Logfile of HijackThis v1.99.1 Scan saved at 21:20:07, on 22.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe C:\Launch Manager\OSD.exe C:\Launch Manager\OSDCtrl.exe C:\Launch Manager\LaunchAp.exe C:\Launch Manager\HotkeyApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\AIM6\aolsoftware.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Nvc\BIN\nvcod.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nsz9D.dll O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{ee3837b1-e5fb-bf02-019c-2be91f821713}.dll" DllInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe kone tosiaan sekoilee ja tarvin apua, onko joku vialla?
• Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta postiisi
Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop 7.0 Adobe Reader 7.0.9 Adobe Shockwave Player Adzgalore Games Collection AIM 6 AMIP (remove only) Apple Mobile Device Support -tuki Apple Software Update ATI Control Panel ATI Display Driver Browser Optimizer Adzgalore Counter-Strike(TM) EasyCleaner Half-Life: Counter-Strike High Definition Audio - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683) Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864) Hotfix-päivitys Windows XP:lle (KB889527) Hotfix-päivitys Windows XP:lle (KB893357) Hotfix-päivitys Windows XP:lle (KB896256) Hotfix-päivitys Windows XP:lle (KB898900) Hotfix-päivitys Windows XP:lle (KB903234) Hotfix-päivitys Windows XP:lle (KB904412) Hotfix-päivitys Windows XP:lle (KB906569) Hotfix-päivitys Windows XP:lle (KB907865) Hotfix-päivitys Windows XP:lle (KB910728) Hotfix-päivitys Windows XP:lle (KB914440) InterVideo WinDVD iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 K-Lite Codec Pack 2.88 Full Language pack for Ad-Aware SE Launch Manager V1.3.4 Logitech QuickCam Software Logitech® Camera -ohjain Macromedia Flash Player 8 Messenger Plus! Live Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works mIRC Mozilla Firefox (2.0.0.14) Nero BurnRights Nero OEM NeroVision Express 3 SE NeroVision Express Content Norman Virus Control Photo Viewer Päivitys Windows XP:lle (KB896427) Päivitys Windows XP:lle (KB897663) Päivitys Windows XP:lle (KB898461) Päivitys Windows XP:lle (KB900485) Päivitys Windows XP:lle (KB904942) Päivitys Windows XP:lle (KB908521) Päivitys Windows XP:lle (KB908531) Päivitys Windows XP:lle (KB910437) Päivitys Windows XP:lle (KB911280) Päivitys Windows XP:lle (KB916595) Päivitys Windows XP:lle (KB920872) Päivitys Windows XP:lle (KB922582) Päivitys Windows XP:lle (KB927891) Päivitys Windows XP:lle (KB929338) Päivitys Windows XP:lle (KB930916) Päivitys Windows XP:lle (KB931836) Päivitys Windows XP:lle (KB933360) Päivitys Windows XP:lle (KB938828) Päivitys Windows XP:lle (KB942763) QuickTime Safari Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Sibelius Scorch Plugin Skype™ 3.5 SoftV90 Data Fax Modem with SmartCP Steam Suojauspäivitys ohjelmistolle Windows XP (KB923689) Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Internet Explorer 7:lle (KB928090) Suojauspäivitys Windows Internet Explorer 7:lle (KB929969) Suojauspäivitys Windows Internet Explorer 7:lle (KB931768) Suojauspäivitys Windows Internet Explorer 7:lle (KB933566) Suojauspäivitys Windows Internet Explorer 7:lle (KB937143) Suojauspäivitys Windows Internet Explorer 7:lle (KB938127) Suojauspäivitys Windows Internet Explorer 7:lle (KB939653) Suojauspäivitys Windows Internet Explorer 7:lle (KB942615) Suojauspäivitys Windows Internet Explorer 7:lle (KB944533) Suojauspäivitys Windows Media Player 10:lle (KB917734) Suojauspäivitys Windows Media Player 11:lle (KB936782) Suojauspäivitys Windows Media Player 6.4:lle (KB925398) Suojauspäivitys Windows Media Playerille (KB911564) Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893066) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896422) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896424) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899589) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB900725) Suojauspäivitys Windows XP:lle (KB900930) Suojauspäivitys Windows XP:lle (KB901017) Suojauspäivitys Windows XP:lle (KB901190) Suojauspäivitys Windows XP:lle (KB901214) Suojauspäivitys