HJT-loki/regedit ongelma

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Wando, Apr 14, 2007.

  1. Wando

    Wando Member

    Joined:
    May 2, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Eli vaiva on seuraavanlainen. Netti toimii "heikosti" - IRC pysyy hyvin verkossa 24/7, mutta esim. torrentit eivät toimi ja nettiä ei voi selata, kun ~3h viimeisestä rebuutista, jonka jälkeen saa päivittää 3-10 kertaa, että selain lataa sivun (Firefox/IE) ja yleensä sivuilla on paljon virheitä (esim. kuvat eivät lataudu). Ei oikeen mahdu päähän mistä tälläinen voi johtua. Norton tai Ad-Aware ei löytänyt mitään roskaa. Spybot löysi seuraavat tiedostot, jotka yritin tuloksetta vikasietotilassa poistaa:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Enum

    Tässä vielä HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:15:54, on 14.4.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    T:\mIRC\mirc.exe
    T:\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
    T:\uTorrent\utorrent.exe
    T:\hij\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Steam] "t:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Read By Natural Voice Reader - E:\Juhon\Kamaa\Puhuja\read.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - E:\Juhon\Kamaa\Puhuja\read.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} (AtlBoxWordCtlAttrib Class) - http://kraisoft.com/files/online/aquacade.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163418678006
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: App Management - C:\WINDOWS\
    O20 - Winlogon Notify: Applets - C:\WINDOWS\
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Jos joku osaisi auttaa niin se olisi hyvin arvostettua :]
     
    Wando, Apr 14, 2007
    #1
  2. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26

    Moi!

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Etzo, Apr 14, 2007
    #2
  3. Wando

    Wando Member

    Joined:
    May 2, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Tässä ComboFixin loki:

    "H„nninen" - 07-04-14 20:47:22 Service Pack 2
    ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\H„nninen\Ty”p”yt„"


    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{9e2a91c2-68e4-4b29-b709-55e1d9113286}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{1dda2db7-cf92-49f5-92a1-7c1dc2c1a9b9}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{4248ce29-4d70-4a47-a590-7ee9ae454ff5}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{e6dae848-f2d0-4684-8bf8-b779f6b325b7}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{759f39a0-0088-42e0-b706-4a32903c39c6}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{dbf7eb37-7dae-4f0f-9644-c35f0bc136a2}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{a1ed185b-bc5b-4225-9f95-3862d877fd42}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{560743be-4c94-4a52-8344-ca629a1a6e53}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{2a2c4ab3-5777-447e-b78c-b3fca1ac2603}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{3b9b1584-e472-4447-a20a-d7cb5c8657e8}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{9abdec88-813f-480f-bf41-80340cd31b2f}]

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    Granting SeDebugPrivilege to Järjestelmänvalvojat ... successful


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\keyboard1.dat
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxccwrd.dll
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxcknwrd.dll
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxcuknwrd.dll
    C:\DOCUME~1\MAKE\APPLIC~1\Dxcknwrd.dll
    C:\WINDOWS\system32\vbzip11.dll
    C:\Program Files\Common Files\{F47CE~1
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\CROSOF~1.NET
    C:\qoobox\purity\Program Files\Common Files\FNTS~1
    C:\qoobox\purity\Program Files\Common Files\FNTS~1\F?nts


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\cmdService
     
    Wando, Apr 14, 2007
    #3
  4. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    Koko loki?
     
    Etzo, Apr 14, 2007
    #4
  5. Wando

    Wando Member

    Joined:
    May 2, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Ei ilmeisesti :E Mistähän syystä se ei kokonaan avautunut äsken..
    Kokeilin niin Spybot ei tuota enää ainakaan löytänyt :)

    "H„nninen" - 07-04-14 20:47:22 Service Pack 2
    ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\H„nninen\Ty”p”yt„"


    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{9e2a91c2-68e4-4b29-b709-55e1d9113286}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{1dda2db7-cf92-49f5-92a1-7c1dc2c1a9b9}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{4248ce29-4d70-4a47-a590-7ee9ae454ff5}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{e6dae848-f2d0-4684-8bf8-b779f6b325b7}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{759f39a0-0088-42e0-b706-4a32903c39c6}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{dbf7eb37-7dae-4f0f-9644-c35f0bc136a2}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{a1ed185b-bc5b-4225-9f95-3862d877fd42}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{560743be-4c94-4a52-8344-ca629a1a6e53}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{2a2c4ab3-5777-447e-b78c-b3fca1ac2603}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{3b9b1584-e472-4447-a20a-d7cb5c8657e8}]Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{9abdec88-813f-480f-bf41-80340cd31b2f}]

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    Granting SeDebugPrivilege to Järjestelmänvalvojat ... successful


