 www.elitecoders.org
O1 - Hosts: 72.20.27.125 www.irootu.com
O1 - Hosts: 72.20.27.125 www.endvac.net
O1 - Hosts: 72.20.27.125 www.evlav.com
O1 - Hosts: 72.20.27.12 www.mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.icthacks.com
O1 - Hosts: 67.15.126.34 valvesoftware.co.uk
O1 - Hosts: 67.15.126.34 www.valvesoftware.co.uk
O1 - Hosts: 72.20.27.125 www.endvac.irootu.com
O1 - Hosts: 72.20.27.125 endvac.irootu.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {399D0120-F66D-ECA4-9C73-C9C340EAAA51} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\OHJELM~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Muut\PACIFI~2\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11108 bytes

Hujo · Aug 16, 2007

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {399D0120-F66D-ECA4-9C73-C9C340EAAA51} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

====================

Lataa CWShredder
http://cwshredder.net/bin/CWShredder.exe
Ja tallenna se työpöydälle

-Scannaa kone CWShredder avulla : Muista sulkea selain + kaikki muut ikkunat ennenkuin käytät tuota CWShredderiä.
-Paina Fix-->näppäintä.
-Vastaa ohjelman kysymyksiin OK.
-Ohjelman käytyä kohteet läpi paina Next-->näppäintä.
-Loppuyhteenvedon tulos tulee tämän jälkeen.
-puhdistuksen jälkeen käynnistä kone uudelleen.

Lähetä CWShredder raportti.

=======================

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Samkoon · Aug 16, 2007

tuossa tuon shredderin.

**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
RUN: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
RUN: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
RUN: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
RUN: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
RUN: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
RUN: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
RUN: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RUN: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
RUN: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
RUN: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
RUN: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe
RUN: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
BHO: [] E:\OHJELM~1\SPYBOT~2\SDHelper.dll
BHO: [ST] C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
BHO: [MSNToolBandBHO] C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll

**** IE Toolbars ****

TOOLBAR: [MSN] C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
TOOLBAR: [Yahoo! Toolbar] C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

**** IE Extensions ****

IEExt: []
IEExt: [Unibet Guest Poker] C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
IEExt: [PacificPoker] E:\Muut\PACIFI~2\pacificpoker.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 67.15.126.34 msxsecurity.net
HOSTS: 72.20.27.125 game-deception.com
HOSTS: 67.15.126.34 japsclan.com
HOSTS: 72.20.27.125 japsclan.info
HOSTS: 72.20.27.125 mpcforum.com
HOSTS: 72.20.27.125 rxp-clan.us
HOSTS: 67.15.126.34 gamerzplanet.net
HOSTS: 67.15.126.34 unknowncheats.com
HOSTS: 72.20.27.125 elitecoders.org
HOSTS: 72.20.27.125 irootu.com
HOSTS: 72.20.27.125 endvac.net
HOSTS: 72.20.27.125 evlav.com
HOSTS: 72.20.27.125 mirc-scripts.de
HOSTS: 67.15.126.34 irc.japsclan.com
HOSTS: 67.15.126.34 icthacks.com
HOSTS: 67.15.126.34 www.msxsecurity.net
HOSTS: 72.20.27.125 www.game-deception.com
HOSTS: 67.15.126.34 www.japsclan.com
HOSTS: 67.15.126.34 www.japsclan.info
HOSTS: 72.20.27.125 www.mpcforum.com
HOSTS: 67.15.126.34 www.rxp-clan.us
HOSTS: 67.15.126.34 www.gamerzplanet.net
HOSTS: 72.20.27.125 www.unknowncheats.com
HOSTS: 67.15.126.34 www.elitecoders.org
HOSTS: 72.20.27.125 www.irootu.com
HOSTS: 72.20.27.125 www.endvac.net
HOSTS: 72.20.27.125 www.evlav.com
HOSTS: 72.20.27.12 www.mirc-scripts.de
HOSTS: 67.15.126.34 irc.japsclan.com
HOSTS: 67.15.126.34 www.icthacks.com
HOSTS: 67.15.126.34 valvesoftware.co.uk
HOSTS: 67.15.126.34 www.valvesoftware.co.uk
HOSTS: 72.20.27.125 www.endvac.irootu.com
HOSTS: 72.20.27.125 endvac.irootu.com
HOSTS: 127.0.0.1 bin.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 br.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 br.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 br.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 de.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 de.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 download.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 download.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 download.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 es.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 go.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 go.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 go.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 go.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 hk.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 instlog.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 jsp.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 kb.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 kb.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 nl.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 se.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 secure.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 support.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 ulog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 utils.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 utils.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 www.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 www.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.win-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 www.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 www.winantiviruspro.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivesafe.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 trial.updates.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD

