CoolWWWSearch...?

Tonique · Nov 15, 2005

Elikkä,aina kun ajan SpyBotin se löytää ainakin CoolWWWSearch ja CoolWWWSearch.Feat2Installer.ADS + joitakin muita. Aina kun poistan SpyBotin löytämät ohjelmat niin aina ne kuitenkin löytyvät ehkä vaan eri nimisinä (luonut uuden tiedoston) .Nortoni ei löydä muut kuin joitain satunnaisia Ad-Wareja. Kaiken lisäksi prosessi-listassa on aina joitakin ylimääräisiä ja kun pysäytän jonkin se tulee samantie takas. Olen yrittänyt poistaa prosessin näyttämän tiedoston vikasietotilassa, mut turhaan...mistä on kyse...miten pääsen eroon tosta ärsyttävästä CoolWWWSearch...Joku viisas jos haluas vähän valaista

pkaksp · Nov 15, 2005

Siirretty oikealle alueelle.

Tonique · Nov 15, 2005

Toinen ärsyttävä mut ehkei vaarallinen ongelma on se et aina kun käynistän windowsin aukeaa miltein ensimmäisenä netti ja siellä sivu About:blank...mikä tämä oikein on

-kemisti- · Nov 15, 2005

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

Tonique · Nov 15, 2005

joo sori olen töissä nyt mut kun pääsen kotiin haen ohjelman...mut osaatko tähän välii sanoo mistä vois olla kyse hakkeri, haittaohjelma, virus..

-kemisti- · Nov 15, 2005

CoolWebSearch (CWS)-haittaohjelman jostain variantista, luulisin.