Windows XP:lle (KB902400) Suojauspäivitys Windows XP:lle (KB904706) Suojauspäivitys Windows XP:lle (KB905414) Suojauspäivitys Windows XP:lle (KB905749) Suojauspäivitys Windows XP:lle (KB905915) Suojauspäivitys Windows XP:lle (KB908519) Suojauspäivitys Windows XP:lle (KB911562) Suojauspäivitys Windows XP:lle (KB911567) Suojauspäivitys Windows XP:lle (KB911927) Suojauspäivitys Windows XP:lle (KB912919) Suojauspäivitys Windows XP:lle (KB913580) Suojauspäivitys Windows XP:lle (KB914388) Suojauspäivitys Windows XP:lle (KB914389) Suojauspäivitys Windows XP:lle (KB916281) Suojauspäivitys Windows XP:lle (KB917159) Suojauspäivitys Windows XP:lle (KB917344) Suojauspäivitys Windows XP:lle (KB917422) Suojauspäivitys Windows XP:lle (KB917953) Suojauspäivitys Windows XP:lle (KB918118) Suojauspäivitys Windows XP:lle (KB918439) Suojauspäivitys Windows XP:lle (KB918899) Suojauspäivitys Windows XP:lle (KB919007) Suojauspäivitys Windows XP:lle (KB920213) Suojauspäivitys Windows XP:lle (KB920214) Suojauspäivitys Windows XP:lle (KB920670) Suojauspäivitys Windows XP:lle (KB920683) Suojauspäivitys Windows XP:lle (KB920685) Suojauspäivitys Windows XP:lle (KB921398) Suojauspäivitys Windows XP:lle (KB921503) Suojauspäivitys Windows XP:lle (KB921883) Suojauspäivitys Windows XP:lle (KB922616) Suojauspäivitys Windows XP:lle (KB922760) Suojauspäivitys Windows XP:lle (KB922819) Suojauspäivitys Windows XP:lle (KB923191) Suojauspäivitys Windows XP:lle (KB923414) Suojauspäivitys Windows XP:lle (KB923694) Suojauspäivitys Windows XP:lle (KB923980) Suojauspäivitys Windows XP:lle (KB924191) Suojauspäivitys Windows XP:lle (KB924270) Suojauspäivitys Windows XP:lle (KB924496) Suojauspäivitys Windows XP:lle (KB924667) Suojauspäivitys Windows XP:lle (KB925486) Suojauspäivitys Windows XP:lle (KB925902) Suojauspäivitys Windows XP:lle (KB926255) Suojauspäivitys Windows XP:lle (KB926436) Suojauspäivitys Windows XP:lle (KB927779) Suojauspäivitys Windows XP:lle (KB927802) Suojauspäivitys Windows XP:lle (KB928255) Suojauspäivitys Windows XP:lle (KB928843) Suojauspäivitys Windows XP:lle (KB929123) Suojauspäivitys Windows XP:lle (KB930178) Suojauspäivitys Windows XP:lle (KB931261) Suojauspäivitys Windows XP:lle (KB931784) Suojauspäivitys Windows XP:lle (KB932168) Suojauspäivitys Windows XP:lle (KB933729) Suojauspäivitys Windows XP:lle (KB935839) Suojauspäivitys Windows XP:lle (KB935840) Suojauspäivitys Windows XP:lle (KB936021) Suojauspäivitys Windows XP:lle (KB938829) Suojauspäivitys Windows XP:lle (KB941202) Suojauspäivitys Windows XP:lle (KB941568) Suojauspäivitys Windows XP:lle (KB941644) Suojauspäivitys Windows XP:lle (KB941693) Suojauspäivitys Windows XP:lle (KB943055) Suojauspäivitys Windows XP:lle (KB943460) Suojauspäivitys Windows XP:lle (KB943485) Suojauspäivitys Windows XP:lle (KB944653) Suojauspäivitys Windows XP:lle (KB945553) Suojauspäivitys Windows XP:lle (KB946026) Suojauspäivitys Windows XP:lle (KB948590) Suojauspäivitys Windows XP:lle (KB948881) Synaptics Pointing Device Driver Tales Of Pirates Online 1.33 The Sims™ Elämäntarinat VentriloMIX Viewpoint Media Player Winamp Winamp Toolbar for Firefox Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Liven kirjautumisavustaja Windows Liven valokuvavalikoima Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Hotfix - KB888656 Windows Media Player 11 Windows Media Player 11 Windows Messenger 5.1 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB884883 Windows XP Hotfix - KB885523 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB885894 Windows XP Hotfix - KB886677 Windows XP Hotfix - KB886716 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889016 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890831 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892627 Windows XP Hotfix - KB893056 Windows XP Hotfix - KB896626 Windowsin ohjainpaketti - (mr7910) Image 06/28/2005 1.3.0.0 WinRAR archiver Virtual Earth 3D (Beta) VobSub v2.23 (Remove Only) Wolfenstein - Enemy Territory