**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://home.microsoft.com/search/search.asp

**** IE Context Menu (Right click) ****

IEContext: [Download with NetPumper] C:\Program Files\NetPumper\AddUrl.htm

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C8D9E29-5F6B-44B4-B165-2BAB3F582B2D}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C8D9E29-5F6B-44B4-B165-2BAB3F582B2D}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C20D4216-7AF4-494C-AB94-57A4A8418A7E}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C20D4216-7AF4-494C-AB94-57A4A8418A7E}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AB8E1-C682-4F39-9D5F-2EE3F406BA7C}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AB8E1-C682-4F39-9D5F-2EE3F406BA7C}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D083DC91-81DD-4A4A-A48D-D5626E551CF5}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D083DC91-81DD-4A4A-A48D-D5626E551CF5}] DATAGRAM 2

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

{00B71CFB-6864-4346-A978-C0A14556272C} [http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab] C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
{14B87622-7E19-4EA8-93B3-97215F77A6BC} [http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab]
{B8BE5E93-A60C-4D26-A2DC-220313175592} [http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]

**** Windows Services ****

[Adobe LM Service] "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[Autodesk Licensing Service] "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
[BackWeb Client - 7681197] C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[F-Secure Gatekeeper Handler Starter] "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
[F-Secure Network Request Broker] "C:\Program Files\F-Secure\Common\FNRB32.EXE"
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[fsbwsys] "C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe"
[FSDFWD] "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe"
[FSMA] "C:\Program Files\F-Secure\Common\FSMA32.EXE"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[InCDsrv] C:\Program Files\Ahead\InCD\InCDsrv.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{5BAD2BE5-EF59-4401-B21A-C1818A0FCB14}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [Use_Combobox_DlgBox_Colors_Complete] 3
IEOPT: [Use_Combobox_DlgBox_Colors_Failed] 2
IEOPT: [Use_Combobox_DlgBox_Colors_Error] 20
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use Custom Search URL]
IEOPT: [Use Search Asst] no
IEOPT: [AutoSearch]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://home.microsoft.com/search/search.asp
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.msn.com
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] no

tässä combofixin log

**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
RUN: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
RUN: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
RUN: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
RUN: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
RUN: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
RUN: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
RUN: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RUN: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
RUN: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
RUN: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
RUN: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe
RUN: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
BHO: [] E:\OHJELM~1\SPYBOT~2\SDHelper.dll
BHO: [ST] C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
BHO: [MSNToolBandBHO] C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll

**** IE Toolbars ****

TOOLBAR: [MSN] C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
TOOLBAR: [Yahoo! Toolbar] C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

**** IE Extensions ****

IEExt: []
IEExt: [Unibet Guest Poker] C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
IEExt: [PacificPoker] E:\Muut\PACIFI~2\pacificpoker.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 67.15.126.34 msxsecurity.net
HOSTS: 72.20.27.125 game-deception.com
HOSTS: 67.15.126.34 japsclan.com
HOSTS: 72.20.27.125 japsclan.info
HOSTS: 72.20.27.125 mpcforum.com
HOSTS: 72.20.27.125 rxp-clan.us
HOSTS: 67.15.126.34 gamerzplanet.net
HOSTS: 67.15.126.34 unknowncheats.com
HOSTS: 72.20.27.125 elitecoders.org
HOSTS: 72.20.27.125 irootu.com
HOSTS: 72.20.27.125 endvac.net
HOSTS: 72.20.27.125 evlav.com
HOSTS: 72.20.27.125 mirc-scripts.de
HOSTS: 67.15.126.34 irc.japsclan.com
HOSTS: 67.15.126.34 icthacks.com
HOSTS: 67.15.126.34 www.msxsecurity.net
HOSTS: 72.20.27.125 www.game-deception.com
HOSTS: 67.15.126.34 www.japsclan.com
HOSTS: 67.15.126.34 www.japsclan.info
HOSTS: 72.20.27.125 www.mpcforum.com
HOSTS: 67.15.126.34 www.rxp-clan.us
HOSTS: 67.15.126.34 www.gamerzplanet.net
HOSTS: 72.20.27.125 www.unknowncheats.com
HOSTS: 67.15.126.34 www.elitecoders.org
HOSTS: 72.20.27.125 www.irootu.com
HOSTS: 72.20.27.125 www.endvac.net
HOSTS: 72.20.27.125 www.evlav.com
HOSTS: 72.20.27.12 www.mirc-scripts.de
HOSTS: 67.15.126.34 irc.japsclan.com
HOSTS: 67.15.126.34 www.icthacks.com
HOSTS: 67.15.126.34 valvesoftware.co.uk
HOSTS: 67.15.126.34 www.valvesoftware.co.uk
HOSTS: 72.20.27.125 www.endvac.irootu.com
HOSTS: 72.20.27.125 endvac.irootu.com
HOSTS: 127.0.0.1 bin.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 br.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 br.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 br.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 de.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 de.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 download.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 download.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 download.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 es.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 go.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 go.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 go.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 go.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 hk.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 instlog.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 jsp.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 kb.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 kb.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 nl.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 se.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 secure.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 support.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 ulog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 utils.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 utils.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 www.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 www.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.win-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 www.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 www.winantiviruspro.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivesafe.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 trial.updates.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD

**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://home.microsoft.com/search/search.asp

**** IE Context Menu (Right click) ****

IEContext: [Download with NetPumper] C:\Program Files\NetPumper\AddUrl.htm

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C8D9E29-5F6B-44B4-B165-2BAB3F582B2D}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C8D9E29-5F6B-44B4-B165-2BAB3F582B2D}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C20D4216-7AF4-494C-AB94-57A4A8418A7E}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C20D4216-7AF4-494C-AB94-57A4A8418A7E}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AB8E1-C682-4F39-9D5F-2EE3F406BA7C}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AB8E1-C682-4F39-9D5F-2EE3F406BA7C}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D083DC91-81DD-4A4A-A48D-D5626E551CF5}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D083DC91-81DD-4A4A-A48D-D5626E551CF5}] DATAGRAM 2

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

{00B71CFB-6864-4346-A978-C0A14556272C} [http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab] C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
{14B87622-7E19-4EA8-93B3-97215F77A6BC} [http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab]
{B8BE5E93-A60C-4D26-A2DC-220313175592} [http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]

**** Windows Services ****

[Adobe LM Service] "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[Autodesk Licensing Service] "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
[BackWeb Client - 7681197] C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[F-Secure Gatekeeper Handler Starter] "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
[F-Secure Network Request Broker] "C:\Program Files\F-Secure\Common\FNRB32.EXE"
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[fsbwsys] "C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe"
[FSDFWD] "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe"
[FSMA] "C:\Program Files\F-Secure\Common\FSMA32.EXE"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[InCDsrv] C:\Program Files\Ahead\InCD\InCDsrv.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{5BAD2BE5-EF59-4401-B21A-C1818A0FCB14}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [Use_Combobox_DlgBox_Colors_Complete] 3
IEOPT: [Use_Combobox_DlgBox_Colors_Failed] 2
IEOPT: [Use_Combobox_DlgBox_Colors_Error] 20
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use Custom Search URL]
IEOPT: [Use Search Asst] no
IEOPT: [AutoSearch]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://home.microsoft.com/search/search.asp
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.msn.com
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] no

Samkoon · Aug 17, 2007

Noniin laitetaan nyt tähän samaan ketjuun, eli netti hidastelee edelleen. Eli välillä vain on tosi hidas, toisinaan pätkäisee vähäksi aikaa poikki kokonaa. Mutta, välillä netti pelkästään lähettää tietoa, eli näyttää asetuksissa siltä, että netti toimii mutta selainta eikä muita pysty käyttämään. Eli tavaraa lähtee koneesta, mutta ei tule sisään. Vika voi toki olla yhteydessä, mutta haluan olla 100 prosenttisen varma, ettei hakkerit jyllää koneellani