Tonique · Nov 16, 2005

Logfile of HijackThis v1.99.1
Scan saved at 15:02:00, on 16.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\iehz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\apimf32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Me Kaikki !!!\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\iprq.dll (file missing)
O2 - BHO: Class - {0AEC525A-ED03-D53F-46FA-32063DDB6198} - C:\WINDOWS\system32\atlen.dll (file missing)
O2 - BHO: Class - {0B7CFD10-5930-D230-8AE6-63D005DFAA54} - C:\WINDOWS\system32\winjv32.dll (file missing)
O2 - BHO: Class - {11B80E45-BEC0-8756-1DFA-87AE79FA25EC} - C:\WINDOWS\cruf32.dll (file missing)
O2 - BHO: Class - {18E1732F-77F2-2029-71E8-F3E634ABC0AA} - C:\WINDOWS\d3mg.dll (file missing)
O2 - BHO: Class - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\WINDOWS\system32\winlv.dll (file missing)
O2 - BHO: Class - {3484845E-4CE4-1539-2AA2-4AD62499E085} - C:\WINDOWS\system32\sdkmi.dll (file missing)
O2 - BHO: Class - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} - C:\WINDOWS\ntvk.dll (file missing)
O2 - BHO: Class - {39967C20-72C9-E21F-3C21-30C394038D59} - C:\WINDOWS\system32\winzu.dll (file missing)
O2 - BHO: Class - {4258D559-087A-EE36-D79D-AE4B09661C77} - C:\WINDOWS\winmm.dll (file missing)
O2 - BHO: Class - {43DB29D4-B055-B011-24C0-044F81AC210D} - C:\WINDOWS\addav.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {58C35C51-1EEA-A30E-BB4B-EE89CCFE630C} - C:\WINDOWS\msew.dll (file missing)
O2 - BHO: Class - {67AD8EEC-DBC9-81F8-1EAB-6D24CF242AC2} - C:\WINDOWS\system32\addzs.dll (file missing)
O2 - BHO: Class - {7BB26EC6-486C-3D35-E619-393731180E70} - C:\WINDOWS\system32\sysjx32.dll (file missing)
O2 - BHO: Class - {8D291203-D787-6A2F-2D24-18C37669C147} - C:\WINDOWS\system32\msmt32.dll (file missing)
O2 - BHO: Class - {99E1F320-9434-2CBA-8227-28CAF76452D4} - C:\WINDOWS\appnr.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {A1855DEE-37CF-FBE3-A5E5-CE4D27B31985} - C:\WINDOWS\javart32.dll (file missing)
O2 - BHO: Class - {B0708681-3E65-42AC-25ED-6A9957C1A3C5} - C:\WINDOWS\atlbd32.dll (file missing)
O2 - BHO: Class - {B27E8BCF-1A21-257E-958D-00B94008A3E8} - C:\WINDOWS\d3nv32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF2FD2D3-4992-09D3-6320-8F1F00AB986A} - C:\DOCUME~1\MEKAIK~1\APPLIC~1\CAKEWM~1\DUMB COAL.exe (file missing)
O2 - BHO: Class - {C7207E99-C734-FBE2-99CF-E85DDABEE378} - C:\WINDOWS\mfciy32.dll (file missing)
O2 - BHO: Class - {C8C966DD-1537-9AB7-2EF4-DFEF1A1C8D24} - C:\WINDOWS\system32\mfcpe.dll (file missing)
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\mfcyi.dll (file missing)
O2 - BHO: Class - {E5E945BC-C3AE-3F52-963D-D8F30EFA550B} - C:\WINDOWS\system32\apiuw.dll (file missing)
O2 - BHO: Class - {EBB1C88A-DE22-1991-1181-9BEB4C1712E0} - C:\WINDOWS\mfcmg32.dll (file missing)
O2 - BHO: Class - {F0D9B410-3C4F-707C-2E2D-529E64AA2118} - C:\WINDOWS\atlqn.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FLAPOOZEPHONECASH] C:\Documents and Settings\All Users\Application Data\frag iso flap ooze\IntraRemote.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [crvq32.exe] C:\WINDOWS\crvq32.exe
O4 - HKLM\..\Run: [mszy32.exe] C:\WINDOWS\mszy32.exe
O4 - HKLM\..\Run: [ntzy.exe] C:\WINDOWS\system32\ntzy.exe
O4 - HKLM\..\Run: [d3gx.exe] C:\WINDOWS\system32\d3gx.exe
O4 - HKLM\..\Run: [mfcdw.exe] C:\WINDOWS\system32\mfcdw.exe
O4 - HKLM\..\Run: [mfcyu.exe] C:\WINDOWS\mfcyu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iehz.exe] C:\WINDOWS\iehz.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [hold axis] C:\DOCUME~1\MEKAIK~1\APPLIC~1\SHOWSU~1\ChicDash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {012D89DA-4648-40EE-805B-1516A9BDC281} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {7E45A62E-0909-4FB6-8F1A-325EF20C298C} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {B2EF73CF-61F0-4DC8-93EC-9FC7B7225201} - http://service.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://69.31.84.84/123/enter.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apimf32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Täässä on nyt tämä

-kemisti- · Nov 16, 2005

Jep, HS/CWS:hän se siellä

Laita piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Hae CWShredder täältä -> http://www.intermute.com/spysubtract/cwshredder_download.html

Päivitä, mutta älä käytä sitä vielä

Hae aboutbuster -> http://koti.mbnet.fi/pattaya1/aboutbuster.htm , päivitä se, mutta älä käytä sitäkään vielä.

Hae Registrar Lite -> http://www.resplendence.com/reglite/ ja asenna se hakemistoon C:\Program Files\RegLite\ .

Lataa ja asenna Ewido -> http://www.ewido.net/en/download/
Päivitä se, mutta älä käytä vielä.

Hae HSfix ->
http://users.telenet.be/marcvn/regfiles/HSfix.zip.
Tuplaklikkaa HSfix.zip ja se purkaa itsensä työpöydälle kansioon HSfix
Älä käytä sitäkään vielä.