Poista lisää poista sovelutuksesta Java(TM) SE Runtime Environment 6 Update 1 Java(TM) 6 Update 2 Java(TM) 6 Update 3 ============== scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nsz9D.dll O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{ee3837b1-e5fb-bf02-019c-2be91f821713}.dll" DllInit ==================== 1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. =============== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
ComboFix 08-04-22.5 - amd64 2008-04-23 15:24:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.334 [GMT -4:00]Running from: C:\Documents and Settings\amd64\Työpöytä\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jorma\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Program Files\Common Files\{989CD~1 C:\WINDOWS\system32\nsz9D.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-23 to 2008-04-23 ))))))))))))))))) . 2008-04-21 18:33 . 2008-04-21 18:33 <KANSIO> d-------- C:\Program Files\Adzgalore Games Collection 2008-04-21 18:33 . 2008-04-21 18:33 80,121 --a------ C:\WINDOWS\system32\adzgalore-remove.exe 2008-04-21 18:33 . 2008-04-21 18:33 63,892 --a------ C:\WINDOWS\system32\{ee3837b1-e5fb-bf02-019c-2be91f821713}.dll-uninst.exe 2008-04-21 18:33 . 2008-04-21 18:33 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe 2008-04-17 07:33 . 2008-04-17 07:33 <KANSIO> d-------- C:\Program Files\Apple Software Update 2008-04-15 16:37 . 2008-04-15 16:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes 2008-04-08 08:15 . 2008-04-08 08:15 327,680 --a------ C:\WINDOWS\system32\{ee3837b1-e5fb-bf02-019c-2be91f821713}.dll 2008-04-06 13:22 . 2008-04-06 13:22 <KANSIO> d-------- C:\Program Files\LimeWire 2008-04-06 13:22 . 2008-04-22 17:21 <KANSIO> d-------- C:\Documents and Settings\amd64\Application Data\LimeWire 2008-04-03 07:48 . 2008-04-03 07:48 <KANSIO> d-------- C:\Program Files\Safari 2008-04-03 07:47 . 2008-04-23 07:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-03 07:47 . 2008-04-03 07:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-03 07:46 . 2008-04-03 07:46 <KANSIO> d-------- C:\Program Files\iTunes 2008-04-03 07:46 . 2008-04-03 07:46 <KANSIO> d-------- C:\Program Files\iPod 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-23 19:20 --------- d-----w C:\Program Files\Java 2008-04-21 20:31 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-04-12 23:05 --------- d-----w C:\Documents and Settings\amd64\Application Data\Skype 2008-04-07 19:22 --------- d-----w C:\Documents and Settings\amd64\Application Data\Apple Computer 2008-04-03 11:45 --------- d-----w C:\Program Files\QuickTime 2008-03-28 02:55 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-18 00:32 1,491,592 ----a-w C:\install_flash_player.exe 2008-03-16 19:45 --------- d-----w C:\Program Files\Steam 2008-03-01 22:31 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 21:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-29 21:02 --------- d-----w C:\Program Files\Windows Live 2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-28 20:35 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-28 20:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-28 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-02-01 16:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "LogitechSoftwareUpdate"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" [2005-06-08 07:44 196608] "Steam"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-18 04:53 15360] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CtrlVol"="C:\Launch Manager\CtrlVol.exe" [2006-01-18 04:36 20480] "Wbutton"="C:\Launch Manager\Wbutton.exe" [2006-01-18 04:36 81920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-18 04:41 737369] "SoundMan"="SOUNDMAN.EXE" [2006-01-18 04:54 77824 C:\WINDOWS\SOUNDMAN.EXE] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50 155648] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 10:32 221184] "LogitechVideoTray"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe" [2005-06-08 08:14 217088] "LogitechVideoRepair"="C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe" [2005-06-08 08:24 458752] "LMgrVolOSD"="C:\Launch Manager\OSD.exe" [2006-01-18 04:36 204800] "LMgrOSD"="C:\Launch Manager\OSDCtrl.exe" [2006-01-18 04:36 245760] "LaunchAp"="C:\Launch Manager\LaunchAp.exe" [2006-01-18 04:36 32768] "HotkeyApp"="C:\Launch Manager\HotkeyApp.exe" [2006-01-18 04:36 57344] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-18 04:39 339968] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 08:44 101136 C:\WINDOWS\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-01-18 04:53 110592 C:\WINDOWS\system32\bthprops.cpl] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-01-18 04:53 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "{989CD1DD-031F-1035-1206-050503250166}"= "C:\Program Files\Common Files\{989CD1DD-031F-1035-1206-050503250166}\Update.exe" te-110-12-0000073 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= "C:\\Sierra\\Counter-Strike\\cstrike.