Onko täällä jotain vikaa??

Netti lähettää jotai koko ajan jotain en vaan tiedä mitä?
Jos joku löytää jotain niin suur kiitosta vaan...
Nod32 ja zone alert ei löydä mitään eikä malware bytes...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:46, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spartani.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6998 bytes



ComboFix 08-08-25.01 - kubla 2008-08-26 17:42:20.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.1520 [GMT 3:00]
Running from: C:\Documents and Settings\kubla\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-26 to 2008-08-26 )))))))))))))))))
.

2008-08-26 16:28 . 2008-08-26 16:31 <KANSIO> d-------- C:\Program Files\Winamp
2008-08-26 16:28 . 2008-08-26 16:33 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Winamp
2008-08-25 16:17 . 2008-08-25 16:17 <KANSIO> d-------- C:\Program Files\Uniblue
2008-08-25 15:41 . 2008-08-25 16:19 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Uniblue
2008-08-24 21:45 . 2008-08-24 21:54 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\BSplayer PRO
2008-08-23 13:37 . 2008-08-26 16:35 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Azureus
2008-08-23 13:37 . 2008-08-23 13:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-23 13:36 . 2008-08-23 13:36 <KANSIO> d-------- C:\Program Files\Vuze
2008-08-22 21:23 . 2008-08-22 21:26 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-08-22 13:20 . 2008-08-22 13:37 <KANSIO> d-------- C:\Program Files\PC Doc Pro
2008-08-22 13:20 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2008-08-22 13:20 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-08-22 13:20 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-08-22 13:20 . 2007-12-19 16:12 53,248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-08-22 12:57 . 2008-08-25 16:20 <KANSIO> d-------- C:\Program Files\Net Tools
2008-08-22 12:39 . 2008-08-22 12:39 126,976 --a------ C:\WINDOWS\system32\UAService7.exe
2008-08-22 10:25 . 2008-08-22 10:25 <KANSIO> d-------- C:\Documents and Settings\kubla\dwhelper
2008-08-22 09:57 . 2008-08-22 09:57 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-08-22 09:55 . 2008-08-22 09:55 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-08-22 09:55 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-22 09:54 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-22 09:54 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-22 09:54 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-22 09:54 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-22 09:54 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-22 09:54 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-21 22:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-21 22:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-21 22:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-21 22:46 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-21 22:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-21 22:45 . 2008-08-21 22:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-21 22:40 . 2008-08-21 22:40 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Simply Super Software
2008-08-21 22:03 . 2008-08-21 22:49 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-08-21 21:25 . 2008-08-21 21:25 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\BWMeterPro
2008-08-21 21:24 . 2008-08-21 21:25 <KANSIO> d-------- C:\Program Files\BandwidthMeterPro
2008-08-19 18:28 . 2008-08-19 18:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-18 22:57 . 2008-08-18 22:57 <KANSIO> d-------- C:\WINDOWS\system32\xlive
2008-08-17 15:58 . 2008-08-17 15:58 <KANSIO> d-------- C:\Program Files\JoWooD