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Sammuta prosessit tiedostojenhallinnasta:

C:\WINDOWS\iehz.exe
C:\WINDOWS\apimf32.exe

Poista seuraavat:

C:\WINDOWS\iehz.exe
C:\WINDOWS\apimf32.exe
C:\WINDOWS\qoyox.dll
C:\WINDOWS\addav.dll
C:\DOCUME~1\MEKAIK~1\APPLIC~1\==>CAKEWM~1<==
C:\Documents and Settings\All Users\Application Data\==>frag iso flap ooze<==
C:\DOCUME~1\MEKAIK~1\APPLIC~1\==>SHOWSU~1<==

Sitten sulje kaikki ohjelmat ja käynnistä hijackthis. Merkkaa nämä ja klikkaa fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qoyox.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\iprq.dll (file missing)
O2 - BHO: Class - {0AEC525A-ED03-D53F-46FA-32063DDB6198} - C:\WINDOWS\system32\atlen.dll (file missing)
O2 - BHO: Class - {0B7CFD10-5930-D230-8AE6-63D005DFAA54} - C:\WINDOWS\system32\winjv32.dll (file missing)
O2 - BHO: Class - {11B80E45-BEC0-8756-1DFA-87AE79FA25EC} - C:\WINDOWS\cruf32.dll (file missing)
O2 - BHO: Class - {18E1732F-77F2-2029-71E8-F3E634ABC0AA} - C:\WINDOWS\d3mg.dll (file missing)
O2 - BHO: Class - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\WINDOWS\system32\winlv.dll (file missing)
O2 - BHO: Class - {3484845E-4CE4-1539-2AA2-4AD62499E085} - C:\WINDOWS\system32\sdkmi.dll (file missing)
O2 - BHO: Class - {38C7E16E-F3BB-831A-1230-372B1E0B4CDF} - C:\WINDOWS\ntvk.dll (file missing)
O2 - BHO: Class - {39967C20-72C9-E21F-3C21-30C394038D59} - C:\WINDOWS\system32\winzu.dll (file missing)
O2 - BHO: Class - {4258D559-087A-EE36-D79D-AE4B09661C77} - C:\WINDOWS\winmm.dll (file missing)
O2 - BHO: Class - {43DB29D4-B055-B011-24C0-044F81AC210D} - C:\WINDOWS\addav.dll
O2 - BHO: Class - {58C35C51-1EEA-A30E-BB4B-EE89CCFE630C} - C:\WINDOWS\msew.dll (file missing)
O2 - BHO: Class - {67AD8EEC-DBC9-81F8-1EAB-6D24CF242AC2} - C:\WINDOWS\system32\addzs.dll (file missing)
O2 - BHO: Class - {7BB26EC6-486C-3D35-E619-393731180E70} - C:\WINDOWS\system32\sysjx32.dll (file missing)
O2 - BHO: Class - {8D291203-D787-6A2F-2D24-18C37669C147} - C:\WINDOWS\system32\msmt32.dll (file missing)
O2 - BHO: Class - {99E1F320-9434-2CBA-8227-28CAF76452D4} - C:\WINDOWS\appnr.dll (file missing)
O2 - BHO: Class - {A1855DEE-37CF-FBE3-A5E5-CE4D27B31985} - C:\WINDOWS\javart32.dll (file missing)
O2 - BHO: Class - {B0708681-3E65-42AC-25ED-6A9957C1A3C5} - C:\WINDOWS\atlbd32.dll (file missing)
O2 - BHO: Class - {B27E8BCF-1A21-257E-958D-00B94008A3E8} - C:\WINDOWS\d3nv32.dll (file missing)
O2 - BHO: (no name) - {BF2FD2D3-4992-09D3-6320-8F1F00AB986A} - C:\DOCUME~1\MEKAIK~1\APPLIC~1\CAKEWM~1\DUMB COAL.exe (file missing)
O2 - BHO: Class - {C7207E99-C734-FBE2-99CF-E85DDABEE378} - C:\WINDOWS\mfciy32.dll (file missing)
O2 - BHO: Class - {C8C966DD-1537-9AB7-2EF4-DFEF1A1C8D24} - C:\WINDOWS\system32\mfcpe.dll (file missing)
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\mfcyi.dll (file missing)
O2 - BHO: Class - {E5E945BC-C3AE-3F52-963D-D8F30EFA550B} - C:\WINDOWS\system32\apiuw.dll (file missing)
O2 - BHO: Class - {EBB1C88A-DE22-1991-1181-9BEB4C1712E0} - C:\WINDOWS\mfcmg32.dll (file missing)
O2 - BHO: Class - {F0D9B410-3C4F-707C-2E2D-529E64AA2118} - C:\WINDOWS\atlqn.dll (file missing)
04 - HKLM\..\Run: [FLAPOOZEPHONECASH] C:\Documents and Settings\All Users\Application Data\frag iso flap ooze\IntraRemote.exe
O4 - HKLM\..\Run: [crvq32.exe] C:\WINDOWS\crvq32.exe
O4 - HKLM\..\Run: [mszy32.exe] C:\WINDOWS\mszy32.exe
O4 - HKLM\..\Run: [ntzy.exe] C:\WINDOWS\system32\ntzy.exe
O4 - HKLM\..\Run: [d3gx.exe] C:\WINDOWS\system32\d3gx.exe
O4 - HKLM\..\Run: [mfcdw.exe] C:\WINDOWS\system32\mfcdw.exe
O4 - HKLM\..\Run: [mfcyu.exe] C:\WINDOWS\mfcyu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iehz.exe] C:\WINDOWS\iehz.exe
O4 - HKCU\..\Run: [hold axis] C:\DOCUME~1\MEKAIK~1\APPLIC~1\SHOWSU~1\ChicDash.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://69.31.84.84/123/enter.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apimf32.exe