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\amd64\\Omat tiedostot\\Ohjelmia\\mIRC\\mirc.exe"= "C:\\Program Files\\Steam\\steamapps\\sandye\\counter-strike\\hl.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED3.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET2.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCPxpsp2res.dll,-22009 R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2006-01-18 04:52] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 03:55] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2006-01-18 04:52] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 06:23] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 08:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 08:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 08:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 08:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb65a-87fa-11da-88b2-000ae4a9347e}] \Shell\AutoRun\command - D:\setupSNK.exe *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-04-18 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-04-17 11:33:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 15:30:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = C:\Launch Manager\CtrlVol.exe???????8???????@3??T??????|x??|????q??|?j?wQj?w????????,??? ???|???????????\??????|????????h?????@????????????????s???????s???sx??s@??????????????|h??sl??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?>9?-6@???9???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-23 15:33:28 ComboFix-quarantined-files.txt 2008-04-23 19:32:53 Pre-Run: 41,142,935,552 tavua vapaana Post-Run: 41,673,252,864 tavua vapaana 168 --- E O F --- 2008-04-15 20:17:25 combofix log
SDFix: Version 1.173 Run by amd64 on 23.04.2008 at 15:53 Microsoft Windows XP [versio 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 16:12:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a631f55] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:4a7dd3b9 "s2"=dword:8eece70a "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:86,9f,6d,62,bc,48,3c,d9,73,80,5f,d5,c1,3b,8e,59,99,11,4f,50,c2,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b8,71,73,13,f9,b7,da,fd,b0,c7,bd,bc,fc,56,9a,4d,9e,.. "khjeh"=hex:38,77,c6,cd,b8,9e,c8,d3,53,33,32,2d,5a,d8,00,d5,85,01,c5,69,28,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:e6,8f,39,37,7e,17,c9,df,72,0c,8d,9b,97,37,32,e0,1c,2e,08,25,2e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f5,1f,ba,13,02,ce,19,83,43,cd,81,b9,42,05,ab,70,99,b7,d8,1d,e9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:4c,05,4a,b3,f9,21,ef,c3,8d,26,c9,56,99,10,2a,7a,73,88,10,c2,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:4c,05,4a,b3,f9,21,ef,c3,8d,26,c9,56,99,10,2a,7a,73,88,10,c2,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a631f55] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:86,9f,6d,62,bc,48,3c,d9,73,80,5f,d5,c1,3b,8e,59,99,11,4f,50,c2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b8,71,73,13,f9,b7,da,fd,b0,c7,bd,bc,fc,56,9a,4d,9e,.. "khjeh"=hex:38,77,c6,cd,b8,9e,c8,d3,53,33,32,2d,5a,d8,00,d5,85,01,c5,69,28,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:e6,8f,39,37,7e,17,c9,df,72,0c,8d,9b,97,37,32,e0,1c,2e,08,25,2e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f5,1f,ba,13,02,ce,19,83,43,cd,81,b9,42,05,ab,70,99,b7,d8,1d,e9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:4c,05,4a,b3,f9,21,ef,c3,8d,26,c9,56,99,10,2a,7a,73,88,10,c2,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:4c,05,4a,b3,f9,21,ef,c3,8d,26,c9,56,99,10,2a,7a,73,88,10,c2,63,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 86 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Documents and Settings\\amd64\\Omat tiedostot\\Ohjelmia\\mIRC\\mirc.exe"="C:\\Documents and Settings\\amd64\\Omat tiedostot\\Ohjelmia\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Steam\\steamapps\\sandye\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\sandye\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Et„tuki - Windows Messenger ja „„niyhteys" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED3.