HiJackThis Logi

Ratazz · Feb 24, 2006

Logfile of HijackThis v1.99.1
Scan saved at 12:25:15, on 23.2.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\MediaLife\MediaLifeService.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program files\Motherboard Monitor 5\MBM5.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
G:\Program files\Samurize\Client.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program files\MasterPlan\proSucker\proSucker2.exe
G:\Program files\Zoom Player\zplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCMService] "D:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "G:\Program files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Win32m.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Iconoid] "G:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - Startup: Client Default.lnk = G:\Program files\Samurize\Client.exe
O4 - Startup: Stardock ObjectDock.lnk = G:\Program files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Watch.lnk = D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123163838890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - G:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Btsldrvdpw - Unknown owner - (no file)
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Kiitoksia etukäteen.

spuge9 · Feb 24, 2006

Do a sytem scan and save a log file

Poista lisää/poista sovelluksia kautta ( ohjauspaneeli )

WhenUSave

ruksi ja fix checked --->

O4 - HKCU\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"

Poista tämä jos löydät:

C:\Program Files\Save\ < kansio

lataa ewido http://keskustelu.afterdawn.com/thread_view.cfm/269186

tallenna raportti ja lähetä tänne

aaxxeell · Feb 24, 2006

@spuge9

Koulutushan odottaa sinua. En ole saanut sinult vielä suoritus merkintöjä! Eli hopi hopi sinne nyt... Me emme fixaa rivejä ilman koulutusta!

Nimesi ei lisäksi ole täällä vielä: http://keskustelu.afterdawn.com/thread_view.cfm/292129

Ja mikäli luulet olevasi pätevä tähän jo niin miksi teet tämän vaikeimman kautta, eli venytät näitä ketjuja kun laitat yhden rivin kerrallaan postaukseen? Mikset samalla laittanut esim: O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe... näitä on muitakin vielä siel...
Näitä tulisi hoitaa yhdellä viestillä lähes koko fixi.
Joten nyt spuge9 kouluun ja sitten kun olet valmistunut niin seuraavan kerran tänne vasta.

@Ratazz

Hoidamme pikapuolin lokia...

Ratazz · Feb 28, 2006

Päivitetty HJT logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:17:26, on 28.2.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Logitech\MediaLife\MediaLifeService.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program files\Motherboard Monitor 5\MBM5.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Winamp\winampa.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program files\Samurize\Client.exe
G:\Program files\Stardock\ObjectDock\ObjectDock.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://laajakaista.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCMService] "D:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "G:\Program files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Win32m.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Iconoid] "G:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Client Default.lnk = G:\Program files\Samurize\Client.exe
O4 - Startup: Stardock ObjectDock.lnk = G:\Program files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Watch.lnk = D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123163838890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - G:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Btsldrvdpw - Unknown owner - (no file)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

blade81 · Mar 1, 2006

Fixaa hjt:llä vielä tämä:
O23 - Service: Btsldrvdpw - Unknown owner - (no file)

@aaxxeell
Eipä tuolla luotettavissa tarkastajissa ole vielä meikäläisenkään nimeä.

aaxxeell · Mar 3, 2006

@Ratazz

Taisit ajaa ewidon mutta säilytitkö raportin? Sieltä voisi olla vielä jotain jos laitat alle mikäli mahdollista...
Olet myös poistanut Nortonin? Se on kuitenkin vielä jäänyt taustalle mikä ei ole yllätys.

Tee blade81 ohjeen lisäksi...

Avaa HJT -> do a system scan only -> merkkaa

O4 - HKCU\..\Run: [Sygate Personal Firewall] Win32m.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Paina fix cheked!

-> Klikkaa "Configure" valintaa oikealla alhaalla
Klikkaa "Misc Tools"
Klikkaa "Delete an NT service"
Kopioi ja liitä tämä sisään: Symantec Network Drivers Service
Klikkaa ok!

Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944

ja käynnistä kone vikasietotilaan!
(F8 käynnistyksen yhteydessä naputellaan ja valitaan vikasietotila)

Hae Etsi toiminnolla tiedostoa: Win32m.exe
Poista se mikäli löydät!

Poista samalla kansio: D:\Program Files\Common Files\==>Symantec Shared<==

Palaa normaalitilaan ja laita uusi päivitetty HijackThis loki!

Ratazz · Mar 3, 2006

Norton on tullut tosiaan poistettua.