Sitten käynnistä -> suorita -> services.msc -> ok -> etsi listalta
Workstation NetLogon Service -> tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä".

Mene HSfix-kansioon
Tuplaklikkaa HSfix.reg ja paina Yes.

SULJE KAIKKI IKKUNAT paitsi CWShredder

Aja ohjelma painamalla fix ja anna korjata kaikki mitä löytää.

Skannaa aboutbusterilla kaks kertaa ja säästä loki.

Skannaa ewidolla ja anna poistaa, mitä löytyy. Tallenna loki ja postita se tänne.

Käynnistä kone normaalisti

Postita hijackthisin, aboutbusterin ja ewidon lokit.

Tonique · Nov 16, 2005

HijackThis tilanne nyt

Logfile of HijackThis v1.99.1
Scan saved at 22:15:05, on 16.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me Kaikki !!!\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {012D89DA-4648-40EE-805B-1516A9BDC281} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {7E45A62E-0909-4FB6-8F1A-325EF20C298C} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {B2EF73CF-61F0-4DC8-93EC-9FC7B7225201} - http://service.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C380AF95-A188-4CE9-8D59-7D8C329A2E2E}: NameServer = 62.240.72.10 62.197.180.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ja AboutBuster

AboutBuster 5.1, reference file 33
Scan started on [16.11.2005] at [17:33:55]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 17:34:57

ja viellä ewidolin

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:10:43, 16.11.2005
+ Report-Checksum: D6FAF905

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{242A9AED-0D60-575C-1AD0-8BA38C428683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8169E4D3-2914-C956-AAFE-F49D78C929A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A45C982E-5E8A-94C9-33A0-1F6E1789AC7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E36A99D7-088F-A5E8-1BA4-87116D938D49} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1715567821-1202660629-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D9B410-3C4F-707C-2E2D-529E64AA2118} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Me Kaikki !!!\Application Data\Mozilla\Firefox\Profiles\ff4sjg4g.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup

::Report End

Tonique · Nov 16, 2005

kiitokset nyt ainakin tähän asti...ainakin jotakin kyl lähti, mut vieläkin windowsin käynistyessä aukee Explorer sivulla about:blank enkä edes käytä enään Exploreria...kaikista hauskinta on se et kun yritan poistaa C:\Program Files\Internet Explorer olevaa iexplorer.exe niin kuvake kyl poistuu mut palaa takas muutaman sekunnin jälkeen...et sellaista

winxp · Nov 16, 2005

Moi

Poista ohjauspaneelin lisää / poista sovelluksen kautta seuraavat jos löytyy

[bold]webHancer Customer Companion tai
webHancer Survey Companion[/bold]

Sitten sulje kaikki ohjelmat ja käynnistä HijackThis. Merkkaa nämä jos löytyy ja klikkaa fix checked:

[bold]O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" [/bold]

Poista seuraava kansio polusta

C:\Program Files\[bold]webHancer[/bold]

Buuttaa kone tämän jälkeen.

Tonique · Nov 16, 2005

joo..yritin poistaa just noi mut aina kun fixaan ne niin eikös ne tule aina uudestaa...tosin en ole vie vikasietotilas koittamut, mut noita webHancer Customer Companion tai edes
webHancer Survey Companion ei löydy mistään muualta kuin HijackThis:ä...???
samoin C:\Program Files\webHancer sitäkään ei löydy vaikka kuinka yrittäisi etsiä

aaxxeell · Nov 16, 2005

Pistitkö varmasti kaikki piilotiedostot näkyville -kemisti-:n ohjeiden mukaan?
ja hyvä olisi sitä vikasietotilaa kokeilla.

Tonique · Nov 16, 2005

kaikki mahdolliset kansiot ovat näkyvissä...suojatut käyttöjärjestelmä kansiot että myös piilotiedostot

Tonique · Nov 16, 2005

noita C:\WINDOWS\iehz.exe
C:\WINDOWS\apimf32.exe ei enään löytynyt kun aloin poistelemaan ohjelima vikasietotilassa...(tämä viesti siis viitaa -kemisti- 16. marraskuuta 2005 @ 08:18 antamaan viestiin)

-kemisti- · Nov 16, 2005

Katso, jos lisää/poista sovellus-kohdasta löytyy pelkkä webhancer ja poista se, jos löytyy. Yritä fixata nuo winxp:n antamat rivit vikasiedossa ja lähetä sitten uusi HjT-loki.

Tonique · Nov 16, 2005

joo..töisä vaan taas, mut kun pääsen kotiin lähetän logit...voisiko SpyBot ohjelmassani olla jotakin vikaa..koska aina kun scannaan sillä niin se löytää noita CoolWWWSearch ohjelmia vaikka mikään muu ohjelma ei niitä löytäiskää..ei edes mikään noista mitkä latasin -kemisti- antamalta viestistä....?

-kemisti- · Nov 16, 2005

Vaikea sanoa, mutta luotan enemmän kyllä cwshedderiin ja ewidoon kun spybotiin

Tonique · Nov 17, 2005

tilanne nyt...

Logfile of HijackThis v1.99.1
Scan saved at 16:35:46, on 17.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me Kaikki !!!\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {012D89DA-4648-40EE-805B-1516A9BDC281} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {7E45A62E-0909-4FB6-8F1A-325EF20C298C} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {B2EF73CF-61F0-4DC8-93EC-9FC7B7225201} - http://service.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C380AF95-A188-4CE9-8D59-7D8C329A2E2E}: NameServer = 62.240.72.10 62.197.180.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-kemisti- · Nov 17, 2005

Loki on ok. Onko vielä ongelmia?

Log in or Sign up

CoolWWWSearch...?

Tonique Member

pkaksp Moderator Staff Member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

Tonique Member

winxp Member

Tonique Member

aaxxeell Regular member

Tonique Member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Share This Page

Log in or Sign up

CoolWWWSearch...?

Tonique Member

pkaksp Moderator Staff Member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

Tonique Member

winxp Member

Tonique Member

aaxxeell Regular member

Tonique Member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Tonique Member

-kemisti- Active member

Share This Page

Useful Searches