Hjt-log.. voisko joku kattoo?

Juu eli voisko joku kattoo tän HJT-login

Logfile of HijackThis v1.99.1
Scan saved at 18:13:53, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WgaTray.exe
d:\program files\a-squared free\a2service.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Super1Karting.exe] C:\DOCUME~1\JT\OMATTI~1\SUPER1~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104356595959
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BFD4F41-EF92-48A5-8086-89336F4D287D}: NameServer = 212.50.131.153 213.139.190.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

1#.nortonin palomuuri poistettu koneelta?
Sinulla ei ole palomuuria koneellasi. Tietokoneesi on avoin hakkereille ja muille lisäongelmille jos aktiivista suojaa ei ole.

Asenna koneellesi YKSI palomuuriohjelma yhdeltä näistä loistavilta tietoturvataloilta NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä. Tämä tarkoittaa että mikä tahansa haittaohjelma koneellasi on vapaa tekemään mitä tahansa internet -yhteydelläsi. Yksinkertaisesti sanottuna, Windows XP sisältää keskivertoa huonomman palomuurin. Tämä palomuuri EI ole mikään korvike omistautuneelle palomuuriratkaisulle. Muista käyttää vain yhtä palomuuria kerrallaan.

#2.Lataa ja asenna 'SuperAntiSpyware Home Edition Free Version' tuolta:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Asenna SUPERAntiSpyware default asetuksilla.
Käynnistä ohjelma työpöydältä.
Jos ohjelma kysy "update definitions" vastaa kysymykseen "yes".
Jos ohjelma ei kysy mitään niin valitse kohta "check updates before scanning".

Ohjelman asetukset:
- Valitse "Preferences -> Scanning Control".
Merkkaa seuraavat "Scanner Options/asetukset":
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Jätä/poista muut kohdat merkkaamatta
Klikkaa Close näppäintä.

Skannaus:
- Main/pää SAS ikkunasta, "Scan for Harmful Software alta valitse Scan your Computer".
Varmista, että vasemmalla, käyttöjärjestelmäsi asema on valittuna (yleensä C:\Fixed Drive) sekä myös kaikki muut asemat jotka näkyvät.
- Oikealla "Complete Scan" kohdan alapuolella valitse "Perform Complete Scan".
- Klikkaa "Next" nappia aloittaaksesi skannaus.
- Kun skannaus on loppunut ohjelma kertoo löydetyistä haittaohjelmista.Klikkaa OK.
- Raksita kaikki löydetyt haittaohjelmat "detected threats", ja klikkaa "Next".
- Ohjelma ilmoittaa "Quarantine and Removal is Complete".
- Paina ok ja klikkaa Finish.
Käynnistä koneesi uudelleen.

superantispywaren loki löytyy tällä tavalla:
1. uudelleen käynnistämisen jälkeen, tupla klikkaa SUPERantispywaren pikakuvaketta työpöydälläsi
2. klikkaa Preferences. klikkaa the Statistics/Logs tab.
3. Scanner Logissa, tupla klikkaa SUPERAntiSpyware Scan Log.
4. loki avautuu
5. valitse kaikki (Ctrl+A), kopioi (Ctrl+C), liitä rivit (Ctrl+V) viesti ketjuusi.

Sulje SUPERantispyware.

#3.
lähetä
uusi hjt-loki
superantispywaren loki

 

Eli siis pitääkö toi windowwsin palomuuri laittaa pois kun asentaa ja laittaa ton ZoneAlarmin toimintaan?

 

lataa se ZoneAlarm koneelle ja poista netti piuha koneesta ja asenna zonealarm. laita piuha takas koneelle jotta zonealarm saa päivitettyy ittensä ja ota windowsin oma palomuuri pois käytöstä.

sitten nuo loput

 

Joo no mää asensin sen jo mutta mulla ei ollu toi nettipiuha pois.. Haittaako se? Ja windowsin palomuuri meni itestään pois

 

ei haittaa. tee vaan nuo loput

 

Juu nyt alko scannaamaan. Kestääköhän siinä kovin kauaa kun molemmat asemat scannaa?

Niin ja tuo ZoneAlarm kysyy aina että päästääkkö nettiin tällasta:
LuComServer_3_0.EXE
Onko mitään tietoa mikä tuo mahtaa olla? Ja mitä se tekee?

 

Se on niitä nortonin jäämii, jonka jo olit poistatut koneelta .Siell on muutama nortonin palvelu viell jäljellä. Ei tartte päästää nettii poistetaan ne palvelut myöhemmin.

kestää noin tunnin verran 250gb levylle tehtynä

 

Juu tunti menny ja viel scannaa C asemaa.. Löytäny muutaman trojan jutun ja pari adwaree ja browser hijackerin. Kun on noita Detected Items :ejä varmaan jotai 200, niin ku ne poistaa vissii siin lopus ni voiko kone mennä ihan sekasi ja ei toimi enää?