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\keyboard1.dat
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxccwrd.dll
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxcknwrd.dll
    C:\DOCUME~1\HNNINE~1\APPLIC~1\Dxcuknwrd.dll
    C:\DOCUME~1\MAKE\APPLIC~1\Dxcknwrd.dll
    C:\WINDOWS\system32\vbzip11.dll
    C:\Program Files\Common Files\{F47CE~1
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\CROSOF~1.NET
    C:\qoobox\purity\Program Files\Common Files\FNTS~1
    C:\qoobox\purity\Program Files\Common Files\FNTS~1\F?nts


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\cmdService
    -------\nm
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_NETWORK_MONITOR


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))


    2007-04-08 14:55 <KANSIO> d-------- C:\Program Files\XP Codec Pack
    2007-04-07 18:35 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-04-07 18:11 <KANSIO> d-------- C:\!KillBox
    2007-03-27 04:39 20,480 --a------ C:\WINDOWS\system32\ac3config.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-07 18:54 -------- d-------- C:\Program Files\msn messenger
    2007-04-07 18:54 -------- d-------- C:\Program Files\msn messenger
    2007-03-26 14:38 83602 --a------ C:\WINDOWS\system32\perfc00b.dat
    2007-03-26 14:38 410770 --a------ C:\WINDOWS\system32\perfh00b.dat
    2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 18:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 18:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-26 02:22 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2007-02-26 02:22 114688 --a------ C:\WINDOWS\system32\openal32.dll
    2007-02-26 02:22 -------- d-------- C:\Program Files\openal
    2007-02-26 02:22 -------- d-------- C:\Program Files\openal
    2007-02-20 15:43 -------- d-------- C:\Program Files\megauploadtoolbar
    2007-02-20 15:43 -------- d-------- C:\Program Files\megauploadtoolbar
    2007-02-16 00:00 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
    2007-02-05 23:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-01-31 18:18 29247 --a------ C:\WINDOWS\hpoins03.dat
    2007-01-31 15:26 36324848 --a------ C:\7-1_xp_dd_ccc_wdm_enu_40211.exe
    2007-01-22 18:30 13988 --a------ C:\WINDOWS\mozver.dat
    2007-01-21 20:53 4 --a------ C:\WINDOWS\system32\proc625010911.bin


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "Steam"="\"t:\\steam\\steam.exe\" -silent"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\Win2K\\BSCLIP.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddef2374-06d7-11d9-a1c9-000c764123d3}]
    Shell\AutoRun\command I:\Autorun.exe



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20060502-202047-839
    O20 - Winlogon Notify: winrtf32 - winrtf32.dll (file missing)
    backup-20060502-200846-989
    O20 - Winlogon Notify: winrtf32 - C:\WINDOWS\SYSTEM32\winrtf32.dll
    backup-20060502-181325-542
    O20 - Winlogon Notify: winrtf32 - C:\WINDOWS\SYSTEM32\winrtf32.dll
    backup-20060502-181325-117
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
    backup-20060502-181325-420
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.asvxmeekzvonpy.com/aYNRWiIy9BOPVbQh0EpNYTQ2ekGHO4328gaf1aL9iPAVz4SB9Y/Z6bKRSECD6KUK.htm
    backup-20060502-181325-338
    R3 - URLSearchHook: (no name) - {EAAAEC06-7B91-7F32-B72C-2817226B76E3} - C:\WINDOWS\system32\esgvc.dll (file missing)

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1073325267.job
    C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1165504992.job
    C:\WINDOWS\tasks\Norton AntiVirus - Tarkista tietokone - H„nninen.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-14 20:55:40
    C:\ComboFix-quarantined-files.txt ... 07-04-14 20:55
     
    Wando, Apr 14, 2007
    #5
  6. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    Hyvä hyvä. Jatketaan ...

    Suosittelen poistamaan tuon Viewpoint Managerin, koska se on lievä haittaohjelma

    ==============================

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    *Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    *Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    *Käynnistä AVG Anti-Spyware.
    *Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    • *Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

      *Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
      * JOS AVG ei lataa päivityksiä, niin saat ne manuaalisesti täältä
      *Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
      *Sitten "Reports" valikon alta:

      • *Laita täppi kohtaan "Automatically generate report after every scan"
        *Ota täppi pois kohdasta"Only if threats were found"

        *Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
        *"Resident shield is", muuta tila active:sta inactive:ksi
        *Sulje ohjelma, ÄLÄ skannaa vielä.