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED3.exe:*:Enabled:ETDED3" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET2.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET2.exe:*:Enabled:ET2" "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*isabled:Yahoo! All-Seeing Eye" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 17 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 24 Jul 2006 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak" Wed 4 Apr 2001 28,738 A..H. --- "C:\System Volume Information\_restore{E107D00D-1241-4CB1-874D-0A90ED4BE3B1}\RP426\A0178156.DLL" Wed 4 Apr 2001 28,738 A..H. --- "C:\System Volume Information\_restore{E107D00D-1241-4CB1-874D-0A90ED4BE3B1}\RP430\A0178765.DLL" Tue 3 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0fd78ad219f7a5373cb35ffe8ba1b5b1\BIT3.tmp" Thu 9 Aug 2007 823,296 A.SH. --- "C:\Documents and Settings\amd64\Omat tiedostot\Kuvat\Usa vaihtarivuosi 07-08\7.8.2007-11.8.2007\SIV1.tmp" Wed 8 Aug 2007 516,096 A.SH. --- "C:\Documents and Settings\amd64\Omat tiedostot\Kuvat\Usa vaihtarivuosi 07-08\8.8.2007 Grosse Pointe Farms\SIV1.tmp" Finished! siinä on report.txt loki.. sit Logfile of HijackThis v1.99.1 Scan saved at 16:24:44, on 23.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\notepad.exe C:\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe C:\Launch Manager\OSD.exe C:\Norman\Nvc\bin\cclaw.exe C:\Launch Manager\OSDCtrl.exe C:\Launch Manager\LaunchAp.exe C:\Launch Manager\HotkeyApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe hijackthis log
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi.
Malwarebytes' Anti-Malware 1.11 Tietokantaversio: 676 Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 136114 Kulunut aika: 3 hour(s), 56 minute(s), 24 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 1 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\{ee3837b1-e5fb-bf02-019c-2be91f821713}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 15:14:57, on 29.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe C:\Launch Manager\OSD.exe C:\Launch Manager\OSDCtrl.exe C:\Norman\Nvc\bin\cclaw.exe C:\Launch Manager\LaunchAp.exe C:\Launch Manager\HotkeyApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: adzgalore - {9d23dc4e-381f-e6e7-e19f-7543431b8c20} - C:\WINDOWS\system32\nsmC.dll O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Poista lisää poista sovelutuksesta J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 9 =========== aja combofix uudelleen ========== Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne.
Logfile of HijackThis v1.99.1 Scan saved at 12:07:03, on 27.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe C:\Launch Manager\OSD.exe C:\Launch Manager\OSDCtrl.exe C:\Launch Manager\LaunchAp.exe C:\Launch Manager\HotkeyApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\winudspm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\amd64\Työpöytä\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newton.norman.com/reg?ident=fs_fi&menulang=fi&code=FSC536 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ISStart.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Documents and Settings\amd64\Omat tiedostot\Ohjelmia\Logitech\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe viruksia?
scannaa hjt:llä merkkaa paina Fix checked O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä työpöydällesi. @echo off sc stop "Viewpoint Manager Service" sc delete "Viewpoint Manager Service" Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia. ========== Poista kansio C:\Program Files\Viewpoint C:\Program Files\Antivirus2008