tässä taas hjt loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:55, on 17.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe
E:\Ohjelmatiedostot\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ohjelmatiedostot\QuickTime\qttask.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDMedia.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDClock.exe
C:\Program Files\Comodo\Firewall\CPF.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 67.15.126.34 msxsecurity.net
O1 - Hosts: 72.20.27.125 game-deception.com
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 72.20.27.125 japsclan.info
O1 - Hosts: 72.20.27.125 mpcforum.com
O1 - Hosts: 72.20.27.125 rxp-clan.us
O1 - Hosts: 67.15.126.34 gamerzplanet.net
O1 - Hosts: 67.15.126.34 unknowncheats.com
O1 - Hosts: 72.20.27.125 elitecoders.org
O1 - Hosts: 72.20.27.125 irootu.com
O1 - Hosts: 72.20.27.125 endvac.net
O1 - Hosts: 72.20.27.125 evlav.com
O1 - Hosts: 72.20.27.125 mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 icthacks.com
O1 - Hosts: 67.15.126.34 www.msxsecurity.net
O1 - Hosts: 72.20.27.125 www.game-deception.com
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 72.20.27.125 www.mpcforum.com
O1 - Hosts: 67.15.126.34 www.rxp-clan.us
O1 - Hosts: 67.15.126.34 www.gamerzplanet.net
O1 - Hosts: 72.20.27.125 www.unknowncheats.com
O1 - Hosts: 67.15.126.34 www.elitecoders.org
O1 - Hosts: 72.20.27.125 www.irootu.com
O1 - Hosts: 72.20.27.125 www.endvac.net
O1 - Hosts: 72.20.27.125 www.evlav.com
O1 - Hosts: 72.20.27.12 www.mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.icthacks.com
O1 - Hosts: 67.15.126.34 valvesoftware.co.uk
O1 - Hosts: 67.15.126.34 www.valvesoftware.co.uk
O1 - Hosts: 72.20.27.125 www.endvac.irootu.com
O1 - Hosts: 72.20.27.125 endvac.irootu.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\OHJELM~1\SPYBOT~2\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Muut\PACIFI~2\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11157 bytes

Hujo · Aug 17, 2007

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKCU\..\Run: [UserBarb] C:\DOCUME~1\Ville\APPLIC~1\BLEHDO~1\live flaw data.exe

==========================

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=======================

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

Samkoon · Aug 17, 2007

tuossa combofixin logi

ComboFix 07-08-14.4 - "Ville" 2007-08-18 0:19:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.698 [GMT 3:00]

((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

2007-08-16 22:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 19:40 <KANSIO> d-------- C:\NoLopBackups
2007-08-16 19:24 <KANSIO> d-------- C:\Bases
2007-08-16 19:18 <KANSIO> d-------- C:\Kaspersky
2007-08-16 19:06 <KANSIO> d-------- C:\Program Files\CCleaner
2007-08-16 18:58 <KANSIO> d-------- C:\DOCUME~1\Ville\DoctorWeb
2007-08-16 17:50 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-08-12 20:16 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-08-12 20:15 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-12 19:54 <KANSIO> d-------- C:\DOCUME~1\Ville\APPLIC~1\Comodo
2007-08-12 19:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-12 19:50 <KANSIO> d-------- C:\Program Files\Comodo
2007-08-03 13:53 <KANSIO> d-------- C:\Program Files\BLEH DOWNLOAD
2007-08-03 13:53 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
2007-08-03 13:53 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Face Loud Mp3 Readme

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 20:15 --------- d-------- C:\DOCUME~1\Ville\APPLIC~1\Lavasoft
2007-08-12 20:14 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 01:16 --------- d-------- C:\DOCUME~1\Ville\APPLIC~1\uTorrent
2007-07-09 17:51 --------- d-------- C:\Program Files\Anti-Leech
2007-07-02 21:44 --------- d-------- C:\Program Files\Apple Software Update
2007-06-26 17:12 658944 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 16:57 851968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 09:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 09:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 16:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 16:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 21:11 615936 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 21:11 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 21:11 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 21:11 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 21:11 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 21:11 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 21:11 1494016 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 21:11 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 21:10 96256 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 21:10 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 21:10 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 21:10 250880 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 21:10 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 21:10 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 21:10 151552 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 21:10 1055232 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 21:10 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 17:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 16:22 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 16:22 1033728 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 14:30 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 14:30 549376 --------- C:\WINDOWS\system32\oleaut32.dll
2006-09-24 13:17 81920 --a------ C:\DOCUME~1\Ville\APPLIC~1\ezpinst.exe
2006-09-24 13:17 47360 --a------ C:\DOCUME~1\Ville\APPLIC~1\pcouffin.sys
2004-03-11 14:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2005-05-05 20:34:26 205 --sh--r C:\WINDOWS\system32\nulware.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-04-06 20:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-16 23:30]
"SHARKOON STATION"="E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe" [2004-11-11 19:31]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" []
"Launch LCDMon"="E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe" []
"WinampAgent"="E:\Ohjelmatiedostot\Winamp\winampa.exe" [2007-05-15 01:22]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26]
"QuickTime Task"="E:\ohjelmatiedostot\QuickTime\qttask.exe" [2007-04-27 09:41]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-12 19:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\OblivionLauncher.exe