Tässäpä tuo ewido raportti: http://koti.mbnet.fi/jbx/Scan_report_20060224.txt

Pakko oli laittaa tuo tuonne kun tuli sen verran pitkä että ei olisi tähän mahtunut.

Poistin nuo mitä olit laittanut mutta tuota Symantec Network Drivers Service ei löytynyt, vaan valitti vastaavaa "Symantec Network Drivers Service was not foud in the registry. Make sure you entered the short name of the service., vbExclamation."
Sellainen kysymys että kun laitoin että näytä piilotiedostot, niin työpöydälle ilmestyi tiedosto nimeltä Thumbs. Voiko sen poistaa?

Tässä tämä uusi HiJackThis loki:

Logfile of HijackThis v1.99.1
Scan saved at 19:27:29, on 3.3.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program files\Motherboard Monitor 5\MBM5.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Winamp\winampa.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
G:\Program files\Samurize\Client.exe
G:\Program files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://laajakaista.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCMService] "D:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "G:\Program files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Iconoid] "G:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Client Default.lnk = G:\Program files\Samurize\Client.exe
O4 - Startup: Stardock ObjectDock.lnk = G:\Program files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Watch.lnk = D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123163838890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - G:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Btsldrvdpw - Unknown owner - (no file)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

aaxxeell · Mar 3, 2006

Vaikka saattaisi Thumbs olla turha niin suosittelen piilottamaan tiedostot taas kun teet päinvastoin sen ohjeen. Niin ei häiritse ne...

Taisin rikkoa omanäkemäni ennätyksen ewidon löydöissä.
Tosin evästeillä mutta se kertoo siittä että liikut väärillä sivuilla jotka keräävät sinusta tietoja.

Tehdään seuraavaksi näin:

Käynnistä -> Suorita -> services.smc -> ok
Etsi listalta:
Symantec Network Drivers Service
Btsldrvdpw
Tuplaklikkaa niitä ja laita käynnistymistavaksi: Ei käytössä.

Hae HOSTS tiedosto joka estää haitalliset tiedostot:
Lataa: http://mvps.org/winhelp2002/hosts.zip
Tallenna & Pura hakemistoon -> Klikkaa MVPS.bat
Salli muutokset mikäli jokin ohjelma kysyy.

Ellei onnistu niin ota HOSTS tiedosto ja kopio/vie se hakemistoon:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Tallenna edellisen päälle kun windows kysyy.
Tärkeintä että tuo tiedosto löyty sieltä joka näin ollen estää vaaralliset sivut.

Puhdista tässä välissä kone turhilta tiedostoilta!
Easycleaner, Ccleaner tai vastaava toivottavasti löytyy koneelta.
Puhdistaminen onnistuu kuitenkin vaikkapa selaimestakin.

Tehdään sitten vielä varmistuspuhdistus:
Hae eScan: http://koti.mbnet.fi/pattaya1/escanmwav.htm
Tee ohjeiden mukaan ja laita alalaatikon tulokset tänne.

blade81 · Mar 3, 2006

@Ratazz

Hyvä, ettet postannut Ewido-lokiasi tänne. Noin paljon tartuntoja en ole koskaan aiemmin nähnyt ja kuitenkin spywaren & virusten poiston kans olen tavalla tai toisella ollut tekemisissä jo useamman vuoden. Aaxxeellin ohjeistama hosts-tiedoston käyttö on todellakin suositeltavaa. Itse käytän kans eikä oo mainokset pomppinu.

Ratazz · Mar 4, 2006

Tuommoista sylki:

File D:\WINDOWS\System32\o infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: File Deleted.
File C:\winupd.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\cmdo.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODERSHUV\mymt[1].htm infected by "Trojan-Clicker.JS.Linker.j" Virus. Action Taken: File Deleted.
File D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODERSHUV\mymt[2].htm infected by "Trojan-Clicker.JS.Linker.j" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\003552EF.class infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\007E4010 infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0AF81022 infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11816E4D infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\155011B6 infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16235619 tagged as not-a-virus:RiskTool.Win32.HideRun. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16C4441D infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FB21249 infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FB53C46 infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FDF5E17 infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FE30813 infected by "Trojan-Downloader.Win32.Dyfuca.da" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\220F57F6 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26D40546 infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\393E7C5B infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A7A0304 tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3E5E42C8.exe infected by "Backdoor.Win32.Rbot.cg" Virus. Action Taken: File Renamed.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B345EB0 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B3708AC infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4F10026B infected by "Trojan-Downloader.Win32.Swizzor.cg" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4F164553 tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4F196F4F tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4F1C194C tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\51916C70 tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52D9602E infected by "Trojan-Downloader.JS.IstBar.a" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54E1700A.dctmp infected by "P2P-Worm.Win32.Tibick.d" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5560557E.dctmp infected by "P2P-Worm.Win32.Tibick.d" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5A741836 infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BEB3418 infected by "Trojan-Downloader.Win32.Dyfuca.da" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5D0E4B9E.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6454118B infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6D4F3DBC.exe infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6DB4534D.exe infected by "Trojan-Clicker.Win32.VB.de" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6DB57263 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6E7C1947.exe infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\76576E42 infected by "Trojan-Downloader.Win32.Swizzor.cg" Virus. Action Taken: File Deleted.
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7AE23644.class infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP793\A0261988.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bo. No Action Taken.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP800\A0263028.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bv. No Action Taken.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP800\A0263029.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bt. No Action Taken.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP806\A0263648.exe tagged as not-a-virusownloader.Win32.WinFixer.d. No Action Taken.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP817\A0264972.exe infected by "Backdoor.Win32.Rbot.cg" Virus. Action Taken: File Renamed.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP817\A0264973.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP817\A0264974.exe infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP817\A0264975.exe infected by "Trojan-Clicker.Win32.VB.de" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP817\A0264976.exe infected by "Trojan.BAT.Zapchast" Virus. Action Taken: File Deleted.
File G:\Program files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

Kiitoksia kaikista neuvoista.

aaxxeell · Mar 8, 2006

Ole hyvä, vielä viimeistely ohjeet.

File D:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Tyhjennä tämä kansio kokonaan!
File D:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\Tyhjennä tämä kansio kokonaan!

File D:\System Volume Information\_restore{A49C0584-38DA-47DB-A1F7-8EE518044174}\RP793\A0261988.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bo. No Action Taken.
Tuohon on resepti: http://support.f-secure.fi/fin/home/virusproblem/howtoclean/cleansystemrestore.shtml

Päivitä windows ja hae SP2!

Ratazz · Mar 9, 2006

Päivitetty on.

Logfile of HijackThis v1.99.1
Scan saved at 17:59:30, on 9.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\MediaLife\MediaLifeService.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program files\Motherboard Monitor 5\MBM5.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Winamp\winampa.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\Ohjelmia\uptimeclient\client.exe
G:\Program Files\Pulse\Pulse.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
G:\Program files\Samurize\Client.exe
D:\WINDOWS\System32\svchost.exe
G:\Program files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
D:\Program Files\ATITool\ATITool.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://laajakaista.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PCMService] "D:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "G:\Program files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uptime-Project] D:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\Ohjelmia\uptimeclient\client.exe
O4 - HKCU\..\Run: [Pulse] G:\Program Files\Pulse\Pulse.exe -splash
O4 - Startup: Client Default.lnk = G:\Program files\Samurize\Client.exe
O4 - Startup: Pulse.exe
O4 - Startup: Stardock ObjectDock.lnk = G:\Program files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sygate Personal Firewall.lnk = D:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Watch.lnk = D:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123163838890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - G:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Btsldrvdpw - Unknown owner - (no file)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - D:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Laitoin tuon vielä kertaalleen tuohon, jos vaikka olisi päivityksen jälkeen tullut jotain roskaa.

aaxxeell · Mar 9, 2006

Nyt näyttäisi kaikki olevan kohdallaan =)

Log in or Sign up

HiJackThis Logi

Ratazz Member

spuge9 Regular member

aaxxeell Regular member

Ratazz Member

blade81 Active member

aaxxeell Regular member

Ratazz Member

aaxxeell Regular member

blade81 Active member

Ratazz Member

aaxxeell Regular member

Ratazz Member

aaxxeell Regular member

Share This Page

Log in or Sign up

HiJackThis Logi

Ratazz Member

spuge9 Regular member

aaxxeell Regular member

Ratazz Member

blade81 Active member

aaxxeell Regular member

Ratazz Member

aaxxeell Regular member

blade81 Active member

Ratazz Member

aaxxeell Regular member

Ratazz Member

aaxxeell Regular member

Share This Page

Useful Searches