 

tossa Detected Items on mukana paljon cookieita, joten ei hätää. plus ne tojan hepat yms. yleensä enimmäkkseen cookieitä

niin ja tohon zonealarmiin löytty asetuksiin ohjeet
tuolta

 

Juu vihdoin sain scannattua ja ilmeisesti poistettua ne tiedostot.

Tässä SUPERAntiSpyware Logi:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2007 at 01:48 AM

Application Version : 3.9.1008

Core Rules Database Version : 3332
Trace Rules Database Version: 1333

Scan type : Complete Scan
Total Scan Time : 01:46:52

Memory items scanned : 456
Memory threats detected : 0
Registry items scanned : 6145
Registry threats detected : 188
File items scanned : 78378
File threats detected : 64

Adware.IST/YourSiteBar
HKU\S-1-5-21-1004336348-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

Adware.Tracking Cookie
C:\Documents and Settings\JT\Cookies\jt@track.adform[2].txt
C:\Documents and Settings\JT\Cookies\jt@bs.serving-sys[2].txt
C:\Documents and Settings\JT\Cookies\jt@msnportal.112.2o7[1].txt
C:\Documents and Settings\JT\Cookies\jt@adlegend[1].txt
C:\Documents and Settings\JT\Cookies\jt@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\JT\Cookies\jt@statse.webtrendslive[2].txt
C:\Documents and Settings\JT\Cookies\jt@questionmarket[2].txt
C:\Documents and Settings\JT\Cookies\jt@mediaplex[1].txt
C:\Documents and Settings\JT\Cookies\jt@ad.yieldmanager[2].txt
C:\Documents and Settings\JT\Cookies\jt@doubleclick[1].txt
C:\Documents and Settings\JT\Cookies\jt@serving-sys[1].txt
C:\Documents and Settings\JT\Cookies\jt@fastclick[2].txt
C:\Documents and Settings\JT\Cookies\jt@atdmt[2].txt
C:\Documents and Settings\JT\Cookies\jt@advertising[1].txt
C:\Documents and Settings\JT\Cookies\jt@adopt.euroclick[1].txt
C:\Documents and Settings\JT\Cookies\jt@ad.adtoma[2].txt
C:\Documents and Settings\JT\Cookies\jt@cgi-bin[1].txt
C:\Documents and Settings\JT\Cookies\jt@hitbox[2].txt
C:\Documents and Settings\JT\Cookies\jt@ads.pointroll[2].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@ads.habbogroup[1].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@atdmt[1].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@indexstats[2].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@stat.www[1].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@surfaccuracy[2].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@track.adform[2].txt
C:\Documents and Settings\jenni ja äiti\Cookies\jenni ja äiti@winantivirus[2].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO

Trojan.Security Toolbar
C:\Documents and Settings\JT\Suosikit\Antivirus Test Online.url

Malware.SpywareQuake
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0\win32
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\FLAGS
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\HELPDIR
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid32
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib#Version
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid32
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib#Version
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid32
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib#Version
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid32
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib#Version
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid32
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib#Version
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid32
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib#Version
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid32
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib#Version
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid32
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib#Version
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid32
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib#Version
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid32
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib#Version
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid32
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib#Version
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid32
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib#Version
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib#Version
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid32
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib#Version
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid32
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib#Version
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid32
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib#Version
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\bjTrhLumkLmG
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\fwlQzhQyVkm
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\jkoazlabcfUbb
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\kJuJUdccjimsA
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\pyElrtzzkGmv
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\qZDd
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\TdeacDqgopsz

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1004336348-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.Media-Codec
HKCR\650ef38e.axb8
HKCR\650ef38e.axb8\CLSID
HKCR\650ef38f.ds45
HKCR\650ef38f.ds45\CLSID
HKCR\6fa10094.vcsd
HKCR\6fa10094.vcsd\CLSID
HKCR\767960fa.ccas
HKCR\767960fa.ccas\CLSID
HKCR\767960fb.2345
HKCR\767960fb.2345\CLSID
HKCR\7fe62cc2.bctp
HKCR\7fe62cc2.bctp\CLSID
HKCR\877faba2.2dfh
HKCR\877faba2.2dfh\CLSID
HKCR\8dcb614a.afbs
HKCR\8dcb614a.afbs\CLSID
HKCR\94ad4b18.3hpo
HKCR\94ad4b18.3hpo\CLSID
HKCR\BprintingHost.Serv
HKCR\BprintingHost.Serv\CLSID
HKCR\BprintingHost.Serv\CLSID\{38ca2fcd-7d7e-11db-96a0-00e08161165f}
HKCR\c5621605.dhcp
HKCR\c5621605.dhcp\CLSID
HKCR\Svshost1.dhcp
HKCR\Svshost1.dhcp\CLSID
HKCR\Svshost10.3hpo
HKCR\Svshost10.3hpo\CLSID
HKCR\Svshost11.cs35
HKCR\Svshost11.cs35\CLSID
HKCR\Svshost12.varh
HKCR\Svshost12.varh\CLSID
HKCR\Svshost13.fpol
HKCR\Svshost13.fpol\CLSID
HKCR\Svshost14.knbs
HKCR\Svshost14.knbs\CLSID
HKCR\Svshost15.kbns
HKCR\Svshost15.kbns\CLSID
HKCR\Svshost2.axb8
HKCR\Svshost2.axb8\CLSID
HKCR\Svshost3.ds45
HKCR\Svshost3.ds45\CLSID
HKCR\Svshost4.vcsd
HKCR\Svshost4.vcsd\CLSID
HKCR\Svshost5.ccas
HKCR\Svshost5.ccas\CLSID
HKCR\Svshost6.2345
HKCR\Svshost6.2345\CLSID
HKCR\Svshost7.bctp
HKCR\Svshost7.bctp\CLSID
HKCR\Svshost8.2dfh
HKCR\Svshost8.2dfh\CLSID
HKCR\Svshost9.afbs
HKCR\Svshost9.afbs\CLSID