Contents of the 'Scheduled Tasks' folder
2007-07-02 18:44:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 00:22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-18 0:25:12
C:\ComboFix-quarantined-files.txt ... 2007-08-18 00:25
C:\ComboFix2.txt ... 2007-08-16 22:06

--- E O F ---

Edit: nyt tein tuon java hommankin. Pitäisikö koneen nyt toimia tältä osin. eli tuossa hjt lokissa ei ole enää mitään vinksallaan?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:48:10, on 18.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe
E:\Ohjelmatiedostot\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ohjelmatiedostot\QuickTime\qttask.exe
C:\Program Files\Comodo\Firewall\CPF.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDMedia.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 67.15.126.34 msxsecurity.net
O1 - Hosts: 72.20.27.125 game-deception.com
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 72.20.27.125 japsclan.info
O1 - Hosts: 72.20.27.125 mpcforum.com
O1 - Hosts: 72.20.27.125 rxp-clan.us
O1 - Hosts: 67.15.126.34 gamerzplanet.net
O1 - Hosts: 67.15.126.34 unknowncheats.com
O1 - Hosts: 72.20.27.125 elitecoders.org
O1 - Hosts: 72.20.27.125 irootu.com
O1 - Hosts: 72.20.27.125 endvac.net
O1 - Hosts: 72.20.27.125 evlav.com
O1 - Hosts: 72.20.27.125 mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 icthacks.com
O1 - Hosts: 67.15.126.34 www.msxsecurity.net
O1 - Hosts: 72.20.27.125 www.game-deception.com
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 72.20.27.125 www.mpcforum.com
O1 - Hosts: 67.15.126.34 www.rxp-clan.us
O1 - Hosts: 67.15.126.34 www.gamerzplanet.net
O1 - Hosts: 72.20.27.125 www.unknowncheats.com
O1 - Hosts: 67.15.126.34 www.elitecoders.org
O1 - Hosts: 72.20.27.125 www.irootu.com
O1 - Hosts: 72.20.27.125 www.endvac.net
O1 - Hosts: 72.20.27.125 www.evlav.com
O1 - Hosts: 72.20.27.12 www.mirc-scripts.de
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.icthacks.com
O1 - Hosts: 67.15.126.34 valvesoftware.co.uk
O1 - Hosts: 67.15.126.34 www.valvesoftware.co.uk
O1 - Hosts: 72.20.27.125 www.endvac.irootu.com
O1 - Hosts: 72.20.27.125 endvac.irootu.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\ohjelmatiedostot\adobe\Acrobat 0.5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\OHJELM~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [SHARKOON STATION] E:\Ohjelmatiedostot\Sharkoon majestic\Majestic.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\G15\LCDMon.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmatiedostot\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Unibet Guest Poker - {830BB968-4445-4a18-946B-D8582D09D678} - C:\Program Files\UnibetguestpokerMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Muut\PACIFI~2\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Ohjelmatiedostot\Logitech Hiiri ja Näppis\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Ohjelmatiedostot\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11191 bytes

Hujo · Aug 18, 2007

eipä lokissa erikoista

Samkoon · Aug 18, 2007

Kiitos todella paljon avusta.

Log in or Sign up

Netti hidastelee paljon. hjt-loki

Samkoon Member

Hujo Guest

Samkoon Member

Hujo Guest

Samkoon Member

Samkoon Member

Hujo Guest

Samkoon Member

Hujo Guest

Samkoon Member

Share This Page

Log in or Sign up

Netti hidastelee paljon. hjt-loki

Samkoon Member

Hujo Guest

Samkoon Member

Hujo Guest

Samkoon Member

Samkoon Member

Hujo Guest

Samkoon Member

Hujo Guest

Samkoon Member

Share This Page

Useful Searches