2008-08-14 21:16 . 2008-08-14 21:51 <KANSIO> d--h----- C:\WINDOWS\system32\CTF
2008-08-13 16:17 . 2004-09-15 15:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-08-13 16:15 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-08-13 16:13 . 2008-08-14 06:48 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\ppstream
2008-08-13 15:50 . 2008-08-22 09:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-13 15:50 . 2008-08-13 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-12 16:32 . 2008-06-03 12:22 413,696 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-12 16:32 . 2008-06-03 12:02 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-08-12 16:32 . 2008-04-29 06:09 172,033 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-08-12 16:32 . 2008-05-23 03:46 13,848 -ra------ C:\WINDOWS\atiogl.xml
2008-08-12 16:09 . 2008-06-03 11:47 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-08-12 16:09 . 2008-06-03 11:47 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-08-12 16:09 . 2008-06-03 11:47 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-08-12 16:09 . 2007-08-31 22:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-08-12 16:03 . 2008-08-12 16:03 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Käynnistä-valikko
2008-08-11 23:13 . 2008-08-11 23:13 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\TrojanHunter
2008-08-11 20:17 . 2008-08-11 20:17 <KANSIO> d-------- C:\Program Files\TVAnts
2008-08-11 20:13 . 2008-08-11 20:13 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-11 19:56 . 2008-08-11 19:56 <KANSIO> d-------- C:\Program Files\Marsu-Fix
2008-08-11 16:02 . 2008-08-11 16:02 <KANSIO> d-------- C:\Program Files\ABIT
2008-08-11 16:02 . 2004-10-13 04:30 23,612 --a------ C:\WINDOWS\system32\FlashMenu.sys
2008-08-10 18:14 . 2008-08-10 18:15 <KANSIO> d-------- C:\Program Files\Hamachi
2008-08-10 18:03 . 2008-08-26 16:48 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Hamachi
2008-08-10 18:02 . 2008-08-10 18:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-10 16:38 . 2008-08-10 16:38 <KANSIO> d-------- C:\Program Files\Activision
2008-08-10 16:28 . 2008-08-17 11:14 <KANSIO> d-------- C:\torrentit
2008-08-08 18:04 . 2008-08-22 09:33 <KANSIO> d-------- C:\Documents and Settings\kubla\Tracing
2008-08-08 15:37 . 2008-08-08 15:38 38 --a------ C:\WINDOWS\avisplitter.INI
2008-08-06 16:08 . 2008-08-06 16:08 <KANSIO> d-------- C:\Program Files\Sierra Entertainment
2008-08-05 19:54 . 2008-08-05 19:54 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2008-08-05 19:54 . 2008-08-06 15:09 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-08-05 10:55 . 2008-08-10 17:38 319 --a------ C:\WINDOWS\game.ini
2008-08-05 10:25 . 2008-08-05 10:25 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-08-04 18:20 . 2008-05-21 08:53 141,824 -ra------ C:\WINDOWS\system32\drivers\AtiHdmi.sys
2008-08-04 18:13 . 2008-07-22 00:14 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
2008-08-04 17:56 . 2008-08-11 20:45 <KANSIO> d-------- C:\Program Files\ATI
2008-08-04 00:19 . 2008-08-04 00:19 <KANSIO> d-------- C:\Program Files\AMD
2008-08-02 22:49 . 2008-08-02 22:49 <KANSIO> d-------- C:\Program Files\Common Files\Labtec
2008-08-02 22:48 . 2008-08-02 22:48 <KANSIO> d-------- C:\Program Files\Labtec
2008-08-02 22:48 . 2008-08-02 22:48 <KANSIO> d-------- C:\Program Files\Common Files\LogiShrd
2008-07-29 02:01 . 2008-07-29 02:08 <KANSIO> d-------- C:\Downloads
2008-07-29 01:59 . 2008-07-29 02:27 <KANSIO> d-------- C:\Program Files\BitComet
2008-07-29 01:15 . 2008-07-29 01:15 <KANSIO> d-------- C:\Program Files\Defraggler
2008-07-27 21:15 . 2008-07-27 21:28 <KANSIO> d-------- C:\Program Files\Qtracker