Trojan.ErrorSafe
HKCR\ESSPChck.ESSPChck
HKCR\ESSPChck.ESSPChck\CLSID
HKCR\ESSPChck.ESSPChck\CurVer
HKCR\ESSPChck.ESSPChck.1
HKCR\ESSPChck.ESSPChck.1\CLSID
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32#ThreadingModel
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\ProgID
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Programmable
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\TypeLib
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\VersionIndependentProgID
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0\win32
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\FLAGS
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\HELPDIR

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\JENNI JA äITI\SUOSIKIT\ANTIVIRUS TEST ONLINE.URL

Trace.Known Threat Sources
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\spacer[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\top_pic_new[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\ico4[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\top1_menu[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\index[2].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\ico3[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\checksoft[2].js
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\index[1].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\button2[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\errorsafe_banner[1].swf
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\ico2[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\top1[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\download2[1].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\logo[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\ico1[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\index[3].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\download2[2].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\index[1].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\ico1[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\text[3].dat
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\index[1].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\checksoft[1].js
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\index[4].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\text[2].dat
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\GT67S1UZ\ico5[2].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\wav_banner[1].swf
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\ico4[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\logo[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\bar[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\KHI3K1IV\ico3[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\top_pic2[1].gif
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\S5E3C5EV\WinAntiVirusPro2006FreeInstall[1].exe
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\functions.js[2].htm
C:\Documents and Settings\jenni ja äiti\Local Settings\Temporary Internet Files\Content.IE5\SPMVWHUN\ico2[1].gif




Ja tässä uus Hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:17, on 28.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
d:\program files\a-squared free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
D:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Super1Karting.exe] C:\DOCUME~1\JT\OMATTI~1\SUPER1~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104356595959
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BFD4F41-EF92-48A5-8086-89336F4D287D}: NameServer = 212.50.131.153 213.139.190.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

tee tuo
tuo
siellä step 3
lähetä uusi hjt-loki

 

Tässä tää uus Hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 2:25:48, on 28.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
d:\program files\a-squared free\a2service.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Super1Karting.exe] C:\DOCUME~1\JT\OMATTI~1\SUPER1~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104356595959
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BFD4F41-EF92-48A5-8086-89336F4D287D}: NameServer = 212.50.131.153 213.139.190.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Näyttääkö nyt puhtaalta ja onko kaikki nyt ok?'
Niin ja onko normaalia kun asensin ZoneAlarmin niin kun tota konetta käynnistää ja valitsee oman tunnuksen, niin siinä lukee kauan se "ladataan henkilökohtaisia asetuksia". Kun se on pois niin tulee työpöydän taustakuva pelkästään näkyviin ja vähän ajan kuluttua pomppaa Windowsin Käynnistä hommelit ja kellot tonne alas ja kuvakkeet tulee työpöydälle.

 

loki on ok.

sammuta ja käynistä uudestaan kone. JA kerro onko viell noit ongelmii

 

Enäänpä ei tehnyt sitä
Suositteletko tekemään mitään scannauksia esim kuukauden välein, ja kannattaako pitää toi superantispyware koneella vielä?

 

toi superantispyware on yllättävän hyvä. ite jätin sen koneelle.
mut sen aina sen saa takas vaikka poistaakin.

skannauksista sen verran että ite vedän aina silloin tällöin tuon


Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

tosin se ei mitään poista. mutta listaa örkit hyvin. Oikeastaan voisit sen viellä ajaa

 

Pitääkö toi linkki avata Internet Explorerilla, kun ei Mozillalla ala oikeen toimiin?

 

joo pitää. nyt nukkuu ainaskin mä

 

Okei pitää sitä tässä kohta munki mennä Kiitos nyt HIRVEESTI ku oot jaksanu valvoo ja auttanu mua näis viirusten ja niitte poistois ja oot jaksanu kattoo ne logit ja ne! KIITOS KIITOS!