        ==============================

        Käynnistä HijackThis, klikkaa do a system scan only.
        Sulje kaikki muut ikkunat, merkkaa nämä rivit ja paina Fix checked : (jos löytyvät)

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O20 - Winlogon Notify: App Management - C:\WINDOWS\
        O20 - Winlogon Notify: Applets - C:\WINDOWS\
        O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\


        ==============================

        Lataa Atribunen ATF Cleaner

        Ohjeet;

        Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
        Klikkaa Empty Selected valintaa.

        Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
        Klikkaa Empty Selected valintaa.
        HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

        Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
        Klikkaa Empty Selected valintaa taas.
        HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

        Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
        Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

        ==============================

        Käynnistä kone vikasietotilaan -> Ohje!
        ==============================
        HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
        *Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
        *Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
        *AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

        Kun skannaus on valmis:
        TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
        *Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
        *Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
        [​IMG]
        *Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
        *Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
        *Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestiketjuusi.


        Lähetä uusi HJT ja AVG raportti seuraavaan viestiisi.
     
    Etzo, Apr 14, 2007
    #6
  7. Wando

    Wando Member

    Joined:
    May 2, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:38:41 15.4.2007

    + Scan result:



    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
    T:\EA GAMES\Battlefield 1942\uninst.exe -> Downloader.QQHelper.ce : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\Hänninen\Application Data\Mozilla\Firefox\Profiles\o09xja9m.Wando\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.35:C:\Documents and Settings\Hänninen\Application Data\Mozilla\Firefox\Profiles\o09xja9m.Wando\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.6:C:\Documents and Settings\Hänninen\Application Data\Mozilla\Firefox\Profiles\o09xja9m.Wando\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.17:C:\Documents and Settings\Hänninen\Application Data\Mozilla\Firefox\Profiles\o09xja9m.Wando\cookies-1.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.32:C:\Documents and Settings\MAKE\Application Data\Mozilla\Firefox\Profiles\jtdprv9m.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.33:C:\Documents and Settings\MAKE\Application Data\Mozilla\Firefox\Profiles\jtdprv9m.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.7:C:\Documents and Settings\Hänninen\Application Data\Mozilla\Firefox\Profiles\o09xja9m.Wando\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.


    ::Report end



    Logfile of HijackThis v1.99.1
    Scan saved at 8:44:51, on 15.4.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\ctfmon.exe
    T:\steam\steam.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\HPZipm12.exe
    T:\mIRC\mirc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    T:\hij\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "T:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Steam] "t:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Read By Natural Voice Reader - E:\Juhon\Kamaa\Puhuja\read.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - E:\Juhon\Kamaa\Puhuja\read.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} (AtlBoxWordCtlAttrib Class) - http://kraisoft.com/files/online/aquacade.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163418678006
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - T:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    Wando, Apr 14, 2007
    #7
  8. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    Joo lokis näyttää puhtaalta.

    Nyt kun olet puhdas, seuraavaksi pari vinkkiä kuinka pienennetään saastumisriskiä. Kaikista on saatavilla joko suomenkielinen versio sekä/tai suomenkielinen opas.

    -> Taistele vastaan!!-> Malware Complaints
    Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!

    -> Tyhjennä järjestelmänpalautus -> Ohjeet
    Tyhejnnä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

    -> Käytä CCleaneria -> CCleaner
    Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

    -> Käytä Ad-Awarea -> Ad-Aware
    Lataa ja asenna Ad-Aware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Käytä AVG Anti-Spywarea -> AVG Anti-Spyware
    Lataa ja asenna AVG Anti-Spyware. Päivitä se ja skannaa konettasi sillä säännöllisesti
    Opas saatavilla suomeksi! (Ewido ulkoasulla) Nimimerkki Axelin opas

    -> Asenna SpywareBlaster -> SpywareBlaster
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Asenna MVPS Hosts tiedosto -> MVPS Hosts
    Estää koneesi yhteyden haitallisiin sivustoihin.
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    -> Vaihda selaimesi Firefoxiin -> Firefox
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

    -> Pidä järjestelmäsi ajantasalla. -> Windows Update
    Vieraile Windows Updatessa säännöllisesti.

    -> Pidä palomuuri ja virustorjunta ajantasalla
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

    Pysy puhtaana ;)
     
    Etzo, Apr 15, 2007
    #8
  9. Hujo

    Hujo Guest

    Etzo
    noikin kylmästi pois koneelta.

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

    alexa poweria ;)
     
    Last edited by a moderator: Apr 15, 2007
    Hujo, Apr 15, 2007
    #9
  10. Wando

    Wando Member

    Joined:
    May 2, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Kiitos todella, todella paljon \o/ Ilmeisesti tuo nettiongelma johtuu jostain muusta.. Noh, oma tyhmyyttäni Soneran netti on.

    Kiito viä kertaalleen :]
     
    Wando, Apr 15, 2007
    #10

Share This Page