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 13:48 411,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-26 13:48 34,795,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-25 13:20 --------- d-----w C:\Program Files\uTorrent
2008-08-25 12:54 --------- d-----w C:\Program Files\Steam
2008-08-24 18:49 --------- d-----w C:\Program Files\Webteh
2008-08-24 08:57 --------- d--h--w C:\Documents and Settings\kubla\Application Data\uTorrent
2008-08-23 18:08 --------- d-----w C:\Program Files\RevConnect
2008-08-23 10:36 --------- d-----w C:\Program Files\Vuze
2008-08-22 07:06 --------- d-----w C:\Program Files\Nokia
2008-08-22 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-22 07:05 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-22 06:56 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Nokia
2008-08-22 06:36 --------- d-----w C:\Program Files\Windows Live
2008-08-21 19:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 13:40 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-19 15:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 13:27 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-17 12:01 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 12:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 17:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-15 17:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-14 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-14 19:46 --------- d-----w C:\Program Files\QuickTime
2008-08-12 13:03 1,655,253 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 16:56 159,841 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-08-10 15:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-10 14:39 22,328 ----a-w C:\Documents and Settings\kubla\Application Data\PnkBstrK.sys
2008-08-08 15:20 65,204 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_08_18_12_38_small.dmp.zip
2008-08-08 15:20 63,967 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_08_18_12_34_small.dmp.zip
2008-08-06 12:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 21:26 --------- d-----w C:\Program Files\PowerArchiver
2008-07-29 06:23 --------- d--h--w C:\Documents and Settings\kubla\Application Data\MSN6
2008-07-28 19:55 --------- d-----w C:\Program Files\ProPilkki2
2008-07-27 23:00 --------- d-----w C:\Program Files\EA Sports
2008-07-27 13:30 --------- d--h--w C:\Documents and Settings\kubla\Application Data\PC Suite
2008-07-26 14:02 --------- d-----w C:\Program Files\Java
2008-07-26 14:01 --------- d-----w C:\Program Files\JLC's Software
2008-07-26 14:00 --------- d-----w C:\Program Files\AutoShutdown
2008-07-24 18:49 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix
2008-07-24 06:07 --------- d-----w C:\Program Files\DiskTrix
2008-07-23 19:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-23 19:20 109,249 ----a-w C:\Program Files\MSWINSCK.OCX
2008-07-23 09:01 --------- d-----w C:\Program Files\ESET
2008-07-23 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-23 08:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-23 07:45 --------- d-----w C:\Program Files\Eidos
2008-07-22 06:43 20,122,101 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_22_01_38_18_full.dmp.zip
2008-07-21 17:37 --------- d-----w C:\Program Files\Bus Driver
2008-07-18 15:22 --------- d-----w C:\Program Files\Yahoo!
2008-07-18 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-18 14:58 --------- d--h--w C:\Documents and Settings\kubla\Application Data\MAGIX
2008-07-17 18:03 --------- d-----w C:\Program Files\Project64 1.6
2008-07-16 23:38 --------- d-----w C:\Program Files\Driver-Soft
2008-07-16 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 19:00 --------- d-----w C:\Program Files\AVS4YOU
2008-07-15 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-15 17:11 --------- d-----w C:\Program Files\Elisa
2008-07-15 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Emotum
2008-07-15 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elisa
2008-07-15 14:47 --------- d-----w C:\Program Files\DSL Speed
2008-07-15 08:59 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Media Player Classic
2008-07-15 08:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-13 21:49 --------- d-----w C:\Program Files\Lavalys
2008-07-13 16:17 --------- d-----w C:\Program Files\Blitzkrieg 2
2008-07-12 22:09 --------- d-----w C:\Program Files\ToniArts
2008-07-12 21:48 --------- d-----w C:\Program Files\Sun
2008-07-11 13:23 --------- d-----w C:\Program Files\Music NFO Builder
2008-07-10 23:49 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Atari
2008-07-10 23:24 --------- d-----w C:\Program Files\RegCure
2008-07-10 22:24 --------- d-----w C:\Program Files\Hasbro
2008-07-10 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\CMUV
2008-07-09 12:51 --------- d-----w C:\Program Files\Frets on Fire
2008-07-09 06:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-08 21:50 --------- d--h--w C:\Documents and Settings\kubla\Application Data\MailFrontier
2008-07-07 12:16 --------- d-----w C:\Program Files\D-Link
2008-07-07 12:16 --------- d-----w C:\Program Files\ANI
2008-07-06 18:04 --------- d-----w C:\Program Files\PANZERS - Phase1
2008-07-04 20:37 --------- d-----w C:\Program Files\WinUAE
2008-07-02 21:11 --------- d--h--w C:\Documents and Settings\kubla\Application Data\InstallShield
2008-07-02 21:11 --------- d-----w C:\Program Files\Realtek
2008-07-01 20:54 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-06-30 10:54 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Leadertech
2008-06-29 09:52 --------- d-----w C:\Program Files\ThriXXX
2008-06-29 09:31 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Oxin's Style!
2008-06-28 20:32 --------- d-----w C:\Program Files\Rockstar Games
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-03 09:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 09:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 09:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 09:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 09:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 09:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 09:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 09:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 09:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 09:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 08:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 08:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 05:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\SteamApps\\harry7344\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\pelejä\\Flatout III\\FlatOut Ultimate Carnage\\Fouc.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"13695:TCP"= 13695:TCP:BitComet 13695 TCP
"13695:UDP"= 13695:UDP:BitComet 13695 UDP
"7948:TCP"= 7948:TCP:BitComet 7948 TCP
"7948:UDP"= 7948:UDP:BitComet 7948 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 HamachiService;Hamachi Service;C:\Program Files\Hamachi\hamachi.exe [2008-08-10 18:36]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\kubla\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 gkmixern;gkmixern;C:\DOCUME~1\kubla\LOCALS~1\Temp\gkmixern.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
'Ajoitetut tehtävät'-kansion sisältö

2008-08-26 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-07-11 02:18]

2008-08-21 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-07-11 02:18]

2008-08-25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-16 10:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://irc-galleria.net/
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 17:46:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-26 17:49:42
ComboFix-quarantined-files.txt 2008-08-26 14:49:35
ComboFix2.txt 2008-08-11 18:00:32
ComboFix3.txt 2008-06-27 20:48:24
ComboFix4.txt 2008-06-23 21:00:19
ComboFix5.txt 2008-08-26 14:38:54

Pre-Run: 11,492,634,624 tavua vapaana
Post-Run: 11,473,432,576 tavua vapaana

301 --- E O F --- 2008-06-16 00:00:57

 

Poista lisää poista sovelutuksesta

ZoneAlarm Spy Blocker

Poista kansio vikasiedossa

C:\Program Files\ZoneAlarmSB

============

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

===========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

tässähän tää
Ongelma jatkuu vielä netti lähettää ja vastaan ottaa koko ajan jotain??



SDFix: Version 1.219
Run by kubla on ti 26.08.2008 at 19:49

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Program Files\Sdfix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 19:56:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014350016de]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014350016de]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000b2
"TracesSuccessful"=dword:0000000b

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"="C:\\Program Files\\ProPilkki2\\ProPilkki2.exe:*:Enabled:Main executable for PP2"
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"="C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Program Files\\Steam\\SteamApps\\harry7344\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\harry7344\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\pelej„\\Flatout III\\FlatOut Ultimate Carnage\\Fouc.exe"="D:\\pelej„\\Flatout III\\FlatOut Ultimate Carnage\\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Tue 22 Apr 2008 625,664 ..SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Thu 12 Apr 2007 1,661,304 ..SH. --- "C:\Program Files\Messenger\Msmsgs.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Mon 14 Apr 2008 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 15 Nov 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Sun 15 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 25 May 2008 593 A..H. --- "C:\Documents and Settings\kubla\Application Data\Google\GoogleEarth\myplaces.kml.tmp"
Thu 24 Jan 2008 141 A..H. --- "C:\Documents and Settings\kubla\Application Data\Microsoft\Internet Explorer\brndlog.bak"
Wed 5 Apr 2006 110,592 A..H. --- "C:\Documents and Settings\kubla\Application Data\U3\temp\cleanup.exe"
Sun 6 Jul 2008 15,872 A..HR --- "C:\Documents and Settings\kubla\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe"
Thu 17 Jul 2008 40,960 A..HR --- "C:\Documents and Settings\kubla\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe"
Thu 17 Jul 2008 40,960 A..HR --- "C:\Documents and Settings\kubla\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe"
Thu 17 Jul 2008 8,854 A..HR --- "C:\Documents and Settings\kubla\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe"
Tue 15 Jul 2008 60,090 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\bookmarks.bak"
Wed 31 Oct 2007 892,928 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\voikko\WINNT_x86-msvc\iconv.dll"
Wed 31 Oct 2007 45,056 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\voikko\WINNT_x86-msvc\intl.dll"
Wed 31 Oct 2007 629,016 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\voikko\WINNT_x86-msvc\libglib-2.0-0.dll"
Wed 26 Dec 2007 52,740 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\voikko\WINNT_x86-msvc\libvoikko-1.dll"
Wed 31 Oct 2007 722,283 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\voikko\WINNT_x86-msvc\malaga.dll"
Sat 19 Jan 2008 110,592 A..H. --- "C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\myspellext.dll"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:04, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spartani.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5988 bytes

 

toi eset ei näy tuolla käynnistyvissä onkos siinä lisensiä jäljellä

 

se ei ollut päällä ku otin login


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:39, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spartani.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6087 bytes

 

loki ok

Fixsaa tuo pois

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spartani.com/home

 

ok...kiitoksiaa paljon